Hi ,
i am writing a filter device driver over the
existing filesystem.the code below is written on the
lines of the legendary FileMon Application.the driver
dispatch routine is kept simple and just calls
IoCallDriver with the TargetDevice object and the
incoming IRP… so there is nothing complicated in it.
But when i run the code thru “instdrv” app it gives me
following message
CreateService SUCCESS
StartService SUCCESS
Cud not get a handle to \.\FilTerOnHooksys
Please tell me what cud be going wrong.
Thank you so much.
The code is given below…
NTSTATUS AttachOurDeviceToHooksys( PDRIVER_OBJECT
DriverObject )
{
UNICODE_STRING TargetDeviceName;
OBJECT_ATTRIBUTES objectAttributes;
HANDLE ntFileHandle;
NTSTATUS ntStatus;
IO_STATUS_BLOCK ioStatus;
int i;
PDRIVER_DISPATCH EmptyDispatchValue = NULL;
PDEVICE_OBJECT deviceObject = NULL;
WCHAR deviceNameBuffer =
L"\Device\FilterOnHooksys";
UNICODE_STRING deviceNameUnicodeString;
WCHAR deviceLinkBuffer =
L"\DosDevices\FilterOnHooksys";
UNICODE_STRING deviceLinkUnicodeString;
PDEVICE_EXTENSION FilterExtension;
WCHAR FileNameTargetUnicodeString =
L"\DosDevices\C:\";
// initialize the device string of our object
RtlInitUnicodeString (&deviceNameUnicodeString,
deviceNameBuffer);
// init the string for the target object
RtlInitUnicodeString( &TargetDeviceName ,
FileNameTargetUnicodeString );
InitializeObjectAttributes( &objectAttributes,
&TargetDeviceName,
OBJ_CASE_INSENSITIVE,
NULL, NULL );
// get a handle to the file or the symbolik link
ntStatus = ZwCreateFile( &ntFileHandle,
SYNCHRONIZE|FILE_ANY_ACCESS,
&objectAttributes,
&ioStatus, NULL, 0, FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE,
NULL, 0 );
if( !NT_SUCCESS( ntStatus ) ) {
DbgPrint(“Filteronhooksys : Could not open
%S\n”, TargetDeviceName.Buffer );
return FALSE;
}
// increment its reference count
ntStatus = ObReferenceObjectByHandle( ntFileHandle,
FILE_READ_DATA,
NULL,
KernelMode, &fileObject, NULL );
if( !NT_SUCCESS( ntStatus )) {
DbgPrint(“Filter: Could not get fileobject
from handle”);
ZwClose( ntFileHandle );
return FALSE;
}
//
// Next, find out what device is associated with
the file object by getting its related
// device object
//
TargetDevice = IoGetRelatedDeviceObject(
fileObject );
if( ! TargetDevice ) {
DbgPrint(“iogetrelateddeviceobject failed” );
ObDereferenceObject( fileObject );
ZwClose( ntFileHandle );
return FALSE;
}
// Create the device object for fohooksys driver
ntStatus = IoCreateDevice (DriverObject,
sizeof( DEVICE_EXTENSION ),
NULL,
TargetDevice->DeviceType,
0,
FALSE,
&deviceObject
);
if( ntStatus != STATUS_SUCCESS )
{
DbgPrint(“cud not createdevice”);
return FALSE;
}
deviceObject->Flags &= ~DO_DEVICE_INITIALIZING;
// create the symbolic link
RtlInitUnicodeString (&deviceLinkUnicodeString,
deviceLinkBuffer);
ntStatus = IoCreateSymbolicLink
(&deviceLinkUnicodeString,
&deviceNameUnicodeString);
if (!NT_SUCCESS(ntStatus))
{
IoDeleteDevice (deviceObject);
return ntStatus;
}
// make the majorfunction table of our driver same as
the lower driver’s
for( i=0;i<irp_mj_maximum_function> DriverObject->MajorFunction[i] = DriverDispatch;
DriverObject->DriverUnload = DriverUnload;
// set up driver layering
ResultObject = IoAttachDeviceToDeviceStack(
deviceObject , TargetDevice );
if( ResultObject == NULL )
{
DbgPrint( “device stack failed” );
ObDereferenceObject( fileObject );
ZwClose( ntFileHandle );
return FALSE;
}
DbgPrint(“Done”);
ObDereferenceObject( fileObject );
ZwClose( ntFileHandle );
return STATUS_SUCCESS;
}
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
—
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</irp_mj_maximum_function>