再次深入理解IRP

过滤驱动与IRP处理方式
我们关系这个IRP的处理结果 就用这个
a.Pending完成例程
IoCopyCurrentIrpStackLocationToNext  +完成例程
Pending完成例程

KEVENT event;KeInitializeEvent(&event, NotificationEvent, FALSE);IoCopyCurrentIrpStackLocationToNext(Irp);IoSetCompletionRoutine(Irp,CompRoutine,&event,TRUE,TRUE,TRUE);status = IoCallDriver(DeviceObject, Irp);if (status == STATUS_PENDING) {status = KeWaitForSingleObject(&event,Executive,KernelMode,FALSE,NULL);ASSERT(NT_SUCCESS(status));status = Irp->IoStatus.Status;}

回调例程

NTSTATUSCompRoutine(    IN PDEVICE_OBJECT DeviceObject,    IN PIRP Irp,    IN PVOID Context    ){    PKEVENT event = Context;    Irp->UserIosb->Status = Irp->IoStatus.Status;    Irp->UserIosb->Information = Irp->IoStatus.Information;    KeSetEvent(event , IO_NO_INCREMENT, FALSE);    //IoFreeIrp(Irp);    return STATUS_MORE_PROCESSING_REQUIRED;}

b.忽略直接下发
IoSkipCurrentIrpStackLocation，下层设备拿到的IO_STACKLOCATION 和当前的一样


对IRP没有任何改动的时候，比如放行：

PDEVICE_EXTENSION   deviceExtension;IoSkipCurrentIrpStackLocation(Irp);

//拿到保存在设备扩展里的下层设备

deviceExtension = (PDEVICE_EXTENSION) DeviceObject->DeviceExtension;//下发return IoCallDriver(deviceExtension->TargetDeviceObject, Irp);

c.结束IRP不下发

PIO_STACK_LOCATION irpStack = IoGetCurrentIrpStackLocation (Irp);Irp->IoStatus.Status = STATUS_SUCCESS;Irp->IoStatus.Information = 0;IoCompleteRequest( Irp, IO_NO_INCREMENT );

d.手动构建IRP

IoAllocateIrpIoGetNextIrpStackLocationIoAllocateIrp /IoBuildDeviceIoControlRequest IoGetNextIrpStackLocation //例子：//强制删除文件//Sfilter里查询文件名字

错误的下发：
下发后就没有访问这个IRP的权限了 必须等待 和设置完成例程 例程中必须返回STATUS_MORE_PROCESSING_REQUIRED

// Forward request to next driverIoCopyCurrentIrpStackLocationToNext( Irp );// Send the IRP downstatus = IoCallDriver( nextDevice, Irp );// The following is an error because this driver// no longer owns the IRP.If (status == STATUS_PENDING){IoMarkIrpPending( Irp );//错误，无权操作Irp了}// Return the lower driver’s statusreturn status;