微信推广和网站推广哪个好,什么网站做简历比较好,手机销售网站源码,修改wordpress的权限设置方法ReactOS系统NtReadFile函数的实现。
ReactOS系统NtReadFile函数的实现。 文章目录 ReactOS系统NtReadFile函数的实现。NtReadFile函数的定义NtReadFile函数的实现 NtReadFile()是windows的一个系统调用#xff0c;内核中有一个叫NtReadFile的函数
NtReadFile函数的定义
NTS…ReactOS系统NtReadFile函数的实现。
ReactOS系统NtReadFile函数的实现。 文章目录 ReactOS系统NtReadFile函数的实现。NtReadFile函数的定义NtReadFile函数的实现 NtReadFile()是windows的一个系统调用内核中有一个叫NtReadFile的函数
NtReadFile函数的定义
NTSTATUS WINAPI NtReadFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,PVOID,ULONG,PLARGE_INTEGER,PULONG);上面的函数看起来很费解。 我们用另外一个函数来看 这里涉及到内核的快速调用的知识。 eax,0B7h系统调用号指向NtReadFile(xxxxxxxxx)函数 edx,7ffe0300h:系统调用函数的地址
这样之后就实现了。R3与R0的隔离
NtReadFile函数的实现
NTSTATUS
NTAPI
NtReadFile(IN HANDLE FileHandle,IN HANDLE Event OPTIONAL,IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,IN PVOID ApcContext OPTIONAL,OUT PIO_STATUS_BLOCK IoStatusBlock,OUT PVOID Buffer,IN ULONG Length,IN PLARGE_INTEGER ByteOffset OPTIONAL,IN PULONG Key OPTIONAL)
{NTSTATUS Status STATUS_SUCCESS;PFILE_OBJECT FileObject;PIRP Irp;PDEVICE_OBJECT DeviceObject;PIO_STACK_LOCATION StackPtr;KPROCESSOR_MODE PreviousMode KeGetPreviousMode();PKEVENT EventObject NULL;LARGE_INTEGER CapturedByteOffset;ULONG CapturedKey 0;BOOLEAN Synchronous FALSE;PMDL Mdl;PAGED_CODE();CapturedByteOffset.QuadPart 0;IOTRACE(IO_API_DEBUG, FileHandle: %p\n, FileHandle);/* Validate User-Mode Buffers */if(PreviousMode ! KernelMode){_SEH_TRY{/* Probe the status block */ProbeForWriteIoStatusBlock(IoStatusBlock);/* Probe the read buffer */ProbeForWrite(Buffer, Length, 1);/* Check if we got a byte offset */if (ByteOffset){/* Capture and probe it */CapturedByteOffset ProbeForReadLargeInteger(ByteOffset);}/* Capture and probe the key */if (Key) CapturedKey ProbeForReadUlong(Key);}_SEH_HANDLE{/* Get the exception code */Status _SEH_GetExceptionCode();}_SEH_END;/* Check for probe failure */if (!NT_SUCCESS(Status)) return Status;}else{/* Kernel mode: capture directly */if (ByteOffset) CapturedByteOffset *ByteOffset;if (Key) CapturedKey *Key;}/* Get File Object */Status ObReferenceObjectByHandle(FileHandle,FILE_READ_DATA,IoFileObjectType,PreviousMode,(PVOID*)FileObject,NULL);if (!NT_SUCCESS(Status)) return Status;/* Check for event */if (Event){/* Reference it */Status ObReferenceObjectByHandle(Event,EVENT_MODIFY_STATE,ExEventObjectType,PreviousMode,(PVOID*)EventObject,NULL);if (!NT_SUCCESS(Status)){/* Fail */ObDereferenceObject(FileObject);return Status;}/* Otherwise reset the event */KeClearEvent(EventObject);}/* Check if we should use Sync IO or not */if (FileObject-Flags FO_SYNCHRONOUS_IO){/* Lock the file object */IopLockFileObject(FileObject);/* Check if we dont have a byte offset avilable */if (!