从Windows内核驱动程序持续写入一个文件

嗨,我是新的内核级编程,并试图build立一个简单的日志写入驱动程序。 我想要实现的是有一个持久的驱动程序将每个预定义的时间间隔写入引用的文本到系统path中的文件。 (我不熟悉IRQ挂钩)

我有以下的全局时间

// Timer PKTIMER pTimer = NULL; // Pointer to the timer PKDPC pDpcObject = NULL; // Pointer to the DPC #define IDLE_INTERVAL (10000) 

我在DriverEntry中调用以下代码(但是,下面的代码的问题是它的写入function在计算机重新启动时失败)有人可以提出修复吗? 是否应该被IRQ主叫调用?

 while(1) { if (pTimer == NULL) // if timer object does not exist: { // Allocate memory for the object timer pTimer = (PKTIMER) ExAllocatePool (NonPagedPool, sizeof (KTIMER)); KeInitializeTimer (pTimer); // Initialize the timer object // Allocate memory for the DPC object and initialize it pDpcObject = (PKDPC) ExAllocatePool (NonPagedPool, sizeof (KDPC)); KeInitializeDpc (pDpcObject, MyDeferredRoutine, pTimer); } LARGE_INTEGER dueTime; dueTime.QuadPart = -10000 * IDLE_INTERVAL; // 10000 * 10000 * 1 ns // "Platoon" timer: KeSetTimerEx (pTimer, dueTime, // latency relative interval (IDLE_INTERVAL / 2), // period of 5 seconds, ie 5000 * 1 ms pDpcObject); if (KeReadStateTimer (pTimer)) { //DbgPrint ("- Example- KeReadStateTimer returns TRUE."); } else { // DbgPrint ("- Example- KeReadStateTimer returns FALSE."); } } Status = KeWaitForSingleObject (pTimer, Executive, // IN KWAIT_REASON WaitReason, KernelMode, // IN KPROCESSOR_MODE WaitMode, FALSE, // IN BOOLEAN Alertable, NULL); // IN PLARGE_INTEGER Timeout OPTIONAL RtlInitUnicodeString(&TestName, L"\\??\\C:\\log.txt"); InitializeObjectAttributes(&ObjAttr, &TestName, OBJ_CASE_INSENSITIVE, 0, NULL); Status = NtCreateFile(&TestFile, FILE_WRITE_DATA + SYNCHRONIZE, &ObjAttr, &IoStatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_WRITE, FILE_OVERWRITE_IF, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); if(Status == STATUS_SUCCESS) { Status = NtWriteFile(TestFile, 0, NULL, NULL, &IoStatus, (PCHAR)"OUR LOG STORED TO LOG FILE", 22, NULL, NULL); } NtClose(TestFile); }