All my symbolic link create source code show as follows.Is there any mistake?
Thanks!
----- 转发邮件 ----
发件人: lin chen
收件人: Windows File Systems Devs Interest List
已发送: 2009/9/15(周二), 下午7:45:29
主题: 回复: [ntfsd] RE: [ntfsd] 回复: [ntfsd] CreateFile return ERROR_INVALID_FUNCTION(Incorrect function) for file filter driver
Dear Matt
Because all my source code is so a lot,I show you the code relevant to the SymBolicLink created.
Here is my DriverEntry:
#define DRIVER_DEVICE_NAME L"HFsFilter0"
#define DRIVER_NAME L"HFsFileMonitor"
#define DEVICE_NAME_XP L"\FileSystem\Filters\“##DRIVER_DEVICE_NAME
#define DEVICE_NAME_2K L”\FileSystem\“##DRIVER_DEVICE_NAME
#define DOS_DEV_NAME L”\DosDevices\“##DRIVER_NAME
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
PFAST_IO_DISPATCH FastIoDispatch = NULL;
UNICODE_STRING NameString;
NTSTATUS Status;
ULONG i;
UNICODE_STRING DeviceLinkString; // the symbolic link to the control device
#if WINVER >= 0x0501
// Try to load the dynamic functions that may be available for our use.
HFsLoadDynamicFunctions();
// Now get the current OS version that we will use to determine what logic
// paths to take when this driver is built to run on various OS version.
HFsGetCurrentVersion();
#endif
// Get parameters from registry
HFsReadDriverParameters(RegistryPath);
// Setup other global variables
ExInitializeFastMutex(&gSfilterAttachLock);
ExInitializePagedLookasideList(
&gFsCtxLookAsideList,
NULL,
NULL,
0,
FSCTX_GENERIC_TABLE_POOL_SIZE,
SFLT_POOL_TAG,
0
);
ExInitializePagedLookasideList(
&gFileNameLookAsideList,
NULL,
NULL,
0,
MAX_PATH * sizeof(WCHAR),
SFLT_POOL_TAG,
0
);
ExInitializeNPagedLookasideList(
&gReadWriteCompletionCtxLookAsideList,
NULL,
NULL,
0,
sizeof(READ_WRITE_COMPLETION_CONTEXT),
SFLT_POOL_TAG,
0
);
//090524 add for use rc4 encrypt/decrypt
ExInitializeNPagedLookasideList(&gCryptKeyLookasideList, NULL, NULL, 0,
sizeof(RC4_KEY), SFLT_POOL_TAG, 0);
// initialize global encrypt/decrypt key
gpCryptKey = ExAllocateFromNPagedLookasideList(&gCryptKeyLookasideList);
if (NULL == gpCryptKey)
{
KdPrint((”[HFsFilter.c] [DriverEntry] [%u] ExAllocateFromNPagedLookasideList() failed! \n",
LINE ));
Status = STATUS_INSUFFICIENT_RESOURCES;
goto Error;
}
RC4_set_key(gpCryptKey, sizeof(LOCAL_KEY), (const PUCHAR)LOCAL_KEY);
//090524 add
// Save our Driver Object, set our UNLOAD routine
gSFilterDriverObject = DriverObject;
// Create the Control Device Object (CDO). This object represents this
// driver. Note that it does not have a device extension.
RtlInitUnicodeString(&NameString, DEVICE_NAME_XP);
Status = IoCreateDevice(
DriverObject,
0, // has no device extension
&NameString,
FILE_DEVICE_FILE_SYSTEM,
FILE_DEVICE_SECURE_OPEN,
FALSE,
&gSFilterControlDeviceObject
);
if (Status == STATUS_OBJECT_PATH_NOT_FOUND)
{
//
// This must be a version of the OS that doesn’t have the Filters
// path in its namespace. This was added in Windows XP.
//
// We will try just putting our control device object in the \FileSystem
// portion of the object name space.
