如何在 windows NT 驱动程序中获取符号 link 名称?
How can I get symbol link name in windows NT driver?
我正在编写一个 windows nt 驱动程序。我定义了一个 DEVICE_EXTENSION
typedef struct _DEVICE_EXTENSION {
PDEVICE_OBJECT pDevice;
UNICODE_STRING ustrDeviceName;
UNICODE_STRING ustrSymLinkName;
} DEVICE_EXTENSION, *PDEVICE_EXTENSION;
然后我创建了一个设备,
status = IoCreateDevice(pDriverObject,
sizeof(DEVICE_EXTENSION),
&devName,
FILE_DEVICE_UNKNOWN,
0, TRUE,
&pDevObj);
if (!NT_SUCCESS(status))
{
DbgPrint("CreateDevice Error...\n");
return status;
}
pDevObj->Flags |= DO_BUFFERED_IO;
pDevExt = (PDEVICE_EXTENSION)pDevObj->DeviceExtension;
pDevExt->pDevice = pDevObj;
pDevExt->ustrDeviceName = devName;
UNICODE_STRING symLinkName;
RtlInitUnicodeString(&symLinkName, DOS_DEVICE_NAME);
pDevExt->ustrSymLinkName = symLinkName;
status = IoCreateSymbolicLink(&symLinkName, &devName);
你可以看到,我把symLinkName存入了DEVICE_EXTENSIONpDevExt。当它从设备上卸载时,我读到这个 symLinkName
NTSTATUS status;
PDEVICE_OBJECT pNextObj;
DbgPrint(("Enter DriverUnload\n"));
pNextObj = pDriverObject->DeviceObject;
UNICODE_STRING pLinkName;
while (pNextObj != NULL)
{
PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)pNextObj->DeviceExtension;
RtlCopyUnicodeString(&pLinkName, &(pDevExt->ustrSymLinkName));
DbgPrint("Start delete symlinkname %wZ ...\n", &pLinkName);n // meet a error
status = IoDeleteSymbolicLink(&pLinkName);
if (!NT_SUCCESS(status))
{
DbgPrint("Delete SymbolLink Error\n");
goto finish;
}
pNextObj = pNextObj->NextDevice;
IoDeleteDevice(pDevExt->pDevice);
}
在执行IoDeleteSymbolicLink之前,我想打印这个pLinkName,但是我遇到了一个错误。
为了解决这个问题,我尝试了很多方法。
while (pNextObj != NULL)
{
PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)pNextObj->DeviceExtension;
// RtlCopyUnicodeString(&pLinkName, &(pDevExt->ustrSymLinkName));
RtlInitUnicodeString(&pLinkName, DOS_DEVICE_NAME);
DbgPrint("Start delete symlinkname %wZ ...\n", &pLinkName);
status = IoDeleteSymbolicLink(&pLinkName);
if (!NT_SUCCESS(status))
{
DbgPrint("Delete SymbolLink Error\n");
goto finish;
}
pNextObj = pNextObj->NextDevice;
IoDeleteDevice(pDevExt->pDevice);
}
这会执行成功,但我不知道为什么会这样。
我猜您在代码中使用了这个 #pragma alloc_text(INIT, DriverEntry)。如果是这样,这是解释:
/*
* These compiler directives tell the Operating System how to load the
* driver into memory. The "INIT" section is discardable as you only
* need the driver entry upon initialization, then it can be discarded.
*
*/
加载后,INIT sesison 将被丢弃,如果您的 pDevExt->ustrSymLinkName 数据在该会话中,则该数据已被释放。您可以删除所有 #pragma alloc_text 以避免此问题。
我正在编写一个 windows nt 驱动程序。我定义了一个 DEVICE_EXTENSION
typedef struct _DEVICE_EXTENSION {
PDEVICE_OBJECT pDevice;
UNICODE_STRING ustrDeviceName;
UNICODE_STRING ustrSymLinkName;
} DEVICE_EXTENSION, *PDEVICE_EXTENSION;
然后我创建了一个设备,
status = IoCreateDevice(pDriverObject,
sizeof(DEVICE_EXTENSION),
&devName,
FILE_DEVICE_UNKNOWN,
0, TRUE,
&pDevObj);
if (!NT_SUCCESS(status))
{
DbgPrint("CreateDevice Error...\n");
return status;
}
pDevObj->Flags |= DO_BUFFERED_IO;
pDevExt = (PDEVICE_EXTENSION)pDevObj->DeviceExtension;
pDevExt->pDevice = pDevObj;
pDevExt->ustrDeviceName = devName;
UNICODE_STRING symLinkName;
RtlInitUnicodeString(&symLinkName, DOS_DEVICE_NAME);
pDevExt->ustrSymLinkName = symLinkName;
status = IoCreateSymbolicLink(&symLinkName, &devName);
你可以看到,我把symLinkName存入了DEVICE_EXTENSIONpDevExt。当它从设备上卸载时,我读到这个 symLinkName
NTSTATUS status;
PDEVICE_OBJECT pNextObj;
DbgPrint(("Enter DriverUnload\n"));
pNextObj = pDriverObject->DeviceObject;
UNICODE_STRING pLinkName;
while (pNextObj != NULL)
{
PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)pNextObj->DeviceExtension;
RtlCopyUnicodeString(&pLinkName, &(pDevExt->ustrSymLinkName));
DbgPrint("Start delete symlinkname %wZ ...\n", &pLinkName);n // meet a error
status = IoDeleteSymbolicLink(&pLinkName);
if (!NT_SUCCESS(status))
{
DbgPrint("Delete SymbolLink Error\n");
goto finish;
}
pNextObj = pNextObj->NextDevice;
IoDeleteDevice(pDevExt->pDevice);
}
在执行IoDeleteSymbolicLink之前,我想打印这个pLinkName,但是我遇到了一个错误。
while (pNextObj != NULL)
{
PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)pNextObj->DeviceExtension;
// RtlCopyUnicodeString(&pLinkName, &(pDevExt->ustrSymLinkName));
RtlInitUnicodeString(&pLinkName, DOS_DEVICE_NAME);
DbgPrint("Start delete symlinkname %wZ ...\n", &pLinkName);
status = IoDeleteSymbolicLink(&pLinkName);
if (!NT_SUCCESS(status))
{
DbgPrint("Delete SymbolLink Error\n");
goto finish;
}
pNextObj = pNextObj->NextDevice;
IoDeleteDevice(pDevExt->pDevice);
}
这会执行成功,但我不知道为什么会这样。
我猜您在代码中使用了这个 #pragma alloc_text(INIT, DriverEntry)。如果是这样,这是解释:
/*
* These compiler directives tell the Operating System how to load the
* driver into memory. The "INIT" section is discardable as you only
* need the driver entry upon initialization, then it can be discarded.
*
*/
加载后,INIT sesison 将被丢弃,如果您的 pDevExt->ustrSymLinkName 数据在该会话中,则该数据已被释放。您可以删除所有 #pragma alloc_text 以避免此问题。