📄 minifiler开发心得 - laoka - 51cto技术博客-领先的it技术博客.htm
字号:
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">被</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>Detached</SPAN></STRONG><STRONG><SPAN
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">时</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>.<o:p></o:p></SPAN></STRONG></DIV>
<DIV class=MsoNormal
style="MARGIN: 0cm 0cm 0pt 18pt; TEXT-INDENT: -18pt; mso-list: l0 level1 lfo3"><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight: Calibri?,?sans-serif?; Calibri;
mso-bidi-font-family: mso-fareast-font-family:><SPAN
style="mso-list: ignore">3.<SPAN Roman?? New
Times>
</SPAN></SPAN></SPAN></STRONG><STRONG><SPAN lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>Minifilter</SPAN></STRONG><STRONG><SPAN
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">自己调用</SPAN></STRONG><STRONG><SPAN
lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: "
Calibri?,?sans-serif??>FltDeleteContex</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>t</SPAN></STRONG><STRONG><SPAN
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">时</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>,</SPAN></STRONG><STRONG><SPAN
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">会发生</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>Detach</SPAN></STRONG><STRONG><SPAN
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">操作</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>.<o:p></o:p></SPAN></STRONG></DIV>
<DIV class=MsoNormal
style="MARGIN: 0cm 0cm 0pt 18pt; TEXT-INDENT: -18pt; mso-list: l0 level1 lfo3"><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight: Calibri?,?sans-serif?; Calibri;
mso-bidi-font-family: mso-fareast-font-family:><SPAN
style="mso-list: ignore">4.<SPAN Roman?? New
Times>
</SPAN></SPAN></SPAN></STRONG><STRONG><SPAN
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">调用</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>FltSetXXXContext</SPAN></STRONG><STRONG><SPAN
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">时若设置</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>FLT_SET_CONTEXT_REPLACE_
IF_EXISTS,</SPAN></STRONG><STRONG><SPAN
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">在这种情况下</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;><o:p></o:p></SPAN></STRONG></DIV>
<DIV class=MsoNormal
style="MARGIN: 12pt 13.35pt 0pt 0cm; TEXT-INDENT: 20pt; mso-pagination: widow-orphan; mso-char-indent-count: 2.0"><FONT
face=Calibri><SPAN lang=EN-US style="FONT-SIZE: 10pt">In this case
the old context is <EM><SPAN
style="FONT-STYLE: normal; FONT-FAMILY: " Calibri?,?sans-serif?;
italic? mso-bidi-font-style:>not</SPAN></EM> dereferenced, which
means it will not go away before the caller has a chance to inspect
it. Therefore, the caller has to perform the
dereference.</SPAN><SPAN lang=EN-US> </SPAN></FONT></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt 18pt"><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;><o:p> </o:p></SPAN></STRONG></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt 18pt"><STRONG><SPAN
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">以上</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>1,2,4</SPAN></STRONG><STRONG><SPAN
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">是引发</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>Detaching</SPAN></STRONG><STRONG><SPAN
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">的最高要原因</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>.</SPAN></STRONG><STRONG><SPAN
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">因此一般不会主动调用</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>FltDeleteXXXContext.<o:p></o:p></SPAN></STRONG></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt 18pt"><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;><o:p> </o:p></SPAN></STRONG></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt 18pt"><STRONG><SPAN
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">对大多数函数来说</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>,</SPAN></STRONG><STRONG><SPAN
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri; mso-bidi-font-weight: bold">若引用一个上下文,一般会下返回之前解引用它</SPAN></STRONG><STRONG><SPAN
lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; FONT-FAMILY: " bold?
