-1

我是驱动程序开发的初学者。我正在开发一个过滤器驱动程序(内核模式)。我想获取每个打开的文件的完整路径。我有一个文件对象和一个 IRP。我正在使用&pFileObject->fileName来显示路径。它显示完整路径,但不显示驱动器号。请提供一个告诉驱动器号的内核级例程。下面是代码

#include "StdAfx.h"
#include "drv_common.h"
#include "ntddk.h"
#include "FsFilter.h"


///////////////////////////////////////////////////////////////////////////////////////////    ////////
// PassThrough IRP Handler

NTSTATUS FsFilterDispatchPassThrough( __in PDEVICE_OBJECT DeviceObject, __in PIRP Irp )
{
    PFSFILTER_DEVICE_EXTENSION pDevExt = (PFSFILTER_DEVICE_EXTENSION)DeviceObject-    >DeviceExtension;

    IoSkipCurrentIrpStackLocation(Irp);
    return IoCallDriver(pDevExt->AttachedToDeviceObject, Irp);
}

///////////////////////////////////////////////////////////////////////////////////////////    ////////
// IRP_MJ_CREATE IRP Handler

NTSTATUS FsFilterDispatchCreate(
    __in PDEVICE_OBJECT DeviceObject,
    __in PIRP           Irp
    )
{
    PFILE_OBJECT pFileObject = IoGetCurrentIrpStackLocation(Irp)->FileObject;

    DbgPrint("%wZ\n", &pFileObject->FileName);

    return FsFilterDispatchPassThrough(DeviceObject, Irp);
}
4

1 回答 1

1

As @sergmat suggested you can use IoVolumeDeviceToDosName routine to get the volume name. But be sure that you call that route only at PASSIVE_LEVEL, which might be what you are experiencing.

Also, using pFileObject->FileName in dispatch routine is not recommended. The memory may come from paged pool which is not accessible in DISPATCH_LEVEL or higher.

于 2013-03-20T04:38:00.043 回答