ObReferenceObjectByHandle函数来获得这个Handle对应的FileObject。我们只能给FileObject发送IRP。
stat=ObReferenceObjectByHandle(handle,GENERIC_READ,*IoFileObjectType,KernelMode,(PVOID*)&fileob,0);
ObReferenceObjectByHandle(hMsgEvent,EVENT_ALL_ACCESS,*ExEventObjectType,KernelMode,(PVOID*)&gKeventObject,NULL);
stat=ObReferenceObjectByHandle(handle,GENERIC_READ,*IoFileObjectType,KernelMode,(PVOID*)&fileob,0);
ObReferenceObjectByHandle(hMsgEvent,EVENT_ALL_ACCESS,*ExEventObjectType,KernelMode,(PVOID*)&gKeventObject,NULL);