| 网站首页 | 业界新闻 | 小组 | 威客 | 人才 | 下载频道 | 博客 | 代码贴 | 在线编程 | 编程论坛
欢迎加入我们,一同切磋技术
用户名:   
 
密 码:  
共有 557 人关注过本帖
标题:独钓寒江第2个例子,int 3 怎么没执行
只看楼主 加入收藏
WDMfans
Rank: 3Rank: 3
等 级:论坛游侠
帖 子:86
专家分:168
注 册:2010-9-19
结帖率:85.71%
收藏
已结贴  问题点数:20 回复次数:2 
独钓寒江第2个例子,int 3 怎么没执行
程序代码:
#include <ntddk.h>
#define NTSTRSAFE_LIB
#include <ntstrsafe.h>

#define CCP_MAX_COM_ID 32

// 过滤设备和真实设备
static PDEVICE_OBJECT s_fltobj[CCP_MAX_COM_ID] = { 0 };
static PDEVICE_OBJECT s_nextobj[CCP_MAX_COM_ID] = { 0 };

NTSTATUS ccpDispatch(PDEVICE_OBJECT device,PIRP irp)
{
    PIO_STACK_LOCATION irpsp = IoGetCurrentIrpStackLocation(irp);
    NTSTATUS status;
    ULONG i,j;
               //VM的系统环境为 XP Debug状态 
    _asm int 3 //在VM中安装完驱动启动后,再用超级终端向com2发字符,中断不执行?在本机调试VM中的系统环境下,WINDBG截  获不到INT 3。
  
    for(i=0;i<CCP_MAX_COM_ID;i++)
    {
        if(s_fltobj[i] == device)
        {           
            // 所有电源操作,全部直接放过。
            if(irpsp->MajorFunction == IRP_MJ_POWER)
            {
                PoStartNextPowerIrp(irp);
                IoSkipCurrentIrpStackLocation(irp);
                return PoCallDriver(s_nextobj[i],irp);
            }
          
            if(irpsp->MajorFunction == IRP_MJ_WRITE)
            {
                ULONG len = irpsp->Parameters.Write.Length;
                PUCHAR buf = NULL;
                if(irp->MdlAddress != NULL)
                    buf =
                    (PUCHAR)
                    MmGetSystemAddressForMdlSafe(irp->MdlAddress,NormalPagePriority);
                else
                    buf = (PUCHAR)irp->UserBuffer;
                if(buf == NULL)
                    buf = (PUCHAR)irp->AssociatedIrp.SystemBuffer;
               
                // 打印下载内容
                for(j=0;j<len;++j)
                {
                    DbgPrint("comcap: Send Data: %2x\r\n",
                        buf[j]);
                }
                //禁止从com1--com32下载数据
                irp->IoStatus.Information = 0;
                irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
                IoCompleteRequest(irp,IO_NO_INCREMENT);
                return STATUS_SUCCESS;    

            }//if(irpsp->MajorFunction == IRP_MJ_WRITE)

           
            // 其余的请求直接转发
            IoSkipCurrentIrpStackLocation(irp);
            return IoCallDriver(s_nextobj[i],irp);
        }
    }
   
    // 不在被绑定的设备中返回错误。
    irp->IoStatus.Information = 0;
    irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
    IoCompleteRequest(irp,IO_NO_INCREMENT);
    return STATUS_SUCCESS;   
} 


// 获取串口设备对象
PDEVICE_OBJECT ccpOpenCom(ULONG id,NTSTATUS *status)
{

    UNICODE_STRING name_str;
    static WCHAR name[32] = { 0 };
    PFILE_OBJECT fileobj = NULL;
    PDEVICE_OBJECT devobj = NULL;

   
    memset(name,0,sizeof(WCHAR)*32);
    RtlStringCchPrintfW(
        name,32,
        L"\\Device\\Serial%d",id);
    RtlInitUnicodeString(&name_str,name);

   
    *status = IoGetDeviceObjectPointer(&name_str, FILE_ALL_ACCESS, &fileobj, &devobj);
    if (*status == STATUS_SUCCESS)
        ObDereferenceObject(fileobj);

    return devobj;
}

NTSTATUS
ccpAttachDevice(
                PDRIVER_OBJECT driver,
                PDEVICE_OBJECT oldobj,
                PDEVICE_OBJECT *fltobj,
                PDEVICE_OBJECT *next)
{
    NTSTATUS status;
    PDEVICE_OBJECT topdev = NULL;
  
