|
R0
IRP中
- case IOCTL_IO_MDL_FUNCTION:
- {
- //VirtualAddress = CreateMdl(,&poolAddress);
- PVOID ProcessList = ExAllocatePoolWithTag(NonPagedPool, sizeof(PROCESS_LIST) * 100, NULL);
- //初始化内存
- RtlZeroMemory(ProcessList, sizeof(PROCESS_LIST) * 100);
- //进程列表指针申请mdl映射
- PMDL mdl = IoAllocateMdl(ProcessList, sizeof(PROCESS_LIST) * 100, FALSE, FALSE, NULL);
- if (mdl == NULL)
- {
- return NULL;
- }
- ASSERT(mdl);
- // 为内存描述符列表建立虚拟内存分页
- MmBuildMdlForNonPagedPool(mdl);
- __try
- {
- VirtualAddress = MmMapLockedPagesSpecifyCache(mdl, UserMode, MmCached, NULL, FALSE, NormalPagePriority);
- }
- __except (ExceptionNestedException)
- {
- return NULL;
- }
- return VirtualAddress;
- //获取进程列表
- getProcessList(VirtualAddress);
- //将mdl地址返回到R3中 r3接收 *(PVOID*)buffer
- *((PVOID *)(pIrp->AssociatedIrp.SystemBuffer)) = VirtualAddress;
- writelength = sizeof(VirtualAddress);
- break;
- }
- case IOCTL_IO_MDL_RECOVERY:
- {
- recv = pIrp->AssociatedIrp.SystemBuffer;
- PMDL mdl = *(ULONG64*)recv;
- IoFreeMdl(mdl);
- DbgPrint("%x", recv);
- WCHAR post[] = L"1";
- RtlCopyMemory(recv, post, sizeof(post));
- writelength = sizeof(post);
- break;
- }
复制代码
R3 发送消息 接收完后 再把mdl传回去释放, 但是释放的时候 到IRP return STATUS_SUCCESS 的时候就蓝屏了 0x000000c5
这样写正确吗? |
|