Hi all,
Can any one help me to analysie this problem?? Thanks a lot.
I want to write to network file when I hooked an IRP_MJ_WRITE from a notepad
text file wrting. Then, I created an IRP in my FS filter driver(prototype is
filemon.
When this copy file was on the same computer it’s OK.
But, when the copy file was on a network,
after I sent out the IRP to the device object of “\Deivce\Mup”, It always
said that:
ERROR on IRP: c0000010
I also use “\Device\Lanmanredirector” instead of “\Device\Mup”
but still got the same problem.
The following is my code:
- get the target device object and save it to my device extention;
//here we also get the target device which we will
//use later to send our self’s irp for write to the target file
//
RtlInitUnicodeString( &fileNameUnicodeString, MupFileName );
InitializeObjectAttributes( &objectAttributes, &fileNameUnicodeString,
OBJ_CASE_INSENSITIVE, NULL, NULL );
ntStatus = ZwCreateFile( &ntFileHandle, SYNCHRONIZE|FILE_ANY_ACCESS,
&objectAttributes, &ioStatus, NULL, 0,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE,
NULL, 0 );
if( !NT_SUCCESS( ntStatus ) ) {
DbgPrint((“FileMirr: Could not open target drive: %x\n”,ntStatus ));
return FALSE;
}
DbgPrint((“FileMirr opened the root directory of the target driver!!!
handle: %x\n”, ntFileHandle));
// Got the file handle, so now look-up the file-object it refers to
ntStatus = ObReferenceObjectByHandle( ntFileHandle, FILE_READ_DATA,
NULL, KernelMode, &fileObject, NULL );
if( !NT_SUCCESS( ntStatus )) {
DbgPrint((“FileMirr: Could not get target driver’s fileobject from
handle\n”));
ZwClose( ntFileHandle );
return FALSE;
}
// Next, find out what device is associated with the file object by getting
its related
// device object
//
targetDevice = IoGetRelatedDeviceObject( fileObject );
hookExt->TargetDevice=targetDevice;
- Create my IRP and send out:
RtlInitUnicodeString(&myObjectName,L"\Device\Mup\Ren-test\CopyFile\test
.txt");
InitializeObjectAttributes(&myObjectAttr,
&myObjectName,OBJ_KERNEL_HANDLE,NULL,NULL);
ntStatus=ZwCreateFile(&myCopyFile,FILE_ANY_ACCESS,&myObjectAttr,&myIoStatus,
NULL,FILE_ATTRIBUTE_NORMAL,FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN_IF,FILE_NO_INTERMEDIATE_BUFFERING,NULL,0);
hookCompletion=NT_SUCCESS(ntStatus);
if(!hookCompletion)
{
DbgPrint((“Cannot create the target file object.\n”));
}
else
{
ntStatus=ObReferenceObjectByHandle(myCopyFile,
GENERIC_WRITE,
NULL,
KernelMode,
&myCopyReference,
NULL);
hookCompletion=NT_SUCCESS(ntStatus);
if(!hookCompletion){
DbgPrint((“Filemirr: Could not get fileobject from %s handle: %x\n”,
myObjectName, ntStatus ));
}else// we get the pointer of the file object then we create IRP
{
myIrp=IoAllocateIrp(hookExt->TargetDevice->StackSize,FALSE);
if(!myIrp)
{
DbgPrint((“Can not create our selves IRP for write.\n”));
hookCompletion=0;
}
else
{
//
// Build the IRP’s main body
//
myIrp->AssociatedIrp.SystemBuffer = Irp->AssociatedIrp.SystemBuffer;
myIrp->UserEvent = &event;
myIrp->UserIosb = &IoStatusBlock;
myIrp->UserBuffer=Irp->UserBuffer;
myIrp->MdlAddress=Irp->MdlAddress;
myIrp->Cancel=Irp->Cancel;
myIrp->Tail.Overlay.Thread = PsGetCurrentThread();
myIrp->Tail.Overlay.OriginalFileObject = myCopyReference;
myIrp->RequestorMode = KernelMode;
myIrp->Flags = Irp->Flags;
//
// Set up the I/O stack location.
//
ioStackLocation = IoGetNextIrpStackLocation(myIrp);
ioStackLocation->MajorFunction = IRP_MJ_WRITE;
ioStackLocation->DeviceObject = hookExt->TargetDevice;
ioStackLocation->FileObject = myCopyReference;
ioStackLocation->Parameters.Write.Length = currentIrpSt
ack-> Parameters.Write.Leng
th;
ioStackLocation->Parameters.Write.Key=
currentIrpStack->Parameters.Write.Key;
ioStackLocation->Parameters.Write.ByteOffset= currentIrpStack->
Parameters.Write.ByteOffset;
//
// Set the completion routine.
//
IoSetCompletionRoutine(myIrp, FileMirrWriteCopyFileComplete, 0, TRUE,
TRUE, TRUE);
//
// Initialize the event
//
KeInitializeEvent(&event, SynchronizationEvent, FALSE);
//
// Send it to the FSD
//
(void) IoCallDriver(hookExt->TargetDevice, myIrp);
//
// Wait for the I/O
//
KeWaitForSingleObject(&event, Executive, KernelMode, TRUE, 0);
//
// Done! Note that since our completion routine frees the IRP we cannot
// touch the IRP now.
//
hookCompletion=NT_SUCCESS( IoStatusBlock.Status );
}//end irp
ObDereferenceObject(myCopyReference);
}//end reference
ZwClose(myCopyFile);
}// end file object
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com