当前位置: 文江博客话题详情

迷你过滤器驱动程序。过滤器安装问题

发布于 2024-11-06 11:25:00 字数 2278 浏览 1 评论 0原文

我正在开发一个 miniFilter 驱动程序并采用了 Microsoft 的 SwapBuffers 迷你过滤器为例。 默认情况下,InstaceSetup 例程会附加到所有卷。但我不想 附加到所有这些,仅附加到某些选定的...

我尝试在“FLT_REGISTRATION”中设置“NULL”而不是“InstanceSetup” FilterRegistration”,然后在“DriverEntry”中调用“FltAttachVolume” 例行公事。我已经完成了以下操作:

PFLT_VOLUME vol; UNICODE_STRING vname; .... RtlInitUnicodeString(&vname, L"E:\"); FltGetVolumeFromName(gFilterHandle, &vname, &vol); ... FltAttachVolume(gFilterHandle, vol, NULL, NULL); ...

当我尝试使用“NULL”3-d 参数调用 FltAttachVolume 时 (PCUNICODE_STRING InstanceName) 我收到了 “STATUS_FLT_INSTANCE_NAME_COLLISION”错误。

如果我使用“NOT NULL”3-d 参数调用 FltAttachVolume,例如 “UniqueInstaceName”它返回我“-2145452013”​​

当我尝试使用附加卷时,我收到了相同的错误 我的用户应用程序中的 FilterAttach 例程,如下所示:

... driver.driverName = L“swapBuffers”; ... LPCWSTR vname = L"F:\"; ... FilterAttach(driver.driverName, vname, NULL, NULL, NULL);

使用“NULL”3-d 参数(LPCWSTR lpInstanceName): “ERROR_FLT_INSTANCE_NAME_COLLISION”

“NOT-NULL”:“-2145452013”​​

在 MiniSpy miniFilter 中有一个 User 应用程序,以及例程 FilterAttach 被使用。我尝试以同样的方式在我的应用程序中调用此例程 - 不 结果。

最后,我更改了 swapBuffers inf 文件:

  • 没有 DefaultInstance 参数,我将其设置为:“SwapBuffers - Top 实例”。

  • 我还从 MiniSpy inf 文件复制了这个:

    [MiniFilter.AddRegistry] HKR,"实例","DefaultInstance",0x00000000,%DefaultInstance% HKR,“实例\”%Instance1.Name%,“海拔”,0x00000000,%Instance1.Altitude% HKR,“实例\”%Instance1.Name%,“标志”,0x00010001,%Instance1.Flags% HKR,“实例\”%Instance2.Name%,“海拔”,0x00000000,%Instance2.Altitude% HKR,“实例\”%Instance2.Name%,“标志”,0x00010001,%Instance2.Flags% HKR,“实例\”%Instance3.Name%,“海拔”,0x00000000,%Instance3.Altitude% HKR,“实例\”%Instance3.Name%,“标志”,0x00010001,%Instance3.Flags%

    ............ Instance1.Name =“SwapBuffers - 中间实例” Instance1.Altitude = "370000" Instance1.Flags = 0x1 ;禁止自动附件 Instance2.Name =“SwapBuffers - 底部实例” Instance2.Altitude = "361000" Instance2.Flags = 0x1 ;禁止自动附件 Instance3.Name =“SwapBuffers - 顶级实例” Instance3.Altitude = "385100" Instance3.Flags = 0x1 ;抑制自动附件

将标志更改为 0x1 以抑制自动附件。 并且仅通过此 Inf 文件安装我的 SwapBuffers miniFilter,我收到 “STATUS_SUCCESS” 来自我的驱动程序中的 FltAttachVolume 例程。但事实并非如此 附加到磁盘...

我做错了什么? 谢谢。

原文

I'm developing a miniFilter driver and took the Microsoft's SwapBuffers
miniFilter as example.
An InstaceSetup routin by default is attaching to all volumes. But I don't want
to attach to all of them, only to some choosen...

I tried to set "NULL" instead of "InstanceSetup" in "FLT_REGISTRATION
FilterRegistration" and then to call "FltAttachVolume" in the "DriverEntry"
routin. I've done the following:

PFLT_VOLUME vol;
UNICODE_STRING vname;
....
RtlInitUnicodeString(&vname, L"E:\");
FltGetVolumeFromName(gFilterHandle, &vname, &vol);
...
FltAttachVolume(gFilterHandle, vol, NULL, NULL);
...

When i tried to call FltAttachVolume with the "NULL" 3-d parameter
(PCUNICODE_STRING InstanceName) i received a
"STATUS_FLT_INSTANCE_NAME_COLLISION" error.

If i call FltAttachVolume with a "NOT NULL" 3-d parameter, such as a
"UniqueInstaceName" it returns me "-2145452013".

I'm receiving the same errors, when i,m trying to attach a volume, using a
FilterAttach routine from my User application, like this:

...
driver.driverName = L"swapBuffers";
...
LPCWSTR vname = L"F:\";
...
FilterAttach(driver.driverName, vname, NULL, NULL, NULL);

With "NULL" 3-d parameter (LPCWSTR lpInstanceName):
"ERROR_FLT_INSTANCE_NAME_COLLISION"

With "NOT-NULL": "-2145452013".

In MiniSpy miniFilter there is a User application, and the routine FilterAttach
is used. I tried to call this routine in my application the same way - no
results.

