過濾鉤子驅動程序：調度例程不叫

我想寫舊的過濾鉤子驅動程序，類似防火牆：尋找dst端口並阻止它。但是當數據包發送時，調度程序不會被調用。過濾鉤子驅動程序：調度例程不叫

註冊調度：

DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DrvDispatch;

開始ipfilter的驅動程序：

C:\Users\unnamed>net start ipfilterdriver

之後，通過Visual DDK啓動調試驅動程序。驅動程序加載成功，但調度程序中的斷點未達到。我究竟做錯了什麼？

NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) 
{ 
    UNICODE_STRING DeviceName,Win32Device; 
    PDEVICE_OBJECT DeviceObject = NULL; 
    NTSTATUS status; 
    unsigned i; 

    RtlInitUnicodeString(&DeviceName,L"\\Device\\driver10"); 
    RtlInitUnicodeString(&Win32Device,L"\\DosDevices\\driver10"); 

    for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++) 
     DriverObject->MajorFunction[i] = driver1DefaultHandler; 
    /* 
    DriverObject->MajorFunction[IRP_MJ_CREATE] = driver1CreateClose; 
    DriverObject->MajorFunction[IRP_MJ_CLOSE] = driver1CreateClose; 
    DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DrvDispatch; 
    */ 
    status = IoCreateDevice(DriverObject, 0, &DeviceName, 
       FILE_DEVICE_DRVFLTIP, 0, FALSE, 
       &DeviceObject); 
    if (NT_SUCCESS(status)) { 
     status = IoCreateSymbolicLink(&Win32Device, &DeviceName); 
     if (!NT_SUCCESS(status))   
       dprintf("DrvFltIp.SYS: IoCreateSymbolicLink failed\n"); 

     DriverObject->MajorFunction[IRP_MJ_CREATE]   = 
     DriverObject->MajorFunction[IRP_MJ_CLOSE]   = 
     DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DrvDispatch; 
     DriverObject->DriverUnload = driver1Unload; 
    } 
    if (!NT_SUCCESS(status)) { 
     dprintf("Error in initialization. Unloading...");   
     driver1Unload(DriverObject); 
    } 

    if (!DeviceObject) 
     return STATUS_UNEXPECTED_IO_ERROR; 
/* 
DeviceObject->Flags |= DO_DIRECT_IO; 
DeviceObject->Flags &= ~DO_DEVICE_INITIALIZING; 
DeviceObject->AlignmentRequirement = FILE_WORD_ALIGNMENT; 
*/ 
    DbgPrint("Driver started\n");  
    return status; 
} 
NTSTATUS DrvDispatch(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) 
{ 
    dprintf("DrvDispatch called\n"); 
    PIO_STACK_LOCATION irpStack; 
    PVOID    ioBuffer; 
    ULONG    inputBufferLength; 
    ULONG    outputBufferLength; 
    ULONG    ioControlCode; 
    NTSTATUS   ntStatus; 

    Irp->IoStatus.Status  = STATUS_SUCCESS; 
    Irp->IoStatus.Information = 0; 

    irpStack = IoGetCurrentIrpStackLocation(Irp); 

    switch (irpStack->MajorFunction) { 
    case IRP_MJ_CREATE: 
     dprintf("DrvFltIp.SYS: IRP_MJ_CREATE\n"); 
     break; 

    case IRP_MJ_CLOSE: 
     dprintf("DrvFltIp.SYS: IRP_MJ_CLOSE\n"); 
     break; 

    case IRP_MJ_DEVICE_CONTROL: 
     dprintf("DrvFltIp.SYS: IRP_MJ_DEVICE_CONTROL\n");   
     break; 
    }  
    ntStatus = Irp->IoStatus.Status; 
    IoCompleteRequest(Irp, IO_NO_INCREMENT); 
    return ntStatus; 
}

來源

2013-05-26 3ka5_cat

您確定要'IRP_MJ_DEVICE_CONTROL'？你沒有提供很多細節，但這聽起來並不合適。 –

我不確定..但我的代碼基於的示例使用IRP_MJ_DEVICE_CONTROL，並且我找不到有關此類驅動程序的更多信息。將DriverEntry和調度程序代碼添加到問題中。 –

剛纔忘在DriverEntry中註冊過濾鉤子回調函數： Registering and Clearing a Filter Hook

來源

2013-05-27 08:16:07

過濾鉤子驅動程序：調度例程不叫

回答

相關問題