文件过滤驱动操作请求、结果

IRP_MJ_CREATE：消息会在新建和打开的请求中产生。

            设置完成函数,等待本次新建结束以后才能够判断是新建还是打开。

           //操作的请求，保存在(currentIrpStack->Parameters.Create.Options >> 24)&0xFF。
            即 currentIrpStack->Parameters.Create.Options的高8位。
            #define FILE_SUPERSEDE 0x00000000
            #define FILE_OPEN 0x00000001
            #define FILE_CREATE 0x00000002
            #define FILE_OPEN_IF 0x00000003
            #define FILE_OVERWRITE 0x00000004
            #define FILE_OVERWRITE_IF 0x00000005
            #define FILE_MAXIMUM_DISPOSITION 0x00000005

             //操作的结果,保存在calldriver函数调用后的 Irp->IoStatus.Information中:
            #define FILE_SUPERSEDED 0x00000000
            #define FILE_OPENED 0x00000001
            #define FILE_CREATED 0x00000002
            #define FILE_OVERWRITTEN 0x00000003
            #define FILE_EXISTS 0x00000004
            #define FILE_DOES_NOT_EXIST 0x00000005

            //有新建可能的请求
            if(disposition==FILE_CREATE||disposition==FILE_OPEN_IF||disposition==FILE_OVERWRITE_IF)

            // 初始化事件
                  KeInitializeEvent( &waitEvent,
                   NotificationEvent,
                   FALSE );
                  // 因为我们要等待完成，所以必须拷贝当前调用栈
                  IoCopyCurrentIrpStackLocationToNext ( Irp );
                  // 设置完成函数，并把事件的指针当上下文传入。
                  IoSetCompletionRoutine( Irp,
                   IoIrpCompletion,
                   &waitEvent, //上下文指针
                   TRUE,
                   TRUE,
                   TRUE );
     
                  //
                  // Return the results of the call to the caller
                  //
                  // 发送IRP 并等待事件完成
                  status = IoCallDriver( hookExt->FileSystem, Irp );

                  if (STATUS_PENDING == status) {
                   status = KeWaitForSingleObject( &waitEvent,
                    Executive,
                    KernelMode,
                    FALSE,
                    NULL );
                   ASSERT( STATUS_SUCCESS == status );
                  }

                  Information = Irp->IoStatus.Information; //记录本次操作的结果。
                 // Information == FILE_CREATED表示新建操作。
                // Information == FILE_OPEND表示打开操作。
                 // .....

IRP_MJ_WRITE：写操作。(WriteFile)

IRP_MJ_SET_INFORATION：删除/重命名/截断文件请求(修改文件：改变文件大小)/其他(目前我没用到)。

            //操作的请求,保存在currentIrpStack->Parameters.SetFile.FileInformationClass