IRP的超时处理

EXE部分

#include <stdio.h>#include <Windows.h>#include <WinIoCtl.h>#include "Ioctl.h"int main (void){char linkname[]="\\\\.\\HelloDDK";HANDLE hDevice = CreateFileA(linkname,GENERIC_READ | GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);if (hDevice == INVALID_HANDLE_VALUE){printf("Win32 error code: %d\n",GetLastError());return 1;}DWORD dwRead;//如果读IRP没有被完成，ReadFile一直都不会退出ReadFile(hDevice,NULL,NULL,&dwRead,NULL);printf("第一个Readfile返回%d\n",GetLastError());ReadFile(hDevice,NULL,NULL,&dwRead,NULL);printf("第二个ReadFile返回%d\n",GetLastError());CloseHandle(hDevice);getchar();getchar();return 0;}

 

 

 

SYS部分

#pragma once#include <ntddk.h>#define CountArray(Array)  (sizeof(Array)/sizeof(Array[0]))typedef struct _DEVICE_EXTENSION{PDEVICE_OBJECTpDevice;//设备对象UNICODE_STRINGustrDeviceName;//设备名称UNICODE_STRINGustrSymLinkName;//符号名称KDPCpollingDPC;//存储DPC对象KTIMERpollingTimer;//存储计时器对象PIRPcurrentPendingIRP;//记录当前挂起的IRP}DEVICE_EXTENSION,*PDEVICE_EXTENSION;#ifdef __cplusplusextern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING  RegistryPath);#endifvoid HelloUnload(IN PDRIVER_OBJECT DriverObject);//卸载函数NTSTATUS CreateDevice(PDRIVER_OBJECT PDevObj);//创建设备NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);//派遣函数NTSTATUS HelloDDKControl(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);//IRP_MJ_DIRECTORY_CONTROLNTSTATUS HelloDDKRead(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);

 

