ObReferenceObjectByHandle 错误检查、内存访问冲突
我正在开发一个动态禁用键盘的项目。我编写了一个驱动程序,尝试获取键盘物理设备对象,然后用它调用 IoInvalidateDeviceState,但我在获取其物理设备对象时遇到问题。每当我尝试使用设备对象的句柄调用 ObReferenceObjectByHandle 时,就会发生错误检查,并且错误是内存访问冲突。这是我的源代码:
#include "ntifs.h"
#include "wdm.h"
#include "ntstrsafe.h"
#pragma comment(lib, "ntstrsafe.lib")
VOID DriverUnloadRoutine(__in PDRIVER_OBJECT DriverObject);
DRIVER_INITIALIZE DriverEntry;
NTSTATUS DriverEntry(
__in struct _DRIVER_OBJECT *DriverObject,
__in PUNICODE_STRING RegistryPath
)
{
UNICODE_STRING keybdname;
FILE_OBJECT * keybdfo;
DEVICE_OBJECT * keybddo;
HANDLE hpdo;
FILE_OBJECT * pdofo;
DEVICE_OBJECT * pdo;
DriverObject->DriverUnload = DriverUnloadRoutine;
RtlInitUnicodeString(&keybdname,L"\\Device\\KeyboardClass0");
IoGetDeviceObjectPointer(&keybdname,GENERIC_ALL,&keybdfo,&keybddo);
ObOpenObjectByPointer(&keybddo,OBJ_KERNEL_HANDLE,0,0,0,KernelMode,&hpdo);
ObReferenceObjectByHandle(hpdo,FILE_ALL_ACCESS,*IoFileObjectType,KernelMode,&pdofo,NULL);
pdo = IoGetRelatedDeviceObject(&pdofo);
IoInvalidateDeviceState(&pdo);
return 0;
}
VOID DriverUnloadRoutine(
__in PDRIVER_OBJECT DriverObject
)
{
}
我意识到这可能不是实现此目的的最佳方法(甚至可能是最糟糕的方法),但我知道的唯一两种方法是拔下键盘或安装过滤器驱动程序,这需要重新启动。如果有其他方法可以做到这一点,请告诉我那就太好了。预先感谢您的帮助!
I am working on a project to dynamically disable the keyboard. I have written a driver which attempts to obtain the keyboards physical device object then call IoInvalidateDeviceState with it but I am having a problem getting its physical device object. Whenever I try to call ObReferenceObjectByHandle with the handle to the device object, a bugcheck occurs and the error is a memory access violation. Here is my source code:
#include "ntifs.h"
#include "wdm.h"
#include "ntstrsafe.h"
#pragma comment(lib, "ntstrsafe.lib")
VOID DriverUnloadRoutine(__in PDRIVER_OBJECT DriverObject);
DRIVER_INITIALIZE DriverEntry;
NTSTATUS DriverEntry(
__in struct _DRIVER_OBJECT *DriverObject,
__in PUNICODE_STRING RegistryPath
)
{
UNICODE_STRING keybdname;
FILE_OBJECT * keybdfo;
DEVICE_OBJECT * keybddo;
HANDLE hpdo;
FILE_OBJECT * pdofo;
DEVICE_OBJECT * pdo;
DriverObject->DriverUnload = DriverUnloadRoutine;
RtlInitUnicodeString(&keybdname,L"\\Device\\KeyboardClass0");
IoGetDeviceObjectPointer(&keybdname,GENERIC_ALL,&keybdfo,&keybddo);
ObOpenObjectByPointer(&keybddo,OBJ_KERNEL_HANDLE,0,0,0,KernelMode,&hpdo);
ObReferenceObjectByHandle(hpdo,FILE_ALL_ACCESS,*IoFileObjectType,KernelMode,&pdofo,NULL);
pdo = IoGetRelatedDeviceObject(&pdofo);
IoInvalidateDeviceState(&pdo);
return 0;
}
VOID DriverUnloadRoutine(
__in PDRIVER_OBJECT DriverObject
)
{
}
I realize this is probably not the best way to accomplish this (maybe even the worst), but the only two other ways I know of are unplugging the keyboard or installing a filter driver, which would require a reboot. If there is another way to do this, informing me of it would be great. Thanks in advance for the help!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我的猜测是,您正在调用的函数之一确实返回错误值,并且没有填写相应的结构。
我将通过查看 SetupApi 或 CfgMgr32 函数来禁用键盘。
“devcon”wdk 示例应包含从用户模式禁用设备的代码。
My guess would be, that one of your functions you are calling does return a error value, and does not fill out the according structure.
I would go about disabling the keyboard by looking at the SetupApi or the CfgMgr32 functions.
The "devcon" wdk sample should contain the code to disable a device from user mode.