NTSTATUS my_disk_handle_control(PDEVICE_OBJECT device, PIRP irp) { PIO_STACK_LOCATION ioc = IoGetCurrentIrpStackLocation(irp); const unsigned long code = ioc->Parameters.DeviceIoControl.IoControlCode; if (code == IOCTL_STORAGE_QUERY_PROPERTY) { if (StorageDeviceProperty == ((PSTORAGE_PROPERTY_QUERY)irp->AssociatedIrp.SystemBuffer)->PropertyId) n_util::change_ioc(ioc, irp, my_storage_query_ioc); } else if (code == IOCTL_ATA_PASS_THROUGH) n_util::change_ioc(ioc, irp, my_ata_pass_ioc); else if (code == SMART_RCV_DRIVE_DATA) n_util::change_ioc(ioc, irp, my_smart_data_ioc); return g_original_disk_control(device, irp); } NTSTATUS my_disk_handle_control(PDEVICE_OBJECT device, PIRP irp) { PIO_STACK_LOCATION ioc = IoGetCurrentIrpStackLocation(irp); const unsigned long code = ioc->Parameters.DeviceIoControl.IoControlCode; if (code == IOCTL_STORAGE_QUERY_PROPERTY) { if (StorageDeviceProperty == ((PSTORAGE_PROPERTY_QUERY)irp->AssociatedIrp.SystemBuffer)->PropertyId) n_util::change_ioc(ioc, irp, my_storage_query_ioc); } else if (code == IOCTL_ATA_PASS_THROUGH) n_util::change_ioc(ioc, irp, my_ata_pass_ioc); else if (code == SMART_RCV_DRIVE_DATA) n_util::change_ioc(ioc, irp, my_smart_data_ioc); return g_original_disk_control(device, irp); }

这段代码是一个函数 `my_disk_handle_control`，它接受两个参数 `PDEVICE_OBJECT device` 和 `PIRP irp`，并返回一个 `NTSTATUS` 值。

该函数首先通过 `IoGetCurrentIrpStackLocation(irp)` 获取当前IRP（I/O Request Packet）的堆栈位置，并提取出其中的 `IoControlCode` 字段，保存在变量 `code` 中。

然后，它使用条件语句对 `code` 进行判断。如果 `code` 的值等于 `IOCTL_STORAGE_QUERY_PROPERTY`，则进入相应的逻辑块。在这个逻辑块中，它首先检查 `PropertyId` 字段是否等于 `StorageDeviceProperty`，如果是，则调用 `n_util::change_ioc` 函数来修改 `ioc`、`irp` 和 `my_storage_query_ioc`。类似地，如果 `code` 的值等于 `IOCTL_ATA_PASS_THROUGH` 或者 `SMART_RCV_DRIVE_DATA`，则分别执行相应的逻辑操作。

最后，函数返回调用 `g_original_disk_control` 函数，并传入 `device` 和 `irp`。

整体来说，这段代码的作用是根据不同的控制码（IoControlCode），来做出相应的处理逻辑，并最终返回一个 `NTSTATUS` 值。

相关问题

KMDF驱动如何获取底层硬盘驱动对象，并向其发送IRP_MJ_READ请求？请给出示例

要获取底层硬盘驱动对象并向其发送IRP_MJ_READ请求，可以使用下面的示例代码：

#include <ntddk.h>

NTSTATUS ReadSector(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context)
{
    // 获取IRP的输入输出缓冲区
    PIO_STACK_LOCATION irpStack = IoGetCurrentIrpStackLocation(Irp);
    PVOID inputBuffer = Irp->AssociatedIrp.SystemBuffer;
    PVOID outputBuffer = Irp->UserBuffer;

    // 分配一个MDL描述符并锁定输入缓冲区
    PMDL mdl = IoAllocateMdl(inputBuffer, irpStack->Parameters.Read.Length, FALSE, FALSE, NULL);
    MmBuildMdlForNonPagedPool(mdl);
    MmProbeAndLockPages(mdl, KernelMode, IoReadAccess);

    // 构造IRP并发送给底层驱动
    PIRP readIrp = IoBuildSynchronousFsdRequest(IRP_MJ_READ, DeviceObject, outputBuffer, irpStack->Parameters.Read.Length, &irpStack->Parameters.Read.StartingOffset, NULL, NULL);
    NTSTATUS status = IoCallDriver(DeviceObject, readIrp);

    // 解锁并释放MDL
    MmUnlockPages(mdl);
    IoFreeMdl(mdl);

    return status;
}

NTSTATUS DispatchReadWrite(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
    // 获取IRP的输入输出缓冲区
    PIO_STACK_LOCATION irpStack = IoGetCurrentIrpStackLocation(Irp);
    PVOID inputBuffer = Irp->AssociatedIrp.SystemBuffer;
    PVOID outputBuffer = Irp->UserBuffer;

    // 如果是读请求，则调用ReadSector函数发送IRP_MJ_READ请求
    if (irpStack->MajorFunction == IRP_MJ_READ)
    {
        return ReadSector(DeviceObject, Irp, NULL);
    }

    // 如果是写请求，则直接返回成功
    if (irpStack->MajorFunction == IRP_MJ_WRITE)
    {
        Irp->IoStatus.Status = STATUS_SUCCESS;
        Irp->IoStatus.Information = irpStack->Parameters.Write.Length;
        IoCompleteRequest(Irp, IO_NO_INCREMENT);
        return STATUS_SUCCESS;
    }

    // 其他请求则返回未实现
    Irp->IoStatus.Status = STATUS_NOT_IMPLEMENTED;
    Irp->IoStatus.Information = 0;
    IoCompleteRequest(Irp, IO_NO_INCREMENT);
    return STATUS_NOT_IMPLEMENTED;
}

NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
    // 创建设备对象
    PDEVICE_OBJECT deviceObject;
    UNICODE_STRING deviceName = RTL_CONSTANT_STRING(L"\\Device\\MyDisk");
    UNICODE_STRING symbolicLinkName = RTL_CONSTANT_STRING(L"\\DosDevices\\MyDisk");
    NTSTATUS status = IoCreateDevice(DriverObject, 0, &deviceName, FILE_DEVICE_DISK, 0, FALSE, &deviceObject);
    if (!NT_SUCCESS(status))
    {
        return status;
    }

    // 创建符号链接
    status = IoCreateSymbolicLink(&symbolicLinkName, &deviceName);
    if (!NT_SUCCESS(status))
    {
        IoDeleteDevice(deviceObject);
        return status;
    }

    // 设置IRP处理函数
    for (ULONG i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
    {
        DriverObject->MajorFunction[i] = DispatchReadWrite;
    }

    // 获取底层硬盘驱动对象
    WCHAR diskName[] = L"\\Device\\Harddisk0\\Partition1";
    UNICODE_STRING diskNameUnicode = RTL_CONSTANT_STRING(diskName);
    PDEVICE_OBJECT diskObject = IoGetDeviceObjectByDeviceName(&diskNameUnicode);

    // 发送IRP_MJ_READ请求
    PVOID buffer = ExAllocatePoolWithTag(NonPagedPool, 512, 'MyD');
    if (buffer != NULL)
    {
        LARGE_INTEGER offset = { 0 };
        PIRP readIrp = IoBuildSynchronousFsdRequest(IRP_MJ_READ, diskObject, buffer, 512, &offset, NULL, NULL);
        if (readIrp != NULL)
        {
            status = IoCallDriver(diskObject, readIrp);
            if (NT_SUCCESS(status))
            {
                DbgPrint("Read sector successfully!\n");
            }
            else
            {
                DbgPrint("Read sector failed with status 0x%X\n", status);
            }
        }
        else
        {
            DbgPrint("Failed to build IRP\n");
        }
        ExFreePoolWithTag(buffer, 'MyD');
    }
    else
    {
        DbgPrint("Failed to allocate buffer\n");
    }

    return STATUS_SUCCESS;
}

在这个示例中，我们首先创建了一个设备对象并设置了IRP处理函数为DispatchReadWrite。这个函数会根据IRP的MajorFunction字段来判断是否是读请求或写请求，如果是读请求则调用ReadSector函数发送IRP_MJ_READ请求，如果是写请求则直接返回成功。如果是其他请求则返回未实现。

在DriverEntry函数中，我们获取了底层硬盘驱动对象，并发送了一个IRP_MJ_READ请求来读取磁盘扇区。注意，这里的硬盘驱动对象是通过设备名获取的，因此需要知道硬盘的设备名才能获取到正确的对象。

WDF驱动如何向底层磁盘驱动发送IRP_MJ_READ请求读取原始数据？请给出示例

WDF驱动向底层磁盘驱动发送IRP_MJ_READ请求读取原始数据的示例代码如下：

NTSTATUS ReadFromDisk(WDFDEVICE Device, PVOID Buffer, ULONG Length)
{
    NTSTATUS status = STATUS_SUCCESS;
    WDFREQUEST request = NULL;
    PIRP irp = NULL;
    KEVENT event;
    IO_STATUS_BLOCK ioStatusBlock;

    // 初始化事件
    KeInitializeEvent(&event, NotificationEvent, FALSE);

    // 创建请求对象
    status = WdfRequestCreate(WDF_NO_OBJECT_ATTRIBUTES, WdfDeviceGetIoTarget(Device), &request);
    if (!NT_SUCCESS(status)) {
        return status;
    }

    // 获取IRP对象
    irp = WdfRequestWdmGetIrp(request);

    // 设置IRP参数
    IoSetCompletionRoutine(irp, ReadCompletionRoutine, &event, TRUE, TRUE, TRUE);
    irp->Flags |= IRP_BUFFERED_IO | IRP_DEALLOCATE_BUFFER;
    irp->AssociatedIrp.SystemBuffer = Buffer;
    irp->MdlAddress = NULL;
    irp->IoStatus.Status = STATUS_NOT_SUPPORTED;
    irp->IoStatus.Information = 0;
    irp->Tail.Overlay.Thread = PsGetCurrentThread();
    irp->Tail.Overlay.OriginalFileObject = NULL;
    irp->Tail.Overlay.AuxiliaryBuffer = NULL;
    irp->Flags &= ~(IRP_PAGING_IO | IRP_NOCACHE | IRP_SYNCHRONOUS_API);

    // 设置IO栈位置
    PIO_STACK_LOCATION irpStack = IoGetNextIrpStackLocation(irp);
    irpStack->MajorFunction = IRP_MJ_READ;
    irpStack->Parameters.Read.Length = Length;
    irpStack->Parameters.Read.ByteOffset.QuadPart = 0;

    // 发送IRP请求
    status = WdfRequestSend(request, WdfDeviceGetIoTarget(Device), WDF_NO_SEND_OPTIONS);
    if (!NT_SUCCESS(status)) {
        WdfRequestComplete(request, status);
        return status;
    }

    // 等待请求完成
    KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, NULL);

    // 获取IO状态
    status = irp->IoStatus.Status;

    // 完成请求
    WdfRequestComplete(request, status);

    return status;
}

在以上代码中，我们创建了一个WDF请求对象，并获取了其对应的IRP对象，然后设置了IRP的各项参数，最终发送请求并等待请求完成。一旦请求完成，我们就可以通过IRP的IoStatus成员获取IO操作的状态，然后使用WdfRequestComplete函数完成请求。