内核驱动程序接收结构，但它仍然是null

Posted 2021-04-09

我有一个内核驱动程序，我正试图让ReadFile工作。这是我的驱动程序调度功能：

NTSTATUS DriverDispatch(PDEVICE_OBJECT DriverObject, PIRP irp)
{
UNREFERENCED_PARAMETER(DriverObject);
PIO_STACK_LOCATION io;
PGAME_INFO info;
NTSTATUS status = STATUS_SUCCESS;

io = IoGetCurrentIrpStackLocation(irp);
irp->iostatus.Information = 0;

if (io->MajorFunction == IRP_MJ_WRITE)
{
    io = IoGetCurrentIrpStackLocation(irp);

    CHAR buffer[14] = "Got request
";
    ULONG cb = 14;

    ZwWriteFile(handle, NULL, NULL, NULL, &ioStatusBlock, buffer, cb, NULL, NULL);

    if (io)
    {
        info = (PGAME_INFO)irp->AssociatedIrp.SystemBuffer;
        if (info)
        {
            HANDLE Pid = info->pid;
            cb = 20;

            ZwWriteFile(handle, NULL, NULL, NULL, &ioStatusBlock, Pid, cb, NULL, NULL);

            status = STATUS_SUCCESS;
        }
        else
        {
            CHAR buffer2[20] = "Struct was null
";
            cb = 20;

            ZwWriteFile(handle, NULL, NULL, NULL, &ioStatusBlock, buffer2, cb, NULL, NULL);
        }
    }
    else
    {
        CHAR buffer3[31] = "PIO_STACK_LOCATION is null
";
        cb = 31;

        ZwWriteFile(handle, NULL, NULL, NULL, &ioStatusBlock, buffer3, cb, NULL, NULL);
    }

    irp->IoStatus.Information = sizeof(GAME_INFO);
}
else 
{
    status = STATUS_SUCCESS;
}

irp->IoStatus.Status = status;

IoCompleteRequest(irp, IO_NO_INCREMENT);
return status;
}

这是我正在使用的结构：

typedef struct _GAME_INFO {
HANDLE pid;
}GAME_INFO, *PGAME_INFO;

我的用户模式应用：

int main()
{
GAME_INFO GameInfo;

HANDLE hDevice = CreateFile("\\.\Driver", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);

if (hDevice == INVALID_HANDLE_VALUE)
{
    printf("
Error: Unable to connect to the driver (%d)
", GetLastError());
    getchar();
    return -1;
}

getchar();

GameInfo.pid = (HANDLE)1234;
DWORD written;

if (!WriteFile(hDevice, &GameInfo, sizeof(GAME_INFO), &written, NULL))
{
    printf("
Error: Unable to write data to the driver (%d)
", GetLastError());

    CloseHandle(hDevice);
    getchar();
    return -1;
}
else 
{
    printf("%lu", written);
    getchar();
}

CloseHandle(hDevice);
return 0;
}

驱动程序正在接收请求，但由于某种原因结构为空。我一般都是内核驱动程序和C的新手，所以请随时纠正我

答案

基于一些来回，这似乎是因为驱动程序IO设置为直接而不是缓冲。没有直接的系统缓冲区，因为它实际上没有缓冲，所以该字段应该是NULL。

接收代码需要通过MDL来完成。

请参阅https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/using-mdls获取起点。