KMDF驱动如何获取底层硬盘驱动对象，并向其发送IRP_MJ_READ请求？请给出示例

要获取底层硬盘驱动对象并向其发送IRP_MJ_READ请求，可以使用下面的示例代码：

#include <ntddk.h>

NTSTATUS ReadSector(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context)
{
    // 获取IRP的输入输出缓冲区
    PIO_STACK_LOCATION irpStack = IoGetCurrentIrpStackLocation(Irp);
    PVOID inputBuffer = Irp->AssociatedIrp.SystemBuffer;
    PVOID outputBuffer = Irp->UserBuffer;

    // 分配一个MDL描述符并锁定输入缓冲区
    PMDL mdl = IoAllocateMdl(inputBuffer, irpStack->Parameters.Read.Length, FALSE, FALSE, NULL);
    MmBuildMdlForNonPagedPool(mdl);
    MmProbeAndLockPages(mdl, KernelMode, IoReadAccess);

    // 构造IRP并发送给底层驱动
    PIRP readIrp = IoBuildSynchronousFsdRequest(IRP_MJ_READ, DeviceObject, outputBuffer, irpStack->Parameters.Read.Length, &irpStack->Parameters.Read.StartingOffset, NULL, NULL);
    NTSTATUS status = IoCallDriver(DeviceObject, readIrp);

    // 解锁并释放MDL
    MmUnlockPages(mdl);
    IoFreeMdl(mdl);

    return status;
}

NTSTATUS DispatchReadWrite(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
    // 获取IRP的输入输出缓冲区
    PIO_STACK_LOCATION irpStack = IoGetCurrentIrpStackLocation(Irp);
    PVOID inputBuffer = Irp->AssociatedIrp.SystemBuffer;
    PVOID outputBuffer = Irp->UserBuffer;

    // 如果是读请求，则调用ReadSector函数发送IRP_MJ_READ请求
    if (irpStack->MajorFunction == IRP_MJ_READ)
    {
        return ReadSector(DeviceObject, Irp, NULL);
    }

    // 如果是写请求，则直接返回成功
    if (irpStack->MajorFunction == IRP_MJ_WRITE)
    {
        Irp->IoStatus.Status = STATUS_SUCCESS;
        Irp->IoStatus.Information = irpStack->Parameters.Write.Length;
        IoCompleteRequest(Irp, IO_NO_INCREMENT);
        return STATUS_SUCCESS;
    }

    // 其他请求则返回未实现
    Irp->IoStatus.Status = STATUS_NOT_IMPLEMENTED;
    Irp->IoStatus.Information = 0;
    IoCompleteRequest(Irp, IO_NO_INCREMENT);
    return STATUS_NOT_IMPLEMENTED;
}

NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
    // 创建设备对象
    PDEVICE_OBJECT deviceObject;
    UNICODE_STRING deviceName = RTL_CONSTANT_STRING(L"\\Device\\MyDisk");
    UNICODE_STRING symbolicLinkName = RTL_CONSTANT_STRING(L"\\DosDevices\\MyDisk");
    NTSTATUS status = IoCreateDevice(DriverObject, 0, &deviceName, FILE_DEVICE_DISK, 0, FALSE, &deviceObject);
    if (!NT_SUCCESS(status))
    {
        return status;
    }

    // 创建符号链接
    status = IoCreateSymbolicLink(&symbolicLinkName, &deviceName);
    if (!NT_SUCCESS(status))
    {
        IoDeleteDevice(deviceObject);
        return status;
    }

    // 设置IRP处理函数
    for (ULONG i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
    {
        DriverObject->MajorFunction[i] = DispatchReadWrite;
    }

    // 获取底层硬盘驱动对象
    WCHAR diskName[] = L"\\Device\\Harddisk0\\Partition1";
    UNICODE_STRING diskNameUnicode = RTL_CONSTANT_STRING(diskName);
    PDEVICE_OBJECT diskObject = IoGetDeviceObjectByDeviceName(&diskNameUnicode);

    // 发送IRP_MJ_READ请求
    PVOID buffer = ExAllocatePoolWithTag(NonPagedPool, 512, 'MyD');
    if (buffer != NULL)
    {
        LARGE_INTEGER offset = { 0 };
        PIRP readIrp = IoBuildSynchronousFsdRequest(IRP_MJ_READ, diskObject, buffer, 512, &offset, NULL, NULL);
        if (readIrp != NULL)
        {
            status = IoCallDriver(diskObject, readIrp);
            if (NT_SUCCESS(status))
            {
                DbgPrint("Read sector successfully!\n");
            }
            else
            {
                DbgPrint("Read sector failed with status 0x%X\n", status);
            }
        }
        else
        {
            DbgPrint("Failed to build IRP\n");
        }
        ExFreePoolWithTag(buffer, 'MyD');
    }
    else
    {
        DbgPrint("Failed to allocate buffer\n");
    }

    return STATUS_SUCCESS;
}

在这个示例中，我们首先创建了一个设备对象并设置了IRP处理函数为DispatchReadWrite。这个函数会根据IRP的MajorFunction字段来判断是否是读请求或写请求，如果是读请求则调用ReadSector函数发送IRP_MJ_READ请求，如果是写请求则直接返回成功。如果是其他请求则返回未实现。

在DriverEntry函数中，我们获取了底层硬盘驱动对象，并发送了一个IRP_MJ_READ请求来读取磁盘扇区。注意，这里的硬盘驱动对象是通过设备名获取的，因此需要知道硬盘的设备名才能获取到正确的对象。