Finally, i changed the swapBuffers inf-file:

  • there was no DefaultInstance parameter, i set it: "SwapBuffers - Top
    Instance".

  • also i copied this from the MiniSpy inf-file:

    [MiniFilter.AddRegistry]
    HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
    HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
    HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
    HKR,"Instances\"%Instance2.Name%,"Altitude",0x00000000,%Instance2.Altitude%
    HKR,"Instances\"%Instance2.Name%,"Flags",0x00010001,%Instance2.Flags%
    HKR,"Instances\"%Instance3.Name%,"Altitude",0x00000000,%Instance3.Altitude%
    HKR,"Instances\"%Instance3.Name%,"Flags",0x00010001,%Instance3.Flags%

    .............
    Instance1.Name = "SwapBuffers - Middle Instance"
    Instance1.Altitude = "370000"
    Instance1.Flags = 0x1 ; Suppress automatic attachments
    Instance2.Name = "SwapBuffers - Bottom Instance"
    Instance2.Altitude = "361000"
    Instance2.Flags = 0x1 ; Suppress automatic attachments
    Instance3.Name = "SwapBuffers - Top Instance"
    Instance3.Altitude = "385100"
    Instance3.Flags = 0x1 ; Suppress automatic attachments

changing the flags to 0x1 to suppress automatic attachments.
And only installing my SwapBuffers miniFilter through this Inf file, i received
"STATUS_SUCCESS" from FltAttachVolume routine in my driver. But it isn't really
attaching to the disk...

What am i doing wrong?
Thanks.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

御弟哥哥 2024-11-13 11:25:00
Instance1.Flags = 0x1

那很好。
我有一些类似的代码并且工作正常。

status = FltRegisterFilter( DriverObject,
                            &FilterRegistration,
                            &gFilterHandle );

FLT_ASSERT( NT_SUCCESS( status ) );

if (NT_SUCCESS( status )) {
    PSECURITY_DESCRIPTOR sd;
    OBJECT_ATTRIBUTES oa;
    UNICODE_STRING uniString;

    status = FltBuildDefaultSecurityDescriptor(&sd,
        FLT_PORT_ALL_ACCESS);

    if (!NT_SUCCESS(status)) {
        return status;
    }

    RtlInitUnicodeString(&uniString, PORT_NAME);

    InitializeObjectAttributes(&oa,
        &uniString,
        OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
        NULL,
        sd);

    status = FltCreateCommunicationPort(gFilterHandle,
        &gServerPort,
        &oa,
        NULL,
        Connect,
        Disconnect,
        Message,
        1);

    FltFreeSecurityDescriptor(sd);

    BREAK_HERE(); // DbgBreak() macro

    //
    //  Start filtering i/o
    //

    status = FltStartFiltering(gFilterHandle);

    if (!NT_SUCCESS(status)) {

        FltUnregisterFilter(gFilterHandle);
    }
    else {
        RtlInitUnicodeString(&uniString, L"\\Device\\HarddiskVolume1");
        PFLT_VOLUME vol;
        FltGetVolumeFromName(gFilterHandle, &uniString, &vol);
        status = FltAttachVolume(gFilterHandle, vol, NULL, NULL);
        // status == 0x0 at that point and the mini filter is attached to the Volume
    }
}

我通常附加到所有卷,但我想尝试附加到单个卷,效果很好。

Instance1.Flags = 0x1

That is fine.
I have somewhat similar code and that works fine.

status = FltRegisterFilter( DriverObject,
                            &FilterRegistration,
                            &gFilterHandle );

FLT_ASSERT( NT_SUCCESS( status ) );

if (NT_SUCCESS( status )) {
    PSECURITY_DESCRIPTOR sd;
    OBJECT_ATTRIBUTES oa;
    UNICODE_STRING uniString;

    status = FltBuildDefaultSecurityDescriptor(&sd,
        FLT_PORT_ALL_ACCESS);

    if (!NT_SUCCESS(status)) {
        return status;
    }

    RtlInitUnicodeString(&uniString, PORT_NAME);

    InitializeObjectAttributes(&oa,
        &uniString,
        OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
        NULL,
        sd);

    status = FltCreateCommunicationPort(gFilterHandle,
        &gServerPort,
        &oa,
        NULL,
        Connect,
        Disconnect,
        Message,
        1);

    FltFreeSecurityDescriptor(sd);

    BREAK_HERE(); // DbgBreak() macro

    //
    //  Start filtering i/o
    //

    status = FltStartFiltering(gFilterHandle);

    if (!NT_SUCCESS(status)) {

        FltUnregisterFilter(gFilterHandle);
    }
    else {
        RtlInitUnicodeString(&uniString, L"\\Device\\HarddiskVolume1");
        PFLT_VOLUME vol;
        FltGetVolumeFromName(gFilterHandle, &uniString, &vol);
        status = FltAttachVolume(gFilterHandle, vol, NULL, NULL);
        // status == 0x0 at that point and the mini filter is attached to the Volume
    }
}

I normally attach to all volumes but I wanted to try attaching to a single volume and it works fine.

回复 原文
~没有更多了~

关于作者

一身软味

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

lorenzathorton8

文章 0 评论 0

Zero

文章 0 评论 0

萧瑟寒风

文章 0 评论 0

mylayout

文章 0 评论 0

tkewei

文章 0 评论 0

17818769742

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文