自己构造 Create IRP
NTSTATUS IrpCreate(IN PUNICODE_STRING Name,IN ACCESS_MASK DesiredAccess,IN ULONG FileAttributes,IN ULONG ShareAccess,IN ULONG CreateDisposition,IN ULONG CreateOptions,IN PDEVICE_OBJECT DeviceObject,IN PDEVICE_OBJECT RealDevice,IN PFILE_OBJECT RelatedFileObject,OUT PHANDLE ReturnHandle,PVOID* ReturnObject) i慱(鏈?=
{ 保 At???
NTSTATUS Status; ㄥ犗I$毱碽
KEVENT Event; <%韒?荦?
PIRP pIrp; 詥 8A?f薗
PFILE_OBJECT FileObject; is嬆鰑脷q
IO_STATUS_BLOCK IoStatusBlock; >{?nK?E9
PIO_STACK_LOCATION IOStack; '篲??c靯
IO_SECURITY_CONTEXT IoSecurityContext; =&4b襷?
ACCESS_STATE AccessState; m浖傼Q~??
AUX_DATA AuxData; ??踛襔蹬
PGENERIC_MAPPING pGenericMapping; ?嚜3J聜
OBJECT_ATTRIBUTES ObjectAttributs; ?汏???
壞hX@c腺?
KeInitializeEvent(&Event,SynchronizationEvent,FALSE); 霷[d?4?
pIrp = IoAllocateIrp(DeviceObject->StackSize,FALSE); ?袕?仴 Q
if(pIrp==NULL)return STATUS_INSUFFICIENT_RESOURCES; 貥浻芅?lt;?
InitializeObjectAttributes(&ObjectAttributs,NULL,OBJ_CASE_INSENSITIVE,0,NULL); 圝| ?投yM
Status = ObCreateObject(KernelMode,*IoFileObjectType,&ObjectAttributs,KernelMode,NULL,sizeof(FILE_OBJECT),0,0,(PVOID*)&FileObject); 麁氾C洌y?
if(!NT_SUCCESS(Status)) 蚹0u?'?^
{ ?汗??
IoFreeIrp(pIrp); &樎p赯Y?
return Status; v究Ky薹9
} K筍W"?~
memset(FileObject,0,sizeof(FILE_OBJECT)); 碹?乿耚xq
FileObject->Type=5; ぜH"Y?"€@?
FileObject->Size=sizeof(FILE_OBJECT); 玬=涛w椁鼊
FileObject->Flags=FO_SYNCHRONOUS_IO; lp陀醃噻?
FileObject->DeviceObject = RealDevice; nD?Y摎躱
FileObject->RelatedFileObject = RelatedFileObject; 6b暋撰菩#
KeInitializeEvent(&FileObject->Lock,SynchronizationEvent,FALSE); y娍 ?[?
KeInitializeEvent(&FileObject->Event,SynchronizationEvent,FALSE); 8Y捛+湏驺
FileObject->FileName.Buffer = (PWSTR)ExAllocatePool(NonPagedPool,Name->MaximumLength); j?垡忂碸;
RtlCopyUnicodeString(&FileObject->FileName,Name); 氼hG^睒&?
pIrp->UserEvent=&Event; 0u%
pIrp->UserIosb=&IoStatusBlock; ?nm猪?B?
pIrp->Tail.Overlay.Thread = (PETHREAD)KeGetCurrentThread(); 蚿a儚?註
pIrp->Tail.Overlay.OriginalFileObject=FileObject; Pl6}?墨?
pIrp->RequestorMode=KernelMode; 辑P鋜 ab
pIrp->Flags=IRP_CREATE_OPERATION|IRP_SYNCHRONOUS_API; 弢MFX?鼏
pIrp->PendingReturned=FALSE; s?猙幙糁
pIrp->Cancel=FALSE; 觥孛麛郩{
pIrp->MdlAddress=NULL; l湨 2圐紃?
pIrp->CancelRoutine=NULL; 妴覆^'罌?
pIrp->Tail.Overlay.AuxiliaryBuffer=NULL; €(+l珦|ml?
IOStack = IoGetNextIrpStackLocation(pIrp); 寫孠袇 r?
IOStack->MajorFunction=IRP_MJ_CREATE; 菃,G?|
IOStack->DeviceObject=DeviceObject; _:?$|Y瓔?