RtlInitUnicodeString(&NameString, DEVICE_NAME_2K);
Status = IoCreateDevice(
DriverObject,
0, // has no device extension
&NameString,
FILE_DEVICE_FILE_SYSTEM,
FILE_DEVICE_SECURE_OPEN,
FALSE,
&gSFilterControlDeviceObject
);
if (!NT_SUCCESS(Status))
{
KdPrint((“[HFsFilter.c][DriverEntry]: Error creating control device object "%wZ", Status=%08x\n”, &NameString, Status));
return Status;
}
}
else if (!NT_SUCCESS(Status))
{
KdPrint((“[HFsFilter.c][DriverEntry]: Error creating control device object "%wZ", Status=%08x\n”, &NameString, Status));
return Status;
}
RtlInitUnicodeString(&DeviceLinkString, DOS_DEV_NAME);
// create symbolic link
Status = IoCreateSymbolicLink(&DeviceLinkString, &NameString);
if (!NT_SUCCESS(Status))
{
IoDeleteSymbolicLink( &DeviceLinkString );
Status = IoCreateSymbolicLink( &DeviceLinkString, &NameString );
if (!NT_SUCCESS(Status))
{
DbgPrint(“[%s] [DriverEntry] [%u] IoCreateSymbolicLink() failed! Status=0x%08X\n”,
file , LINE , Status);
goto Error;
}
}
// Initialize the driver object with this device driver’s entry points.
for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
{
DriverObject->MajorFunction[i] = HFsPassThrough;
}
#if DBG && WINVER >= 0x0501
if (NULL != gSfDynamicFunctions.EnumerateDeviceObjectList)
gSFilterDriverObject->DriverUnload = DriverUnload;
#endif
// use HFsCreate for all the create operations
DriverObject->MajorFunction[IRP_MJ_CREATE] = HFsCreate;
DriverObject->MajorFunction[IRP_MJ_CREATE_NAMED_PIPE] = HFsCreate;
DriverObject->MajorFunction[IRP_MJ_CREATE_MAILSLOT] = HFsCreate;
DriverObject->MajorFunction[IRP_MJ_FILE_SYSTEM_CONTROL] = HFsFsControl;
DriverObject->MajorFunction[IRP_MJ_CLEANUP] = HFsCleanup;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = HFsClose;
DriverObject->MajorFunction[IRP_MJ_READ] = HFsRead;
DriverObject->MajorFunction[IRP_MJ_WRITE] = HFsWrite;
DriverObject->MajorFunction[IRP_MJ_DIRECTORY_CONTROL] = HFsDirectoryControl;
DriverObject->MajorFunction[IRP_MJ_SET_INFORMATION] = HFsSetInformation;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = HFsDeviceControl;
FastIoDispatch = ExAllocatePoolWithTag(NonPagedPool, sizeof(FAST_IO_DISPATCH), SFLT_POOL_TAG);
if (!FastIoDispatch)
{
IoDeleteDevice(gSFilterControlDeviceObject);
return STATUS_INSUFFICIENT_RESOURCES;
}
RtlZeroMemory(FastIoDispatch, sizeof(FAST_IO_DISPATCH));
FastIoDispatch->SizeOfFastIoDispatch = sizeof(FAST_IO_DISPATCH);
FastIoDispatch->FastIoCheckIfPossible = HFsFastIoCheckIfPossible;
FastIoDispatch->FastIoRead = HFsFastIoRead;
FastIoDispatch->FastIoWrite = HFsFastIoWrite;
FastIoDispatch->FastIoQueryBasicInfo = HFsFastIoQueryBasicInfo;
FastIoDispatch->FastIoQueryStandardInfo = HFsFastIoQueryStandardInfo;
FastIoDispatch->FastIoLock = HFsFastIoLock;
FastIoDispatch->FastIoUnlockSingle = HFsFastIoUnlockSingle;
FastIoDispatch->FastIoUnlockAll = HFsFastIoUnlockAll;
FastIoDispatch->FastIoUnlockAllByKey = HFsFastIoUnlockAllByKey;
FastIoDispatch->FastIoDeviceControl = HFsFastIoDeviceControl;
FastIoDispatch->FastIoDetachDevice = HFsFastIoDetachDevice;
FastIoDispatch->FastIoQueryNetworkOpenInfo = HFsFastIoQueryNetworkOpenInfo;
FastIoDispatch->MdlRead = HFsFastIoMdlRead;
FastIoDispatch->MdlReadComplete = HFsFastIoMdlReadComplete;
FastIoDispatch->PrepareMdlWrite = HFsFastIoPrepareMdlWrite;
FastIoDispatch->MdlWriteComplete = HFsFastIoMdlWriteComplete;
FastIoDispatch->FastIoReadCompressed = HFsFastIoReadCompressed;
FastIoDispatch->FastIoWriteCompressed = HFsFastIoWriteCompressed;
FastIoDispatch->MdlReadCompleteCompressed = HFsFastIoMdlReadCompleteCompressed;
FastIoDispatch->MdlWriteCompleteCompressed = HFsFastIoMdlWriteCompleteCompressed;
FastIoDispatch->FastIoQueryOpen = HFsFastIoQueryOpen;
DriverObject->FastIoDispatch = FastIoDispatch;
//
// The registered callback routine “HFsNotification” will be called
// whenever a new file systems is loaded or when any file system is
// unloaded.