#include "hello.h"#include "Ioctl.h"NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING  RegistryPath){DbgPrint("Hello from!\n");DriverObject->DriverUnload = HelloUnload;for (int i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++){DriverObject->MajorFunction[i]=HelloDDKDispatchRoutine;}DriverObject->MajorFunction[IRP_MJ_READ]=HelloDDKRead;#if DBG_asm int 3#endif//创建设备CreateDevice(DriverObject);return STATUS_SUCCESS;}//卸载函数void HelloUnload(IN PDRIVER_OBJECT DriverObject){#if DBG_asm int 3#endifDbgPrint("Goodbye from!\n");PDEVICE_OBJECT pNextObj=NULL;pNextObj=DriverObject->DeviceObject;while (pNextObj){PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pNextObj->DeviceExtension;//删除符号连接IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName);//删除设备IoDeleteDevice(pDevExt->pDevice);pNextObj=pNextObj->NextDevice;}}NTSTATUS HelloDDKControl(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp){#if DBG_asm int 3#endifNTSTATUS status=STATUS_SUCCESS;//获取当前堆栈PIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrp);//获取输入参数大小ULONG cbin=stack->Parameters.DeviceIoControl.InputBufferLength;//获取输出参数大小ULONG cbout=stack->Parameters.DeviceIoControl.OutputBufferLength;//得到IOCTL控制码ULONG code=stack->Parameters.DeviceIoControl.IoControlCode;//获取设备扩展PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;//从用户模式传进来的微秒数ULONG ulMircoSeconds=*(PULONG)pIrp->AssociatedIrp.SystemBuffer;switch (code){case IOCTL_WAIT_METHOD1:{}break;default:status=STATUS_INVALID_VARIANT;}//设置IRP的完成状态pIrp->IoStatus.Status=status;pIrp->IoStatus.Information=0;IoCompleteRequest(pIrp,IO_NO_INCREMENT);return status;}VOID OnTimerDpc(IN PKDPC pDpc,IN PVOID pContext,IN PVOID SysArg1,IN PVOID SysArg2){#if DBG_asm int 3#endifPDEVICE_OBJECT pDevObj=(PDEVICE_OBJECT)pContext;PDEVICE_EXTENSION pdx=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;PIRP currentPendingIRP=pdx->currentPendingIRP;DbgPrint("Cancel the current pending irp\n");//设置完成状态为STATUS_CANCELLEDcurrentPendingIRP->IoStatus.Status=STATUS_CANCELLED;//取消currentPendingIRP->IoStatus.Information=0;IoCompleteRequest(currentPendingIRP,IO_NO_INCREMENT);return;}NTSTATUS HelloDDKRead(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp){#if DBG_asm int 3#endifPDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;//将IRP设置为挂起IoMarkIrpPending(pIrp);//将挂起的IRP记录下来pDevExt->currentPendingIRP=pIrp;//定义5秒的超时ULONG ulMicroSecond=5000000;//将32位整数转化成64位整数LARGE_INTEGER timeout=RtlConvertLongToLargeInteger(-10*ulMicroSecond);KeSetTimer(&pDevExt->pollingTimer,timeout,&pDevExt->pollingDPC);DbgPrint("Leave HelloDDKRead\n");return STATUS_PENDING;//挂起}//创建设备NTSTATUS CreateDevice(PDRIVER_OBJECT pDriver_Object){//定义变量NTSTATUS status=STATUS_SUCCESS;PDEVICE_OBJECT pDevObj=NULL;PDEVICE_EXTENSION pDevExt=NULL;//初始化字符串UNICODE_STRING devname;UNICODE_STRING symLinkName;RtlInitUnicodeString(&devname,L"\\device\\hello");RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK");//创建设备status =IoCreateDevice(pDriver_Object,sizeof(DEVICE_EXTENSION),&devname,FILE_DEVICE_UNKNOWN,NULL,TRUE,&pDevObj);if (!NT_SUCCESS(status)){DbgPrint("创建设备失败\n");return status;}pDevObj->Flags |= DO_BUFFERED_IO;;pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;pDevExt->pDevice=pDevObj;pDevExt->ustrDeviceName=devname;pDevExt->ustrSymLinkName=symLinkName;KeInitializeTimer(&pDevExt->pollingTimer);KeInitializeDpc(&pDevExt->pollingDPC,OnTimerDpc,(PVOID)pDevObj);//创建符号连接status =IoCreateSymbolicLink(&symLinkName,&devname) ;if (!NT_SUCCESS(status)) {DbgPrint("创建符号连接失败\n");IoDeleteDevice(pDevObj);return status;}return STATUS_SUCCESS;}//派遣函数NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP){//#if DBG//_asm int 3//#endifPIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrP);//建立一个字符串数组与IRP类型对应起来static char* irpname[] = {"IRP_MJ_CREATE","IRP_MJ_CREATE_NAMED_PIPE","IRP_MJ_CLOSE","IRP_MJ_READ","IRP_MJ_WRITE","IRP_MJ_QUERY_INFORMATION","IRP_MJ_SET_INFORMATION","IRP_MJ_QUERY_EA","IRP_MJ_SET_EA","IRP_MJ_FLUSH_BUFFERS","IRP_MJ_QUERY_VOLUME_INFORMATION","IRP_MJ_SET_VOLUME_INFORMATION","IRP_MJ_DIRECTORY_CONTROL","IRP_MJ_FILE_SYSTEM_CONTROL","IRP_MJ_DEVICE_CONTROL","IRP_MJ_INTERNAL_DEVICE_CONTROL","IRP_MJ_SHUTDOWN","IRP_MJ_LOCK_CONTROL","IRP_MJ_CLEANUP","IRP_MJ_CREATE_MAILSLOT","IRP_MJ_QUERY_SECURITY","IRP_MJ_SET_SECURITY","IRP_MJ_POWER","IRP_MJ_SYSTEM_CONTROL","IRP_MJ_DEVICE_CHANGE","IRP_MJ_QUERY_QUOTA","IRP_MJ_SET_QUOTA","IRP_MJ_PNP",};UCHAR type = stack->MajorFunction;if (type >= CountArray(irpname))KdPrint(("无效的IRP类型 %X\n", type));elseKdPrint(("%s\n", irpname[type]));pIrP->IoStatus.Status=STATUS_SUCCESS;//设置完成状态pIrP->IoStatus.Information=0;//设置操作字节为0IoCompleteRequest(pIrP,IO_NO_INCREMENT);//结束IRP派遣函数，第二个参数表示不增加优先级return STATUS_SUCCESS;}