(ByteOffset) ||((CapturedByteOffset.u.LowPart FILE_USE_FILE_POINTER_POSITION) (CapturedByteOffset.u.HighPart -1))){/* Use the Current Byte Offset instead */CapturedByteOffset FileObject-CurrentByteOffset;}/* Rememer we are sync */Synchronous TRUE;}else if (!(ByteOffset) !(FileObject-Flags (FO_NAMED_PIPE | FO_MAILSLOT))){/* Otherwise, this was async I/O without a byte offset, so fail */if (EventObject) ObDereferenceObject(EventObject);ObDereferenceObject(FileObject);return STATUS_INVALID_PARAMETER;}/* Get the device object */DeviceObject IoGetRelatedDeviceObject(FileObject);/* Clear the File Objects event */KeClearEvent(FileObject-Event);/* Allocate the IRP */Irp IoAllocateIrp(DeviceObject-StackSize, FALSE);if (!Irp) return IopCleanupFailedIrp(FileObject, NULL, NULL);/* Set the IRP */Irp-Tail.Overlay.OriginalFileObject FileObject;Irp-Tail.Overlay.Thread PsGetCurrentThread();Irp-RequestorMode KernelMode;Irp-Overlay.AsynchronousParameters.UserApcRoutine ApcRoutine;Irp-Overlay.AsynchronousParameters.UserApcContext ApcContext;Irp-UserIosb IoStatusBlock;Irp-UserEvent EventObject;Irp-PendingReturned FALSE;Irp-Cancel FALSE;Irp-CancelRoutine NULL;Irp-AssociatedIrp.SystemBuffer NULL;Irp-MdlAddress NULL;/* Set the Stack Data */StackPtr IoGetNextIrpStackLocation(Irp);StackPtr-MajorFunction IRP_MJ_READ;StackPtr-FileObject FileObject;StackPtr-Parameters.Read.Key CapturedKey;StackPtr-Parameters.Read.Length Length;StackPtr-Parameters.Read.ByteOffset CapturedByteOffset;/* Check if this is buffered I/O */if (DeviceObject-Flags DO_BUFFERED_IO){/* Check if we have a buffer length */if (Length){/* Enter SEH */_SEH_TRY{/* Allocate a buffer */Irp-AssociatedIrp.SystemBuffer ExAllocatePoolWithTag(NonPagedPool,Length,TAG_SYSB);}_SEH_HANDLE{/* Allocating failed, clean up */IopCleanupAfterException(FileObject, Irp, NULL, Event);Status _SEH_GetExceptionCode();}_SEH_END;if (!NT_SUCCESS(Status)) return Status;/* Set the buffer and flags */Irp-UserBuffer Buffer;Irp-Flags (IRP_BUFFERED_IO |IRP_DEALLOCATE_BUFFER |IRP_INPUT_OPERATION);}else{/* Not reading anything */Irp-Flags IRP_BUFFERED_IO | IRP_INPUT_OPERATION;}}else if (DeviceObject-Flags DO_DIRECT_IO){/* Check if we have a buffer length */if (Length){/* Allocate an MDL */Mdl IoAllocateMdl(Buffer, Length, FALSE, TRUE, Irp);MmProbeAndLockPages(Mdl, PreviousMode, IoWriteAccess);}/* No allocation flags */Irp-Flags 0;}else{/* No allocation flags, and use the buffer directly */Irp-Flags 0;Irp-UserBuffer Buffer;}/* Now set the deferred read flags */Irp-Flags | (IRP_READ_OPERATION | IRP_DEFER_IO_COMPLETION);
#if 0/* FIXME: VFAT SUCKS */if (FileObject-Flags FO_NO_INTERMEDIATE_BUFFERING) Irp-Flags | IRP_NOCACHE;
#endif/* Perform the call */return IopPerformSynchronousRequest(DeviceObject,Irp,FileObject,TRUE,PreviousMode,Synchronous,IopReadTransfer);
}
//从上面可以看出ReadFile函数是很大的可以对文件IO事件等的处理