mso-bidi-font-weight:
Calibri?,?sans-serif?;>.<o:p></o:p></SPAN></STRONG></DIV>
<H3 style="MARGIN: 12pt 0cm 0pt"><FONT face=Calibri><SPAN lang=EN-US
style="FONT-WEIGHT: normal; FONT-SIZE: 10pt; LINE-HEIGHT: 173%; mso-bidi-font-weight: bold">Instance
Initialization and Teardown</SPAN><SPAN lang=EN-US
style="FONT-WEIGHT: normal; mso-bidi-font-weight: bold"><o:p></o:p></SPAN></FONT></H3>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN
lang=EN-US style="FONT-SIZE: 10pt"><FONT face=宋体>As we have seen,
instance initialization can either happen:</FONT></SPAN></DIV>
<UL style="MARGIN-TOP: 0cm" type=disc>
<LI class=MsoNormal
style="MARGIN: 12pt 14pt 0pt 0cm; mso-list: l2 level1 lfo1; mso-pagination: widow-orphan; tab-stops: list 36.0pt"><FONT
face=Calibri><SPAN lang=EN-US style="FONT-SIZE: 10pt">Explicitly -
via FLTMC, the <STRONG><SPAN style="FONT-FAMILY: "
Calibri?,?sans-serif??>FltAttachVolume</SPAN></STRONG> kernel
function, or the <STRONG><SPAN style="FONT-FAMILY: "
Calibri?,?sans-serif??>FilterAttach</SPAN></STRONG> user mode
function; or</SPAN><SPAN lang=EN-US> </SPAN></FONT>
<LI class=MsoNormal
style="MARGIN: 0cm 14pt 0pt 0cm; mso-list: l2 level1 lfo1; mso-pagination: widow-orphan; tab-stops: list 36.0pt"><FONT
face=Calibri><SPAN lang=EN-US
style="FONT-SIZE: 10pt">Automatically - as a result of a
minifilter being loaded or a volume becoming otherwise
available</SPAN><SPAN lang=EN-US> </SPAN></FONT></LI></UL>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN
lang=EN-US style="FONT-SIZE: 10pt"><FONT face=宋体>Depending on
precisely what triggers the call of <STRONG><SPAN
style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体">InstanceSetupCallback</SPAN></STRONG>,
the process context will vary. This requires you to be careful
before making any assumptions about the context in which your filter
is being called.</FONT></SPAN></DIV>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN
lang=EN-US style="FONT-SIZE: 10pt"><FONT face=宋体>Let's look at two
examples.</FONT></SPAN></DIV>
<OL style="MARGIN-TOP: 0cm" type=1>
<LI class=MsoNormal
style="MARGIN: 0cm 14pt 0pt 0cm; mso-list: l1 level1 lfo2; mso-pagination: widow-orphan; tab-stops: list 36.0pt"><FONT
face=Calibri><SPAN lang=EN-US style="FONT-SIZE: 10pt">FLTMC ATTACH
myfilter C - <STRONG><SPAN style="FONT-FAMILY: "
Calibri?,?sans-serif??>InstanceSetup Callback</SPAN></STRONG> will
be called in the context of the process running fltmc.</SPAN><SPAN
lang=EN-US> </SPAN></FONT>
<LI class=MsoNormal
style="MARGIN: 12pt 14pt 0pt 0cm; mso-list: l1 level1 lfo2; mso-pagination: widow-orphan; tab-stops: list 36.0pt"><FONT
face=Calibri><SPAN lang=EN-US style="FONT-SIZE: 10pt">FLTMC LOAD
myfilter - <STRONG><SPAN style="FONT-FAMILY: "
Calibri?,?sans-serif??>InstanceSetup Callback </SPAN></STRONG>will
be called in the context of the system process.</SPAN><SPAN
lang=EN-US> </SPAN></FONT></LI></OL>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN
lang=EN-US style="FONT-SIZE: 10pt"><FONT face=宋体>This has several
repercussions; many of them are quite subtle. For example, consider
what impact the previous mode may have on probe. Therefore, it is
important to test at least these two variants, along with the
associated detach and teardown
homologs.</FONT></SPAN></DIV></TD></TR></TBODY></TABLE>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US
style="mso-bidi-font-size: 14.0pt"><o:p><FONT face=Calibri
size=3> </FONT></o:p></SPAN></DIV><A class=hidden
href="http://laokaddk.blog.51cto.com/368606/126118">本文出自
51CTO.COM技术博客</A></DIV></TD></TR></TBODY></TABLE></DIV></DIV><BR><BR>
<DIV align=center>上一篇 <A class=operlink title=如何判定一个FileObject是否代表一个PagingFile?
href="http://laokaddk.blog.51cto.com/368606/126052">如何判定一个FileObject是否代表一个PagingFile?</A> 下一篇
<A class=operlink title=透明加密驱动开发心得
href="http://laokaddk.blog.51cto.com/368606/126328">透明加密驱动开发心得</A>
<BR><BR></DIV>
<DIV align=right>类别:未分类 ┆ <A class=operlink
onclick="javascript:joingroups(126118,'laokaddk');return false;"
href="http://laokaddk.blog.51cto.com/#">技术圈(
<SCRIPT
src="Minifiler开发⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -