IRQL-NOT-LESS-OR-EQUAL 的解决
真不爽,遇到这个错误搞了好几天,先是在windbg上看了这个错误的说明:
说是在dispatch或者之上的级别上调用了分页内存导致的地址不可访问的错误
我要调用的函数是驱动开发书上的例子:
#pragma PAGEDCODE
VOID WriteFileTest(IN PDEVICE_OBJECT DeviceObject)
{
DbgPrint(("writefile/n" ));
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
PDEVICE_EXTENSION pdx=(PDEVICE_EXTENSION) DeviceObject->DeviceExtension;
int i=pdx->i;
if (KeGetCurrentIrql()==DISPATCH_LEVEL)
{
DbgPrint(("DISPATCH_LEVEL writefile"));
}
else
{
DbgPrint(("passiver lessvel"));
}
DbgPrint(("testScanCode: %x ", pdx->CODE[i++]));
//初始化UNICODE_STRING字符串
RtlInitUnicodeString( &logFileUnicodeString,
L"//??//C://TEST.log");
//或者写成 "//Device//HarddiskVolume1//1.LOG"
//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
OBJ_CASE_INSENSITIVE,//对大小写敏感
NULL,
NULL );
DbgPrint(("InitializeObjectAttributes "));
//创建文件
NTSTATUS ntStatus = ZwCreateFile( &hfile,
GENERIC_WRITE,
&objectAttributes,
&iostatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_WRITE,
FILE_OPEN_IF,//即使存在该文件,也创建
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0 );
DbgPrint(("ZwCreateFile "));
/************************************************************************/
/* #define BUFFER_SIZE 1024
PUCHAR pBuffer = (PUCHAR)ExAllocatePool(NonPagedPool,BUFFER_SIZE);
//构造要填充的数据
DbgPrint(("ExAllocatePool "));
RtlFillMemory(pBuffer,BUFFER_SIZE,0xAA); */
/************************************************************************/
PUCHAR pBuffer=(PUCHAR) ExAllocatePool(NonPagedPool,sizeof(pdx->CODE[i]));
RtlFillMemory(pBuffer,sizeof(pdx->CODE[i]),pdx->CODE[i]);
//写文件
ZwWriteFile(hfile,NULL,NULL,NULL,&iostatus,pBuffer,sizeof(pdx->CODE[i]),NULL,NULL);
DbgPrint(("ZwWriteFile "));
DbgPrint(("code is %d",&pBuffer));
//关闭文件句柄
ZwClose(hfile);
ExFreePool(pBuffer);
DbgPrint(("LEAVE WRITE"));
// PsTerminateSystemThread(STATUS_SUCCESS);
}
在dispatch权限的完成历程中调用的就蓝屏了出现了这个错误,后来在read历程中(在dispatch权限之下的级别)调用成功了
分析:ZwCreateFile
在ddk中明确表示必须运行在passiver_lessver级别上,大概就是这个原因吧