以下示例演示如何通过添加对 IoIs32bitProcess 的调用来修改 64 位的 32 位驱动程序。 请注意,此示例仅显示需要修改的驱动程序代码部分。
原始驱动程序代码
typedef struct _TESTDRV_EVENT_BUFFER {
HANDLE Handle;
ULONG Key;
} TESTDRV_EVENT_BUFFER, *PTESTDRV_EVENT_BUFFER;
NTSTATUS
TestdrvFsControl (
IN PTESTDRV_DEVICE_OBJECT TestdrvDeviceObject,
IN PIRP Irp
)
{
...
InputBufferLength =
IrpSp->Parameters.FileSystemControl.InputBufferLength;
if (InputBufferLength < sizeof(TESTDRV_EVENT_BUFFER)) {
DebugTrace(0, Dbg, "System buffer size is too small\n", 0);
FsRtlCompleteRequest( Irp, STATUS_INVALID_PARAMETER );
return STATUS_INVALID_PARAMETER;
}
Buffer = Irp->AssociatedIrp.SystemBuffer;
// start using the event buffer
...
}
支持 Thunking 的驱动程序代码
typedef struct _TESTDRV_EVENT_BUFFER {
HANDLE Handle;
ULONG Key;
} TESTDRV_EVENT_BUFFER, *PTESTDRV_EVENT_BUFFER;
//
// Define a 32-bit thunking structure
//
#if defined(_WIN64)
typedef struct _TESTDRV_EVENT_BUFFER32 {
UINT32 Handle;
ULONG Key;
} TESTDRV_EVENT_BUFFER32, *PTESTDRV_EVENT_BUFFER32;
#endif
//
// Intercept the input buffer as a 32-bit structure and thunk it to
// 64-bit
NTSTATUS
TestdrvFsControl (
IN PTESTDRV_DEVICE_OBJECT TestdrvDeviceObject,
IN PIRP Irp
)
{
TESTDRV_EVENT_BUFFER LocalBuffer;
...
InputBufferLength =
IrpSp->Parameters.FileSystemControl.InputBufferLength;
#if defined(_WIN64)
if (IoIs32bitProcess(Irp)) {
PTESTDRV_EVENT_BUFFER32 Buffer32;
if (InputBufferLength < sizeof(TESTDRV_EVENT_BUFFER32)) {
DebugTrace(0, Dbg, "Irp32 : System buffer size is too
small\n", 0);
FsRtlCompleteRequest( Irp, STATUS_INVALID_PARAMETER );
return STATUS_INVALID_PARAMETER;
}
Buffer = &LocalBuffer;
Buffer32 = Irp->AssociatedIrp.SystemBuffer;
Buffer->Handle = (HANDLE)Buffer32->Handle;
Buffer->Key = Buffer32->Key;
}
else {
#endif
if (InputBufferLength < sizeof(TESTDRV_EVENT_BUFFER)) {
DebugTrace(0, Dbg, "System buffer size is too small\n", 0);
FsRtlCompleteRequest( Irp, STATUS_INVALID_PARAMETER );
return STATUS_INVALID_PARAMETER;
}
Buffer = Irp->AssociatedIrp.SystemBuffer;
#if defined(_WIN64)
}
#endif
// start using the Event Buffer
...
}