aravind_tj
September 4th, 2004, 02:59 AM
Hi all,
I am developing a Filesystem filter driver to intercept all the file system calls like Read and Write operations. I am using Windows 2000 Professioanl, VC++ 6 and DDK - Windows 2000. Now, In DriverEntry module, I am assigning the AddDevice module like this:
NTSTATUS FilterAddDevice (IN PDRIVER_OBJECT DriverObject,
IN PDEVICE_OBJECT DeviceObject);
DriverObject->DriverExtension->AddDevice = FilterAddDevice;
My FilterAddDevice is:
#define NT_DEVICE_NAME L"\\Device\\C:"
#define DOS_DEVICE_NAME L"\\DosDevices\\FilterDriver"
NTSTATUS FilterAddDevice (
IN PDRIVER_OBJECT DriverObject,
IN PDEVICE_OBJECT DeviceObject
)
{
NTSTATUS status = STATUS_SUCCESS;
PDEVICE_OBJECT pFilterDevObj;
PDEVICE_EXTENSION pDevExt;
UNICODE_STRING deviceNameUnicodeString;
UNICODE_STRING deviceLinkUnicodeString;
LogEvent(1111, DeviceObject, L"\nInside Add Device.\n");
RtlInitUnicodeString(&deviceNameUnicodeString, NT_DEVICE_NAME);
// Create the un-named filter device
status =IoCreateDevice( DriverObject,
sizeof(DEVICE_EXTENSION),
&deviceNameUnicodeString, // Device name
FILE_DEVICE_UNKNOWN,
0, TRUE,
&pFilterDevObj
);
if (!NT_SUCCESS(status))
{
LogEvent(status, DeviceObject, L"\nError in IoCreatDevice.\n");
return status;
}
RtlInitUnicodeString(&deviceLinkUnicodeString, DOS_DEVICE_NAME);
status = IoCreateSymbolicLink(&deviceLinkUnicodeString, &deviceNameUnicodeString);
// Initialize the Device Extension
pDevExt = (PDEVICE_EXTENSION) pFilterDevObj->DeviceExtension;
pDevExt->pDevice = pFilterDevObj; // back pointer
pDevExt->driver_state = Started;
// Pile this new filter on top of the existing target downward pointer
pDevExt->pTargetDevice= IoAttachDeviceToDeviceStack( pFilterDevObj, DeviceObject);
// Copy the characteristics of the target into the
// the new filter device object
pFilterDevObj->DeviceType = pDevExt->pTargetDevice->DeviceType;
pFilterDevObj->Characteristics = pDevExt->pTargetDevice->Characteristics;
pFilterDevObj->Flags |= ( pDevExt->pTargetDevice->Flags &
( DO_BUFFERED_IO | DO_DIRECT_IO |
DO_POWER_INRUSH | DO_POWER_PAGABLE));
// Initialize Event Logging counters:
pDevExt->IrpRetryCount = 0;
pDevExt->IrpSequenceNumber = 0;
// Explore the limitations of the target device's
// buffer. Save the results in the bufferInfo struct
// GetBufferLimits( pDevExt->pTargetDevice, &pDevExt->bufferInfo );
// Clear the Device Initializing bit since the FDO was created
// outside of DriverEntry.
pFilterDevObj->Flags &= ~DO_DEVICE_INITIALIZING;
// Made it
return status;
}
My LogEvent Code is: [ To write log in the System Log.]
// Writing Log Event to the System Log Event.
VOID LogEvent(NTSTATUS code, PDEVICE_OBJECT DeviceObject, PWSTR message)
{
PIO_ERROR_LOG_PACKET errorPacket;
ULONG packetlen = (wcslen(message) + 1) * sizeof(WCHAR) + sizeof(IO_ERROR_LOG_PACKET) + 4;
if (packetlen > ERROR_LOG_MAXIMUM_SIZE)
{
return; // packet will be too big
}
errorPacket = (PIO_ERROR_LOG_PACKET) IoAllocateErrorLogEntry(
DeviceObject,
(UCHAR) packetlen);
if (!errorPacket)
{
return; // Can't allocate memory for the error packet
}
memset(errorPacket, 0, sizeof(IO_ERROR_LOG_PACKET));
errorPacket->MajorFunctionCode = IRP_MJ_PNP;
errorPacket->ErrorCode = code; // Error Code
errorPacket->DumpDataSize = 3;
errorPacket->DumpData[0] = 0x1A2A3A;
errorPacket->StringOffset = sizeof(IO_ERROR_LOG_PACKET) +
errorPacket->DumpDataSize -
sizeof(ULONG);
errorPacket->NumberOfStrings = 1;
wcscpy((PWSTR) ((PUCHAR) errorPacket + errorPacket->StringOffset), message);
IoWriteErrorLogEntry(errorPacket);
}
Now, Whenever, I start my driver using DrvLoader from CodeProjects.com tool, the system shows some bluescreen and restarts.
Can any of you tell what is the proble in the code? If you give me any other filter driver for file system, it will be very helpful to me.