IOStack->FileObject=FileObject; 奘T?擁??
pGenericMapping = IoGetFileObjectGenericMapping(); 椒|p饒#c
SeCreateAccessState(&AccessState,&AuxData,DesiredAccess,pGenericMapping); -?聗H??
IoSecurityContext.AccessState = &AccessState; ?C憃師??
IoSecurityContext.DesiredAccess = DesiredAccess; 濾e沫惙%m|
IoSecurityContext.SecurityQos=NULL; h笴铅? /Q
IoSecurityContext.FullCreateOptions=0; 廿鈖O@k?#
IOStack->Parameters.Create.SecurityContext=&IoSecurityContext; 焬?xA丮
IOStack->Parameters.Create.Options=(CreateDisposition<<0x18)|CreateOptions; ?窜К焣瞣
IOStack->Parameters.Create.FileAttributes = (USHORT)FileAttributes; 芿?惸哑v
IOStack->Parameters.Create.ShareAccess = (USHORT)ShareAccess; ll€鸌1篢u?
IOStack->Parameters.Create.EaLength=0; 厂雘T錛塏
IOStack->Context=NULL; ??滔
IOStack->Control=SL_INVOKE_ON_CANCEL|SL_INVOKE_ON_SUCCESS|SL_INVOKE_ON_ERROR; ^4?連燃
IOStack->CompletionRoutine = IoCompletionRoutine; 墢gmr %U?
Status = IoCallDriver(DeviceObject,pIrp); 5娩樼g^辺?
if(Status == STATUS_PENDING) 猷.餾? ?
KeWaitForSingleObject(&Event,Executive,KernelMode,FALSE,NULL); r倬畛=??
Status=IoStatusBlock.Status; C垘*労置}?
if(NT_SUCCESS(Status)) e.I餃ft
{ #OK?e?
MyReferenceObject(FileObject); ?yX矯@?b
} 炆恤嵐w?
return Status; ??奼齓锓
} ˊ胧lER筬S
齲龟??
void MyReferenceObject(PFILE_OBJECT FileObject) 狾敽>V -
{ 洛 /禭
InterlockedIncrement(&FileObject->DeviceObject->ReferenceCount); ?枆楺J蚤
if(FileObject->Vpb) EV脭堓
InterlockedIncrement((volatile LONG*)&FileObject->Vpb->ReferenceCount); Q^堁? 彀Q
}
{ 保 At???
NTSTATUS Status; ㄥ犗I$毱碽
KEVENT Event; <%韒?荦?
PIRP pIrp; 詥 8A?f薗
PFILE_OBJECT FileObject; is嬆鰑脷q
IO_STATUS_BLOCK IoStatusBlock; >{?nK?E9
PIO_STACK_LOCATION IOStack; '篲??c靯
IO_SECURITY_CONTEXT IoSecurityContext; =&4b襷?
ACCESS_STATE AccessState; m浖傼Q~??
AUX_DATA AuxData; ??踛襔蹬
PGENERIC_MAPPING pGenericMapping; ?嚜3J聜
OBJECT_ATTRIBUTES ObjectAttributs; ?汏???
壞hX@c腺?
KeInitializeEvent(&Event,SynchronizationEvent,FALSE); 霷[d?4?
pIrp = IoAllocateIrp(DeviceObject->StackSize,FALSE); ?袕?仴 Q
if(pIrp==NULL)return STATUS_INSUFFICIENT_RESOURCES; 貥浻芅?lt;?
InitializeObjectAttributes(&ObjectAttributs,NULL,OBJ_CASE_INSENSITIVE,0,NULL); 圝| ?投yM
Status = ObCreateObject(KernelMode,*IoFileObjectType,&ObjectAttributs,KernelMode,NULL,sizeof(FILE_OBJECT),0,0,(PVOID*)&FileObject); 麁氾C洌y?
if(!NT_SUCCESS(Status)) 蚹0u?'?^
{ ?汗??
IoFreeIrp(pIrp); &樎p赯Y?
return Status; v究Ky薹9
} K筍W"?~
memset(FileObject,0,sizeof(FILE_OBJECT)); 碹?乿耚xq
FileObject->Type=5; ぜH"Y?"€@?
