AK922 HOOK after loading the IofCompleteRequest function, make all completed an IRP through his processing, the HOOK function used in the judgment of the code like this:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
If (pIrpStack - & gt; MajorFunction== IRP_MJ_DIRECTORY_CONTROL & amp; &
PIrpStack - & gt; MinorFunction== IRP_MN_QUERY_DIRECTORY
{
//this part is to send a query directory IRP processing
}


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
If (pIrpStack - & gt; MajorFunction== certain
{

If ( IsDiskDevice (pIrpStack - & gt; DeviceObject))//IsDiskDevice determine whether the initialization traversal of disk devices list, if in the thought that the IRp is sent to disk devices, so do the processing of the disk level
{
//subsequent processing, filtering NTFS and FAT32 file system under AK922 file

}
}

Under such a filter, I use Readfile read disk data, why would read AK922 this file data?
Send the IRP is certain types of Readfile, and sending objects is disk devices, by rights should also be affected??
Hope everybody can nudge some, thank you

CodePudding user response:

Never make the HOOK IofCompleteRequest function, to learn

CodePudding user response:

reference 1st floor aabbabababaa response:

didn't HOOK IofCompleteRequest function, to learn

So the ReadFile can read the content will be AK922 driver HOOK the IofCompleteRequest reason: