我想为文件系统编写微筛选器驱动程序,我在.sys文件中编译了代码(
没有错误),但是在安装之后,我在DbgView中看不到日志。但是可以在设备树程序中看到过滤器。请告诉我我有什么问题。谢谢。
#pragma once
#include <FltKernel.h>
#include <ntddk.h>
#include <dontuse.h>
#include <suppress.h>
#include <stdio.h>
#include <ntstrsafe.h>
FLT_POSTOP_CALLBACK_STATUS PostFileOperationCallback ( IN OUT PFLT_CALLBACK_DATA Data,
IN PCFLT_RELATED_OBJECTS FltObjects,
IN PVOID CompletionContext,
IN FLT_POST_OPERATION_FLAGS Flags);
FLT_PREOP_CALLBACK_STATUS
PreFileOperationCallback (
__inout PFLT_CALLBACK_DATA Data,
__in PCFLT_RELATED_OBJECTS FltObjects,
__deref_out_opt PVOID *CompletionContext
);
NTSTATUS FilterUnload ( IN FLT_FILTER_UNLOAD_FLAGS Flags );
NTSTATUS FilterLoad (IN PCFLT_RELATED_OBJECTS FltObjects,
IN FLT_INSTANCE_SETUP_FLAGS Flags,
IN DEVICE_TYPE VolumeDeviceType,
IN FLT_FILESYSTEM_TYPE VolumeFilesystemType);
typedef struct _MINIFILTER
{
PDRIVER_OBJECT pDriverObject;
PFLT_FILTER pFilter;
} MINIFILTER, *PMINIFILTER;
const FLT_OPERATION_REGISTRATION Callbacks[] = {
{ IRP_MJ_CREATE,
0,
PreFileOperationCallback,
PostFileOperationCallback },
{ IRP_MJ_OPERATION_END }
};
const FLT_CONTEXT_REGISTRATION Contexts[] = {
{ FLT_CONTEXT_END }
};
CONST FLT_REGISTRATION FilterRegistration = {
sizeof( FLT_REGISTRATION ), // Size
FLT_REGISTRATION_VERSION, // Version
0, // Flags
Contexts, // Context
Callbacks, // Operation callbacks
FilterUnload, // FilterUnload
FilterLoad, // InstanceSetup
NULL, // InstanceQueryTeardown
NULL, // InstanceTeardownStart
NULL, // InstanceTeardownComplete
NULL, // GenerateFileName
NULL // NormalizeNameComponent
};
MINIFILTER fileManager;
NTSTATUS FilterLoad (IN PCFLT_RELATED_OBJECTS FltObjects,
IN FLT_INSTANCE_SETUP_FLAGS Flags,
IN DEVICE_TYPE VolumeDeviceType,
IN FLT_FILESYSTEM_TYPE VolumeFilesystemType)
{
DbgPrint("12313");
if (VolumeDeviceType == FILE_DEVICE_NETWORK_FILE_SYSTEM) {
return STATUS_FLT_DO_NOT_ATTACH;
}
return STATUS_SUCCESS;
}
NTSTATUS FilterUnload ( IN FLT_FILTER_UNLOAD_FLAGS Flags )
{
return STATUS_SUCCESS;
}
FLT_PREOP_CALLBACK_STATUS
PreFileOperationCallback (
__inout PFLT_CALLBACK_DATA Data,
__in PCFLT_RELATED_OBJECTS FltObjects,
__deref_out_opt PVOID *CompletionContext
)
{
NTSTATUS status;
PFILE_OBJECT FileObject;
FLT_PREOP_CALLBACK_STATUS returnStatus = FLT_PREOP_SUCCESS_NO_CALLBACK;
/* If this is a callback for a FS Filter driver then we ignore the event */
if(FLT_IS_FS_FILTER_OPERATION(Data))
{
return FLT_PREOP_SUCCESS_NO_CALLBACK;
}
if (FltObjects->FileObject != NULL && Data != NULL) {
FileObject = Data->Iopb->TargetFileObject;
if(FileObject != NULL && Data->Iopb->MajorFunction == IRP_MJ_CREATE)
{
DbgPrint("MiniFilter: YES!!!");
}
}
return FLT_PREOP_SUCCESS_NO_CALLBACK;
}
FLT_POSTOP_CALLBACK_STATUS PostFileOperationCallback ( IN OUT PFLT_CALLBACK_DATA Data,
IN PCFLT_RELATED_OBJECTS FltObjects,
IN PVOID CompletionContext,
IN FLT_POST_OPERATION_FLAGS Flags)
{
return FLT_POSTOP_FINISHED_PROCESSING;
}
//////////////////////////////////////////////////////////////
/*
* обработчик-заглушка
*/
NTSTATUS
OnStubDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest (Irp,
IO_NO_INCREMENT
);
return Irp->IoStatus.Status;
}
VOID OnUnload( IN PDRIVER_OBJECT DriverObject )
{
FltUnregisterFilter(fileManager.pFilter);
DbgPrint("MiniFilter: Unloaded");
}
NTSTATUS DriverEntry( IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRING theRegistryPath )
{
int i;
NTSTATUS status;
PCHAR ConfigInfo;
UNICODE_STRING test;
DbgPrint("MiniFilter: Started.");
// Register a dispatch function
for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
{
theDriverObject->MajorFunction[i] = OnStubDispatch;
}
theDriverObject->DriverUnload = OnUnload;
fileManager.pDriverObject = theDriverObject;
status = FltRegisterFilter(theDriverObject, &FilterRegistration, &fileManager.pFilter);
if (!NT_SUCCESS(status))
{
DbgPrint("MiniFilter: Driver not started. ERROR FltRegisterFilter - %08x\n", status);
return status;
}
status = FltStartFiltering( fileManager.pFilter );
if (!NT_SUCCESS( status )) {
FltUnregisterFilter( fileManager.pFilter );
DbgPrint("MiniFilter: Driver not started. ERROR FltStartFiltering - %08x\n", status);
return status;
}
DbgPrint("MiniFilter: Filter was started and configured.");
return STATUS_SUCCESS;
}
最佳答案
status = FltEnumerateVolumes(fileManager.pFilter, NULL, 0, &NumberofVolumes);
buffer = ExAllocatePool(PagedPool,1024);
if(buffer != NULL)
{
for(i = 0; i < NumberofVolumes; i++)
{
status = FltEnumerateVolumeInformation(fileManager.pFilter, i, FilterVolumeBasicInformation, buffer, 1024, &NumberofVolumes2);
pFilterInfo = (PFILTER_VOLUME_BASIC_INFORMATION)buffer;
uStrVolume.Length = (USHORT)pFilterInfo->FilterVolumeNameLength;
uStrVolume.MaximumLength = uStrVolume.Length;
uStrVolume.Buffer = &pFilterInfo->FilterVolumeName[0];
if(NT_SUCCESS(status)){
status = FltGetVolumeFromName(fileManager.pFilter, &uStrVolume, &pFLTVolume);
if(NT_SUCCESS(status)){
status = FltAttachVolume(fileManager.pFilter, pFLTVolume, NULL, NULL);
DbgPrint("Attached Volume Successfully.................... \n");
FltObjectDereference(pFLTVolume);
}
}
}
ExFreePool(buffer);
}