FileObject->Size=sizeof(FILE_OBJECT); 玬=涛w椁鼊
FileObject->Flags=FO_SYNCHRONOUS_IO; lp陀醃噻?
FileObject->DeviceObject = RealDevice; nD?Y摎躱
FileObject->RelatedFileObject = RelatedFileObject; 6b暋撰菩#
KeInitializeEvent(&FileObject->Lock,SynchronizationEvent,FALSE); y娍 ?[?
KeInitializeEvent(&FileObject->Event,SynchronizationEvent,FALSE); 8Y捛+湏驺
FileObject->FileName.Buffer = (PWSTR)ExAllocatePool(NonPagedPool,Name->MaximumLength); j?垡忂碸;
RtlCopyUnicodeString(&FileObject->FileName,Name); 氼hG^睒&?
pIrp->UserEvent=&Event; 0u%
pIrp->UserIosb=&IoStatusBlock; ?nm猪?B?
pIrp->Tail.Overlay.Thread = (PETHREAD)KeGetCurrentThread(); 蚿a儚?註
pIrp->Tail.Overlay.OriginalFileObject=FileObject; Pl6}?墨?
pIrp->RequestorMode=KernelMode; 辑P鋜 ab
pIrp->Flags=IRP_CREATE_OPERATION|IRP_SYNCHRONOUS_API; 弢MFX?鼏
pIrp->PendingReturned=FALSE; s?猙幙糁
pIrp->Cancel=FALSE; 觥孛麛郩{
pIrp->MdlAddress=NULL; l湨 2圐紃?
pIrp->CancelRoutine=NULL; 妴覆^'罌?
pIrp->Tail.Overlay.AuxiliaryBuffer=NULL; €(+l珦|ml?
IOStack = IoGetNextIrpStackLocation(pIrp); 寫孠袇 r?
IOStack->MajorFunction=IRP_MJ_CREATE; 菃,G?|
IOStack->DeviceObject=DeviceObject; _:?$|Y瓔?
IOStack->FileObject=FileObject; 奘T?擁??
pGenericMapping = IoGetFileObjectGenericMapping(); 椒|p饒#c
SeCreateAccessState(&AccessState,&AuxData,DesiredAccess,pGenericMapping); -?聗H??
IoSecurityContext.AccessState = &AccessState; ?C憃師??
IoSecurityContext.DesiredAccess = DesiredAccess; 濾e沫惙%m|
IoSecurityContext.SecurityQos=NULL; h笴铅? /Q
IoSecurityContext.FullCreateOptions=0; 廿鈖O@k?#
IOStack->Parameters.Create.SecurityContext=&IoSecurityContext; 焬?xA丮
IOStack->Parameters.Create.Options=(CreateDisposition<<0x18)|CreateOptions; ?窜К焣瞣
IOStack->Parameters.Create.FileAttributes = (USHORT)FileAttributes; 芿?惸哑v
IOStack->Parameters.Create.ShareAccess = (USHORT)ShareAccess; ll€鸌1篢u?
IOStack->Parameters.Create.EaLength=0; 厂雘T錛塏
IOStack->Context=NULL; ??滔
IOStack->Control=SL_INVOKE_ON_CANCEL|SL_INVOKE_ON_SUCCESS|SL_INVOKE_ON_ERROR; ^4?連燃
IOStack->CompletionRoutine = IoCompletionRoutine; 墢gmr %U?
Status = IoCallDriver(DeviceObject,pIrp); 5娩樼g^辺?
if(Status == STATUS_PENDING) 猷.餾? ?
KeWaitForSingleObject(&Event,Executive,KernelMode,FALSE,NULL); r倬畛=??
Status=IoStatusBlock.Status; C垘*労置}?
if(NT_SUCCESS(Status)) e.I餃ft
{ #OK?e?
MyReferenceObject(FileObject); ?yX矯@?b
} 炆恤嵐w?
return Status; ??奼齓锓
} ˊ胧lER筬S
齲龟??
void MyReferenceObject(PFILE_OBJECT FileObject) 狾敽>V -
{ 洛 /禭
InterlockedIncrement(&FileObject->DeviceObject->ReferenceCount); ?枆楺J蚤
if(FileObject->Vpb) EV脭堓
InterlockedIncrement((volatile LONG*)&FileObject->Vpb->ReferenceCount); Q^堁? 彀Q
}