1

我正在测试这段代码:

int handler(void* data)
{
    KTIMER *Timer = (KTIMER *)data;
    DbgPrint("*** timer1.sys: Inside handler ...\n");
    DbgPrint("handler: Address of data: %p\n", data);
    if (STATUS_SUCCESS == KeWaitForSingleObject(Timer,
                                        Executive, KernelMode , 
                                        TRUE, NULL)){
            DbgPrint("Status_Succes for KeWaitForSingleObject");
    } 
    DbgPrint("Done waiting!!! ...\n");
    KeCancelTimer(Timer);
    return 1;
}

void start_timer()
{
    KTIMER Timer;
    LARGE_INTEGER lTimeOut;
    PKTHREAD *delayedWorkerThread;
    void* data;

    DbgPrint("*** timer1.SYS: ==>start_timer\n");

    KeInitializeTimer(&Timer);
    lTimeOut.QuadPart = 3000;           //Delay
    lTimeOut.QuadPart *= 10000;         // 100ns * 10000 = 1ms
    lTimeOut.QuadPart *= -1;            // exactly waiting time
    KeSetTimer(&Timer, lTimeOut, NULL);


    /*
    if (STATUS_SUCCESS == KeWaitForSingleObject(&Timer,
                                        Executive, KernelMode , 
                                        TRUE, NULL)){
            DbgPrint("Status_Succes for KeWaitForSingleObject");
    } 
    DbgPrint("Call Handler ...\n");
    KeCancelTimer(&Timer);
    */

    data = &Timer;
    DbgPrint("start_timer: Address of Timer: &Timer: %p\n", &Timer);
    DbgPrint("Start_timer: Address of Timer: data: %p\n", data);
    delayedWorkerThread = thread_create(handler, data, "Delayed Worker Thread"); // This function will create a thread using PsCreateSystemThread and will return PTHREAD object
    DbgPrint("timer1.sys: start_timer<==\n");
}

现在,当我加载此驱动程序时,我的 m/c 因 (IRQL_NOT_LESS_OR_EQUAL_TO) 而崩溃,KeWaitForSingleObject这意味着我正在尝试访问无效地址。但是在 handler 和 start_timer 中的 Timer 地址是相同的。没有 KeWaitForSingleObject 很好。不知道怎么回事,求大神帮忙!

////////////////////////// 编辑 1 //////////////// ////////////

没有KeWaitForSingleObject

int handler(void* data)
{
    KTIMER *Timer = (KTIMER *)data;
    DbgPrint("*** timer1.sys: Inside handler ...\n");
    DbgPrint("handler: Address of data: %p\n", data);    // Same address
    DbgPrint("handler: Address of Timer: %p\n", TImer);  // Same address

    DbgPrint("Done waiting!!! ...\n");
    KeCancelTimer(Timer);
    return 1;
}

它后来崩溃了..成功安装驱动程序并成功卸载...然后突然蓝屏!Windows 驱动程序编程不是儿戏!:(

两个函数中的地址仍然相同..顺便说一句,当我在没有线程的情况下编写时它工作正常......(在 start_timer() 中取消注释代码)但我必须用线程来做......我想要做的是,调用 start_timer( ) 具有多次不同的延迟,并且应该相应地调用处理程序,它不应该阻塞其他执行从而创建线程。

4

0 回答 0