NPF_CreateDevice:這個函數主要是創建設備,併爲設備創建符號鏈接,這其中涉及到的標準API請參考wdk文檔
- 首先會對傳遞進來的設備名字做合法性判斷:()
if (RtlCompareMemory(amacNameP->Buffer, devicePrefix.Buffer,
devicePrefix.Length) < devicePrefix.Length)
{
return FALSE;
}NDIS_STRING devicePrefix = NDIS_STRING_CONST(//Device// )
- 然後會對設備名字和符號鏈接名字做一系列的初始化,如分配空間,組合字符串等
deviceName.Length = 0;
deviceName.MaximumLength = (USHORT)(amacNameP->Length + g_NPF_Prefix.Length + sizeof(UNICODE_NULL));
deviceName.Buffer = ExAllocatePoolWithTag(PagedPool, deviceName.MaximumLength, '3PWA');if (deviceName.Buffer == NULL)
return FALSE;deviceSymLink.Length = 0;
deviceSymLink.MaximumLength =(USHORT)(amacNameP->Length-devicePrefix.Length
+ symbolicLinkPrefix.Length
+ g_NPF_Prefix.Length
+ sizeof(UNICODE_NULL));deviceSymLink.Buffer = ExAllocatePoolWithTag(NonPagedPool, deviceSymLink.MaximumLength, '3PWA');
if (deviceSymLink.Buffer == NULL)
{
ExFreePool(deviceName.Buffer);
return FALSE;
}RtlAppendUnicodeStringToString(&deviceName, &devicePrefix);
RtlAppendUnicodeStringToString(&deviceName, &g_NPF_Prefix);
RtlAppendUnicodeToString(&deviceName, amacNameP->Buffer +
devicePrefix.Length / sizeof(WCHAR));RtlAppendUnicodeStringToString(&deviceSymLink, &symbolicLinkPrefix);
RtlAppendUnicodeStringToString(&deviceSymLink, &g_NPF_Prefix);
RtlAppendUnicodeToString(&deviceSymLink, amacNameP->Buffer +
devicePrefix.Length / sizeof(WCHAR)); - 最後就是創建設備和符號鏈接
status = IoCreateDevice(adriverObjectP,
sizeof(DEVICE_EXTENSION),
&deviceName,
FILE_DEVICE_TRANSPORT,
#ifdef __NPF_NT4__
0,
#else //__NPF_NT4__
FILE_DEVICE_SECURE_OPEN,
#endif //__NPF_NT4__
FALSE,
&devObjP);IoCreateSymbolicLink(&deviceSymLink,&deviceName)