Thanks in advance.
I am developing a Filesystem filter driver to intercept all the file system calls like Read and Write operations. I am using Windows 2000 Professioanl, VC++ 6 and DDK - Windows 2000. Now, In DriverEntry module, I am assigning the AddDevice module like this:
NTSTATUS FilterAddDevice (IN PDRIVER_OBJECT DriverObject,
IN PDEVICE_OBJECT DeviceObject);
DriverObject->DriverExtension->AddDevice = FilterAddDevice;
My FilterAddDevice is:
#define NT_DEVICE_NAME L"\\Device\\C:"
#define DOS_DEVICE_NAME L"\\DosDevices\\FilterDriver"
NTSTATUS FilterAddDevice (
IN PDRIVER_OBJECT DriverObject,
IN PDEVICE_OBJECT DeviceObject
)
{
NTSTATUS status = STATUS_SUCCESS;
PDEVICE_OBJECT pFilterDevObj;
PDEVICE_EXTENSION pDevExt;
UNICODE_STRING deviceNameUnicodeString;
UNICODE_STRING deviceLinkUnicodeString;
LogEvent(1111, DeviceObject, L"\nInside Add Device.\n");
RtlInitUnicodeString(&deviceNameUnicodeString, NT_DEVICE_NAME);
// Create the un-named filter device
status =IoCreateDevice( DriverObject,
sizeof(DEVICE_EXTENSION),
&deviceNameUnicodeString, // Device name
FILE_DEVICE_UNKNOWN,
0, TRUE,
&pFilterDevObj
);
if (!NT_SUCCESS(status))
{
LogEvent(status, DeviceObject, L"\nError in IoCreatDevice.\n");
return status;
}
RtlInitUnicodeString(&deviceLinkUnicodeString, DOS_DEVICE_NAME);
status = IoCreateSymbolicLink(&deviceLinkUnicodeString, &deviceNameUnicodeString);
// Initialize the Device Extension
pDevExt = (PDEVICE_EXTENSION) pFilterDevObj->DeviceExtension;
pDevExt->pDevice = pFilterDevObj; // back pointer
pDevExt->driver_state = Started;
// Pile this new filter on top of the existing target downward pointer
pDevExt->pTargetDevice= IoAttachDeviceToDeviceStack( pFilterDevObj, DeviceObject);
// Copy the characteristics of the target into the
// the new filter device object
pFilterDevObj->DeviceType = pDevExt->pTargetDevice->DeviceType;
pFilterDevObj->Characteristics = pDevExt->pTargetDevice->Characteristics;
pFilterDevObj->Flags |= ( pDevExt->pTargetDevice->Flags &
( DO_BUFFERED_IO | DO_DIRECT_IO |
DO_POWER_INRUSH | DO_POWER_PAGABLE));
// Initialize Event Logging counters:
pDevExt->IrpRetryCount = 0;
pDevExt->IrpSequenceNumber = 0;
// Explore the limitations of the target device's
// buffer. Save the results in the bufferInfo struct
// GetBufferLimits( pDevExt->pTargetDevice, &pDevExt->bufferInfo );
// Clear the Device Initializing bit since the FDO was created
// outside of DriverEntry.
pFilterDevObj->Flags &= ~DO_DEVICE_INITIALIZING;
// Made it
return status;
}
My LogEvent Code is: [ To write log in the System Log.]
// Writing Log Event to the System Log Event.
VOID LogEvent(NTSTATUS code, PDEVICE_OBJECT DeviceObject, PWSTR message)
{
PIO_ERROR_LOG_PACKET errorPacket;
ULONG packetlen = (wcslen(message) + 1) * sizeof(WCHAR) + sizeof(IO_ERROR_LOG_PACKET) + 4;
if (packetlen > ERROR_LOG_MAXIMUM_SIZE)
{
return; // packet will be too big
}
errorPacket = (PIO_ERROR_LOG_PACKET) IoAllocateErrorLogEntry(
DeviceObject,
(UCHAR) packetlen);
if (!errorPacket)
{
return; // Can't allocate memory for the error packet
}
memset(errorPacket, 0, sizeof(IO_ERROR_LOG_PACKET));
errorPacket->MajorFunctionCode = IRP_MJ_PNP;
errorPacket->ErrorCode = code; // Error Code
errorPacket->DumpDataSize = 3;
errorPacket->DumpData[0] = 0x1A2A3A;
errorPacket->StringOffset = sizeof(IO_ERROR_LOG_PACKET) +
errorPacket->DumpDataSize -
sizeof(ULONG);
errorPacket->NumberOfStrings = 1;
wcscpy((PWSTR) ((PUCHAR) errorPacket + errorPacket->StringOffset), message);
IoWriteErrorLogEntry(errorPacket);
}
Now, Whenever, I start my driver using DrvLoader from CodeProjects.com tool, the system shows some bluescreen and restarts.
Can any of you tell what is the proble in the code? If you give me any other filter driver for file system, it will be very helpful to me.
Thanks in advance.