Status = IoRegisterFsRegistrationChange(DriverObject, HFsNotification);
if (!NT_SUCCESS(Status))
{
KdPrint((“[HFsFilter.c]DriverEntry: Error registering FS change notification, Status=%08x\n”, Status));
DriverObject->FastIoDispatch = NULL;
ExFreePool(FastIoDispatch);
IoDeleteDevice(gSFilterControlDeviceObject);
return Status;
}
// Attempt to attach to the appropriate RAW file system device objects
// since they are not enumerated by IoRegisterFsRegistrationChange.
{
PDEVICE_OBJECT RawDeviceObject;
PFILE_OBJECT FileObject;
// Attach to RawDisk device
RtlInitUnicodeString(&NameString, L"\Device\RawDisk");
Status = IoGetDeviceObjectPointer(
&NameString,
FILE_READ_ATTRIBUTES,
&FileObject,
&RawDeviceObject
);
if (NT_SUCCESS(Status))
{
HFsNotification(RawDeviceObject, TRUE);
ObDereferenceObject(FileObject);
}
// Attach to the RawCdRom device
RtlInitUnicodeString(&NameString, L"\Device\RawCdRom");
Status = IoGetDeviceObjectPointer(
&NameString,
FILE_READ_ATTRIBUTES,
&FileObject,
&RawDeviceObject
);
if (NT_SUCCESS(Status))
{
HFsNotification(RawDeviceObject, TRUE);
ObDereferenceObject(FileObject);
}
#if WINVER < 0x0501
HFsAttachToFileSystem2k();
#endif
}
// Clear the initializing flag on the control device object since we
// have now successfully initialized everything.
ClearFlag(gSFilterControlDeviceObject->Flags, DO_DEVICE_INITIALIZING);
DbgPrint(“[HFsFilter] [DriverEntry] [%u] Sfilter is going to starting work now.”, LINE );
return STATUS_SUCCESS;
// error handling routine
Error:
KdPrint((“[HFsFilter] [DriverEntry] [%u] I’m regret to inform you that I can’t work any more!\n”,
LINE ));
if (NULL != FastIoDispatch)
{
ExFreePoolWithTag(FastIoDispatch, SFLT_POOL_TAG);
}
if (NULL != gSFilterControlDeviceObject)
{
IoDeleteDevice(gSFilterControlDeviceObject);
}
if (NULL != gpCryptKey)
{
ExFreeToNPagedLookasideList(&gCryptKeyLookasideList, gpCryptKey);
}
ExDeleteNPagedLookasideList(&gCryptKeyLookasideList);
ExDeletePagedLookasideList(&gFsCtxLookAsideList);
ExDeletePagedLookasideList(&gFileNameLookAsideList);
ExDeleteNPagedLookasideList(&gReadWriteCompletionCtxLookAsideList);
return Status;
}
And all my user mode application load driver show as follows:
I call load driver function like this:
#define HAUDIT_DEVICE_DRIVER_NAME_FSFILTER_MONITOR “HFsFileMonitor”
#define HAUDIT_DEVICE_DRIVER_FILE_NAME_FSFILTER_MONITOR “HFsFilter.sys”
LoadDeviceDriver(HAUDIT_DEVICE_DRIVER_NAME_FSFILTER_MONITOR, HAUDIT_DEVICE_DRIVER_FILE_NAME_FSFILTER_MONITOR, &lpDeviceHandle);
BOOL CCommonAPI::LoadDeviceDriver(IN PCHAR pDeviceDriverName, IN PCHAR pDeviceDriverFileName, OUT PHANDLE lphDevice)
{
SC_HANDLE schSCManager;
BOOL okay;
CHAR strDestFileFullPathName[LONGLONG_STRING_INC_TAIL_LENGTH] = {0};
CHAR strSrcFilePath[LONGLONG_STRING_INC_TAIL_LENGTH] = {0};
//GetModuleFileName(NULL, strSrcFilePath, sizeof(strSrcFilePath));
//strcat(strSrcFilePath, “\”);
//strcat(strSrcFilePath, pDeviceDriverName);
// Copy device driver to system\drivers directory
GetSystemDirectory(strDestFileFullPathName, LONGLONG_STRING_LENGTH);
strcat(strDestFileFullPathName, “\drivers”);
SetFileFolderEveryoneDACL(strDestFileFullPathName);
strcat(strDestFileFullPathName, “\”);
strcat(strDestFileFullPathName, pDeviceDriverFileName);
okay = CopyFile(pDeviceDriverFileName, strDestFileFullPathName, FALSE);
if( !okay )
return FALSE;
RaiseProcessPrivleges(SE_LOAD_DRIVER_NAME);
okay = OpenDevice( pDeviceDriverName, lphDevice);
if(okay && *lphDevice != ((HANDLE)-1))
return okay;
schSCManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
// Remove old instances
StopDriver( schSCManager, pDeviceDriverName );
RemoveDriver( schSCManager, pDeviceDriverName );
UnloadDeviceDriver( pDeviceDriverName );
// Ignore success of installation: it may already be installed.
okay = InstallDriver( schSCManager, pDeviceDriverName, strDestFileFullPathName );
if( !okay )
{
CloseServiceHandle( schSCManager );
return okay;
}
// Ignore success of start: it may already be started.
StartDriver( schSCManager, pDeviceDriverName );
// Do make sure we can open it.
okay = OpenDevice( pDeviceDriverName, lphDevice );
CloseServiceHandle( schSCManager );
return okay;
}
BOOL CCommonAPI::OpenDevice(PCHAR pDeviceDriverName, PHANDLE lphDevice)
{
CHAR strCompleteDeviceDriverName[64];
HANDLE hDevice;
//
// Create a \.\XXX device name that CreateFile can use
//
// NOTE: We’re making an assumption here that the driver
// has created a symbolic link using it’s own name
// (i.e. if the driver has the name “XXX” we assume
// that it used IoCreateSymbolicLink to create a
// symbolic link “\DosDevices\XXX”. Usually, there
// is this understanding between related apps/drivers.
//
// An application might also peruse the DEVICEMAP
// section of the registry, or use the QueryDosDevice
// API to enumerate the existing symbolic links in the
// system.
//
sprintf( strCompleteDeviceDriverName, “\\.\%s”, pDeviceDriverName );
hDevice = CreateFileA( strCompleteDeviceDriverName,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL| FILE_FLAG_OVERLAPPED,
NULL
);
if ( hDevice == ((HANDLE)-1) )
return FALSE;
// If user wants handle, give it to them. Otherwise, just close it.
if ( lphDevice )
*lphDevice = hDevice;
else
CloseHandle( hDevice );
return TRUE;
}
When I use OpenDevice function to open my filter driver device object.Then the error code ERROR_INVALID_FUNCTION appeared when call CreateFileA.
好玩贺卡等你发,邮箱贺卡全新上线!
___________________________
好玩贺卡等你发,邮箱贺卡全新上线!
http://card.mail.cn.yahoo.com/