hello~
Actually, I’m doing copy-on-write…
some other questions:
- how could I see the changes I made in the volume? I create a temp.txt in my volume, and type in “abcdefg123456”,can I use DebugPrint to print the string in my driver?how?
2.Everytime I write something in the temp.txt I got a lot IRP_MJ_WRITE,but the ByteOffset I got are different from the offset of the temp.txt I got in WinHex…why?
thank you!
Frente
Here’s the code:
///I create the IRP_MJ_READ in the DispathWrite
NTSTATUS FilterDispatchWrite(PDEVICE_OBJECT DeviceObject,PIRP Irp)
{
NTSTATUS orgIrpStatus;
PDEVICE_EXTENSION deviceExtension;
PIO_STACK_LOCATION pIrpStackLocation;
NTSTATUS status;
KEVENT event;
ULONG Length;
ULONGLONG ByteIndex;
ULONG SectorIndex;
PDEVICE_OBJECT TargetDeviceObject;
PVOID buffer;
IO_STATUS_BLOCK IoStatusBlock;
PIRP shReadIrp;
LARGE_INTEGER StartingOffset;
NTSTATUS readStatus;
PIO_STACK_LOCATION pISL;
deviceExtension = (PDEVICE_EXTENSION) DeviceObject->DeviceExtension;
pIrpStackLocation = IoGetCurrentIrpStackLocation(Irp);
Length = pIrpStackLocation->Parameters.Write.Length;
ByteIndex = pIrpStackLocation->Parameters.Write.ByteOffset.QuadPart;
////////////////////////////////////////
status = IoAcquireRemoveLock(&deviceExtension->RemoveLock,NULL);
if (!NT_SUCCESS(status)){
DebugPrint((0,“Filter DispatchWrite:IoAcquireRemoveLock Failed.\n”));
}
TargetDeviceObject = deviceExtension->TargetDeviceObject;
StartingOffset.QuadPart = pIrpStackLocation->Parameters.Write.ByteOffset.QuadPart;
if(KeGetCurrentIrql() > PASSIVE_LEVEL){
DebugPrint((0,“Current IRQL > PASSIVE_LEVEL.\n”));
}else{
buffer = ExAllocatePool(NonPagedPool, Length);
KeInitializeEvent(&event,NotificationEvent, FALSE);
shReadIrp = IoBuildAsynchronousFsdRequest(IRP_MJ_READ,TargetDeviceObject,buffer,Length,&StartingOffset,&IoStatusBlock);
if(NULL != shReadIrp){
DebugPrint((0,“shReadIrp created.\n”));
IoSetCompletionRoutine(shReadIrp,FilterReadCompletion,&event,TRUE,FALSE,FALSE);
readStatus = IoCallDriver(TargetDeviceObject, shReadIrp);
if (readStatus == STATUS_PENDING){
KeWaitForSingleObject(&event, Executive, KernelMode,FALSE, NULL);
DebugPrint((0,“shReadIrp completed.\n”));
status = IoStatusBlock.Status;
}
}
}
//////////////////////////////////////////
DebugPrint((0,
“FilterDispatchWrite write:Length::%u,ByteIndex::%u\n”,Length,ByteIndex));
IoSkipCurrentIrpStackLocation(Irp);
orgIrpStatus = IoCallDriver(deviceExtension->TargetDeviceObject, Irp);
IoReleaseRemoveLock(&deviceExtension->RemoveLock, NULL);
DebugPrint((0,“///////////////////////\n”));
return orgIrpStatus;
}
NTSTATUS NsFilterDispatchRead(PDEVICE_OBJECT DeviceObject,PIRP Irp){
PIO_STACK_LOCATION pIrpStackLocation;
PDEVICE_EXTENSION deviceExtension;
deviceExtension =DeviceObject->DeviceExtension;
pIrpStackLocation = IoGetCurrentIrpStackLocation(Irp);
IoCopyCurrentIrpStackLocationToNext(Irp);
DebugPrint((0,
DRIVERNAME " Enter NsFilterDispatchRead Irp = %p Data Length = %I32u Data offset = %I64d.\n",
Irp,
pIrpStackLocation->Parameters.Read.Length,
pIrpStackLocation->Parameters.Read.ByteOffset.QuadPart));
IoSetCompletionRoutine(Irp,NsFilterReadCompletion,NULL,TRUE,TRUE,TRUE);
return IoCallDriver(deviceExtension->TargetDeviceObject,Irp);
}
//IRP_MJ_READ comletion routine
NTSTATUS FilterReadCompletion(PDEVICE_OBJECT DeviceObject, PIRP Irp, PKEVENT pev)
{
PIO_STACK_LOCATION pIrpStackLocation;
ULONG Length;
LARGE_INTEGER StartingOffset;
ULONGLONG ByteIndex;
PVOID pOrgBuf;
ULONG uSrcLength;
if (Irp->PendingReturned){
KeSetEvent(pev, EVENT_INCREMENT, FALSE);
}
pIrpStackLocation = IoGetCurrentIrpStackLocation(Irp);
ByteIndex = pIrpStackLocation->Parameters.Read.ByteOffset.QuadPart;
Length = pIrpStackLocation->Parameters.Read.Length;
DebugPrint((0,“FilterReadCompletion CurrentSL:Length::%u,ByteIndex::%u\n”,Length,ByteIndex));
pOrgBuf = MmGetSystemAddressForMdlSafe(Irp->MdlAddress, HighPagePriority);
uSrcLength = MmGetMdlByteCount(Irp->MdlAddress);
if(pOrgBuf!= NULL){
DebugPrint((0,“pOrgBuf: %x\n”,pOrgBuf));
}else{
DebugPrint((0,“pOrgBuf:Faild.\n”));
}
IoFreeIrp(Irp);
return STATUS_MORE_PROCESSING_REQUIRED;
}