    // 创建过滤设备,然后绑定
    status = IoCreateDevice(driver,
                            0,
                            NULL,
                            oldobj->DeviceType,
                            0,
                            FALSE,
                            fltobj);

    if (status != STATUS_SUCCESS)
        return status;

    // 拷贝重要标志位。
    if(oldobj->Flags & DO_BUFFERED_IO)
        (*fltobj)->Flags |= DO_BUFFERED_IO;
    if(oldobj->Flags & DO_DIRECT_IO)
        (*fltobj)->Flags |= DO_DIRECT_IO;
    if(oldobj->Flags & DO_BUFFERED_IO)
        (*fltobj)->Flags |= DO_BUFFERED_IO;
    if(oldobj->Characteristics & FILE_DEVICE_SECURE_OPEN)
        (*fltobj)->Characteristics |= FILE_DEVICE_SECURE_OPEN;
    (*fltobj)->Flags |=  DO_POWER_PAGABLE;
    // 绑定到另一个设备上
    topdev = IoAttachDeviceToDeviceStack(*fltobj,oldobj);
    if (topdev == NULL)
    {
        // 如果绑定失败了,销毁设备
        IoDeleteDevice(*fltobj);
        *fltobj = NULL;
        status = STATUS_UNSUCCESSFUL;
        return status;
    }
    *next = topdev;

    // 设置这个设备已经启动。
    (*fltobj)->Flags = (*fltobj)->Flags & ~DO_DEVICE_INITIALIZING;
    return STATUS_SUCCESS;
}

// 绑定所有串口。
void ccpAttachAllComs(PDRIVER_OBJECT driver)
{
    ULONG i;
    PDEVICE_OBJECT com_ob;
    NTSTATUS status;

    for(i = 0;i<CCP_MAX_COM_ID;i++)
    {
       
        com_ob = ccpOpenCom(i,&status);
        if(com_ob == NULL)
            continue;
        // 绑定串口
        ccpAttachDevice(driver,com_ob,&s_fltobj[i],&s_nextobj[i]);
       
    }
}

#define  DELAY_ONE_MICROSECOND  (-10)
#define  DELAY_ONE_MILLISECOND (DELAY_ONE_MICROSECOND*1000)
#define  DELAY_ONE_SECOND (DELAY_ONE_MILLISECOND*1000)

void ccpUnload(PDRIVER_OBJECT drv)
{
    ULONG i;
    LARGE_INTEGER interval;

    // 解除绑定
    for(i=0;i<CCP_MAX_COM_ID;i++)
    {
        if(s_nextobj[i] != NULL)
            IoDetachDevice(s_nextobj[i]);
    }
   
    // 睡眠5秒。等待所有irp处理结束
    interval.QuadPart = (5*1000 * DELAY_ONE_MILLISECOND);       
    KeDelayExecutionThread(KernelMode,FALSE,&interval);
   
    // 删除这些设备
    for(i=0;i<CCP_MAX_COM_ID;i++)
    {
        if(s_fltobj[i] != NULL)
            IoDeleteDevice(s_fltobj[i]);
    }
}


NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
{
    size_t i;

    // 所有的分发函数都设置成一样
    for(i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++)
    {
        driver->MajorFunction[i] = ccpDispatch;
    }
   
   
    driver->DriverUnload = ccpUnload;
   
    // 绑定所有的串口。
    ccpAttachAllComs(driver);
   
   
    return STATUS_SUCCESS;
}








[ 本帖最后由 WDMfans 于 2010-9-22 06:21 编辑 ]
搜索更多相关主题的帖子: int 例子 
2010-09-22 06:00
WDMfans
Rank: 3Rank: 3
等 级:论坛游侠
帖 子:86
专家分:168
注 册:2010-9-19
收藏
得分:0 
程序代码:
first!ccpDispatch://汇编代码中明明有 int 3
f9f007d0 8bff            mov     edi,edi
f9f007d2 55              push    ebp
f9f007d3 8bec            mov     ebp,esp
f9f007d5 83ec1c          sub     esp,1Ch
f9f007d8 8b450c          mov     eax,dword ptr [ebp+0Ch]
f9f007db 50              push    eax
f9f007dc e88f010000      call    first!IoGetCurrentIrpStackLocation (f9f00970)
f9f007e1 8945f8          mov     dword ptr [ebp-8],eax
f9f007e4 cc              int     3
在驱动启动时,非派遣函数 windbg都能截获 int 3
按道理,VM中的xp 必然会挂起,可它却正常运行
2010-09-22 06:54
快速回复:独钓寒江第2个例子,int 3 怎么没执行
数据加载中...
 
   



关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.034751 second(s), 8 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved