163 blogs的博客：记录 Createfile, DeviceIoControl, CloseHandle 几个函数的调用堆栈

记录 Createfile, DeviceIoControl, CloseHandle 几个函数的调用堆栈

发布时间：2013-9-9 11:50
分类名称：Debug_Crack

CreateFile:

b25e2a5c 804f018f DsHelloWDM!HandleIrpFuncs [c:\work\test\test2\driver.cpp @ 135]

b25e2a6c 805841fa nt!IopfCallDriver+0x31

b25e2b4c 805c0444 nt!IopParseDevice+0xa12

b25e2bc4 805bc9d0 nt!ObpLookupObjectName+0x53c

b25e2c18 80577033 nt!ObOpenObjectByName+0xea

b25e2c94 805779aa nt!IopCreateFile+0x407

b25e2cf0 8057a0b4 nt!IoCreateFile+0x8e

b25e2d30 8054261c nt!NtCreateFile+0x30

b25e2d30 7c92e4f4 nt!KiFastCallEntry+0xfc

0012fdb8 7c92d09c ntdll!KiFastSystemCallRet

0012fdbc 7c8109a6 ntdll!NtCreateFile+0xc

0012fe54 7c801a53 kernel32!CreateFileW+0x35f

0012fe78 004011c5 kernel32!CreateFileA+0x30

0012ff20 00401414 Test!GetDeviceViaInterface+0x185 [C:\Work\test\test2\Test\function.cpp @ 74]

0012ff80 00401719 Test!main+0x24 [C:\Work\test\test2\Test\main.cpp @ 10]

0012ffc0 7c817067 Test!mainCRTStartup+0xe9 [crt0.c @ 206]

0012fff0 00000000 kernel32!BaseProcessStart+0x23

DeviceIoControl:

b25e2c40 804f018f DsHelloWDM!HandleIrpFuncs [c:\work\test\test2\driver.cpp @ 135]

b25e2c50 80580982 nt!IopfCallDriver+0x31

b25e2c64 805817f7 nt!IopSynchronousServiceTail+0x70

b25e2d00 8057a274 nt!IopXxxControlFile+0x5c5

b25e2d34 8054261c nt!NtDeviceIoControlFile+0x2a

b25e2d34 7c92e4f4 nt!KiFastCallEntry+0xfc

0012fe48 7c92d26c ntdll!KiFastSystemCallRet

0012fe4c 7c801675 ntdll!ZwDeviceIoControlFile+0xc

0012feac 004013b7 kernel32!DeviceIoControl+0xdd

0012ff24 00401452 Test!TestDriver+0x37 [C:\Work\test\test2\Test\function.cpp @ 100]

0012ff80 00401719 Test!main+0x62 [C:\Work\test\test2\Test\main.cpp @ 20]

0012ffc0 7c817067 Test!mainCRTStartup+0xe9 [crt0.c @ 206]

0012fff0 00000000 kernel32!BaseProcessStart+0x23

CloseHandle:

b25e2c68 804f018f DsHelloWDM!HandleIrpFuncs [c:\work\test\test2\driver.cpp @ 135]

b25e2c78 80584af8 nt!IopfCallDriver+0x31

b25e2cb0 805bc466 nt!IopDeleteFile+0x132

b25e2ccc 805276ca nt!ObpRemoveObjectRoutine+0xe0

b25e2ce4 805bd33b nt!ObfDereferenceObject+0x4c

b25e2cfc 805bd3d1 nt!ObpCloseHandleTableEntry+0x155

b25e2d44 805bd509 nt!ObpCloseHandle+0x87

b25e2d58 8054261c nt!NtClose+0x1d

b25e2d58 7c92e4f4 nt!KiFastCallEntry+0xfc

0012ff14 7c92cfdc ntdll!KiFastSystemCallRet

0012ff18 7c809c1b ntdll!NtClose+0xc

0012ff24 00401461 kernel32!CloseHandle+0x51

0012ff80 00401719 Test!main+0x71 [C:\Work\test\test2\Test\main.cpp @ 21]

0012ffc0 7c817067 Test!mainCRTStartup+0xe9 [crt0.c @ 206]

0012fff0 00000000 kernel32!BaseProcessStart+0x23