I am working on a windows keyboard filter driver and I need to write to a file. I tried using zwcreate,zwwrite, and zwclose but the driver is not running at PASSIVE_LEVEL and I got the BSOD. I have never written a windows driver before. Thanks for the help!
我正在使用Windows键盘过滤器驱动程序,我需要写入文件。我尝试使用zwcreate,zwwrite和zwclose,但是驱动程序没有在PASSIVE_LEVEL上运行而且我得到了BSOD。我以前从未写过Windows驱动程序。谢谢您的帮助!
EDIT: Thanks J. Passing!
编辑:谢谢J.传递!
2 个解决方案
#1
Schedule workitems (IoAllocateWorkItem/IoQueueWorkItem) and handle all file I/O from within the workitem callback routines.
安排工作项(IoAllocateWorkItem / IoQueueWorkItem)并处理workitem回调例程中的所有文件I / O.
I'm not sure if it is a good idea to let the kernel driver write to a file in the first place. The best way to do that IMHO is to provide a user space program that communicates with the driver, gets the data and then writes it to disk.
我不确定让内核驱动程序首先写入文件是否是个好主意。执行此操作的最佳方法是提供与驱动程序通信的用户空间程序,获取数据然后将其写入磁盘。
This is true for Unix, but not for Windows.
这适用于Unix,但不适用于Windows。
#2
A wonderful example for using Zw-Tools to write files from a device driver is Clandestiny's Klog found at rootkit.com. It is currently helping me a lot.
使用Zw-Tools从设备驱动程序写入文件的一个很好的例子是在rootkit.com上找到的Clandestiny的Klog。它目前帮助了我很多。
And well, I kinda agree with Johannes that it is not advisable to do classical userland-work (file/net/...-access) directly from a driver. Not only is it errorprone, it is also might break unforseeable in the future. User interfaces normally are much more steady and resilient.
好吧,我有点同意约翰内斯的观点,不建议直接从驱动程序进行经典的用户工作(文件/网络/网络访问)。它不仅是错误的,它在未来也可能无法实现。用户界面通常更稳定,更有弹性。
#1
Schedule workitems (IoAllocateWorkItem/IoQueueWorkItem) and handle all file I/O from within the workitem callback routines.
安排工作项(IoAllocateWorkItem / IoQueueWorkItem)并处理workitem回调例程中的所有文件I / O.
I'm not sure if it is a good idea to let the kernel driver write to a file in the first place. The best way to do that IMHO is to provide a user space program that communicates with the driver, gets the data and then writes it to disk.
我不确定让内核驱动程序首先写入文件是否是个好主意。执行此操作的最佳方法是提供与驱动程序通信的用户空间程序,获取数据然后将其写入磁盘。
This is true for Unix, but not for Windows.
这适用于Unix,但不适用于Windows。
#2
A wonderful example for using Zw-Tools to write files from a device driver is Clandestiny's Klog found at rootkit.com. It is currently helping me a lot.
使用Zw-Tools从设备驱动程序写入文件的一个很好的例子是在rootkit.com上找到的Clandestiny的Klog。它目前帮助了我很多。
And well, I kinda agree with Johannes that it is not advisable to do classical userland-work (file/net/...-access) directly from a driver. Not only is it errorprone, it is also might break unforseeable in the future. User interfaces normally are much more steady and resilient.
好吧,我有点同意约翰内斯的观点,不建议直接从驱动程序进行经典的用户工作(文件/网络/网络访问)。它不仅是错误的,它在未来也可能无法实现。用户界面通常更稳定,更有弹性。