Monitor 12:03:04 Version 1.02 starting to listen under Windows 2000 (5.0 build 1877)
DebugPrint 11:59:09 Version 1.02 started Wdm1 12:00:42 DebugPrint logging started
Wdm1 12:00:42 RegistryPath is REGISTRYMachineSystemControlSet002SERVICESWdml
Wdm1 12:00:42 DriverEntry completed
Wdm1 12:00:42 AddDevice
Wdm1 12:00:42 FDO is 80AAB020
Wdm1 12:00:42 Symbolic Link Name is ??Root#UNKNOWN#0003#{c0cf0640…}
Wdm1 12:00:42 PnP IRP_MJ_PNP:IRP_MN_QUERY_CAPABILITIES
Wdm1 12:00:42 PnP IRP_MJ_PNP:IRP_MN_FILTER_RESOURCE_REQUIREMENTS
Wdm1 12:00:43 PnP IRP_MJ_PNP:IRP_MN_START_DEVICE
Wdm1 12:00:43 PnP IRP_MJ_PNP:IRP_MN_QUERY_CAPABILITIES
Wdm1 12:00:43 PnP IRP_MJ_PNP:IRP_MN_QUERY_PNP_DEVICE_STATE
Wdm1 12:00:43 PnP IRP_MJ_PNP:IRP_MN_QUERY_BUS_INFORMATION
Wdm1 12:00:43 PnP IRP_MJ_PNP:IRP_MN_QUERY_DEVICE_RELATIONS
Wdm1 12:10:14 Create File is
Wdm1 12:10:14 Read 4 bytes from file pointer 0
Wdm1 12:10:14 Read: 4 bytes returned
Wdm1 12:10:14 Write 4 bytes from file pointer 0
Wdm1 12:10:14 Write: 4 bytes written
Wdm1 12:10:14 Read 1 bytes from file pointer 3
Wdm1 12:10:14 Read: 1 bytes returned
Wdm1 12:10:14 Write 4 bytes from file pointer 3
Wdm1 12:10:14 Write: 4 bytes written
Wdm1 12:10:14 DeviceIoControl: Control code 0022200C InputLength 0 OutputLength 4
Wdm1 12:10:14 DeviceIoControl: 4 bytes written
Wdm1 12:10:14 DeviceIoControl: Control code 00222010 InputLength 0 OutputLength 7
Wdm1 12:10:14 DeviceIoControl: 7 bytes written
Wdm1 12:10:14 DeviceIoControl: Control code 00222010 InputLength 0 OutputLength 8
Wdm1 12:10:14 DeviceIoControl: 0 bytes written
Wdm1 12:10:14 DeviceIoControl: Control code 00222004 InputLength 0 OutputLength 0
Wdm1 12:10:14 DeviceIoControl: 0 bytes written
Wdm1 12:10:14 DeviceIoControl: Control code 00222010 InputLength 0 OutputLength 7
Wdm1 12:10:14 DeviceIoControl: 7 bytes written
Wdm1 12:10:14 DeviceIoControl: Control code 00222008 InputLength 0 OutputLength 0
Wdm1 12:10:14 DeviceIoControl: 0 bytes written
Wdm1 12:10:14 DeviceIoControl: Control code 0022200C InputLength 0 OutputLength 4
Wdm1 12:10:14 DeviceIoControl: 4 bytes written
Wdm1 12:10:14 DeviceIoControl: Control code 00222014 InputLength 0 OutputLength 0
Wdm1 12:10:14 DeviceIoControl: 0 bytes written
Wdm1 12:10:14 Write 4 bytes from file pointer 0
Wdm1 12:10:14 Write: 4 bytes written
Wdm1 12:10:14 Close
The Wdm1 create and close routines do nothing except complete the IRP successfully. A helper function,
The create routine shows how to access the current I/O stack location using
PIO_STACK_LOCATION IrpStack = IoGetCurrentlrpStackLocation(Irp);
DebugPrint('Create File is %T', &(IrpStack –>FileObject->FileName));
Things start to get interesting in the write dispatch routine,
Listing 7.2 Wdm1 write dispatch routine
NTSTATUS Wdm1Write(IN PDEVICE_OBJECT fdo, IN PIRP Irp) {
PIO_STACK_LOCATION IrpStack = IoGetCurrentIrpStackLocation(Irp);
NTSTATUS status = STATUS_SUCCESS;
ULONG BytesTxd = 0;
// Get call parameters
LONGLONG FilePointer = IrpStack->Parameters.Write.ByteOffset.QuadPart;
ULONG WriteLen = IrpStack->Parameters.Write.Length;
DebugPrint('Write %d bytes from file pointer %d', (int)WriteLen,(int)FilePointer);
if (FilePointer<0) status = STATUS_INVALID_PARAMETER;
else {
// Get access to the shared buffer
KIRGL irql ;
KeAcquireSpinLock(&BufferLock,&irql);
BytesTxd = WriteLen;
// (Re)allocate buffer if necessary
if ( ((ULONG)FilePointer)+WriteLen>BufferSize) {
ULONG NewBufferSize = ((ULONG)FilePointer)+WriteLen;
PVOID NewBuffer = ExAllocatePool(NonPagedPool.NewBufferSize);
if (NewBuffer==NULL) {
BytesTxd = BufferSize – (ULONG)FilePointer;
if (BytesTxd<0) BytesTxd = 0;
} else {
RtlZeroMemory(NewBuffer,NewBufferSize);
if (Buffer!=NULL) {
RtlCopyMemory(NewBuffer,Buffer,BufferSize);
ExFreePool(Buffer);
}
Buffer = (PUCHAR)NewBuffer;
BufferSize = NewBufferSize;
}
}
// Write to shared memory
if (BytesTxd>0 && Buffer!=NULL) RtlCopyMemory(Buffer+FilePointer, Irp->AssociatedIrp.SystemBuffer, BytesTxd);
// Release shared buffer
KeReleaseSpinLock(&BufferLock,irql);
}
DebugPrint('Write: %d bytes written', (int)BytesTxd);
// Complete IRP
