none
How to get the value of cursor position in a filter driver from MOUSE_INPUT_DATA RRS feed

  • Question

  • I want to make a mouse filter driver to get the value of the cursor position. The filter driver installation point is L "mouclass". The cursor position value will output to the application through the DeviceIoControl procedure. But the value of LastX and LastY from MOUSE_INPUT_DATA data structure were always zero in the process of mouse read complete rounting function. Please master guiding maze. Thank you! I post the major programming code.

    NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,IN PUNICODE_STRING RegistryPath)
     {
             ULONG i;
             NTSTATUS status = STATUS_SUCCESS;
             for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; ++i)
             {
                     DriverObject->MajorFunction[i] = PassDispatch;
             }
             DriverObject->MajorFunction[IRP_MJ_READ] = MouRead;
             DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]= DeviceIoControl;
             DriverObject->DriverUnload = Unload;
             status = AttachDevices(DriverObject, RegistryPath);
             return status;
     }

     NTSTATUS MouRead(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
     {
             NTSTATUS status;
            PMOU_DEV_EXT devExt;
             PIO_STACK_LOCATION IrpStack = IoGetCurrentIrpStackLocation(Irp);
             KIRQL IrqLevel;
             if (Irp->CurrentLocation == 1)
             {
                     ULONG ReturnedInformation = 0;
                     status = STATUS_INVALID_DEVICE_REQUEST;
                     Irp->IoStatus.Status = status;
                     Irp->IoStatus.Information = ReturnedInformation;
                     IoCompleteRequest(Irp, IO_NO_INCREMENT);
                     return(status);
             }
             KeyCount++;
             devExt = (PMOU_DEV_EXT)DeviceObject->DeviceExtension;
             IoCopyCurrentIrpStackLocationToNext(Irp);
             KeAcquireSpinLock(&devExt->SpinLock, &IrqLevel);
             InterlockedIncrement(&devExt->IrpsInProgress);
             KeReleaseSpinLock(&devExt->SpinLock, IrqLevel);
             IoSetCompletionRoutine(Irp, MouReadComplete, DeviceObject, TRUE, TRUE, TRUE);
             status = IoCallDriver(devExt->LowerObject, Irp);
             return status;
     }

     NTSTATUS MouReadComplete(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp,IN PVOID Context)
     {
             UNREFERENCED_PARAMETER(DeviceObject);
             PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp);
             PMOUSE_INPUT_DATA pCursor;
             PMOU_DEV_EXT devExt = (PMOU_DEV_EXT)DeviceObject->DeviceExtension;
             ULONG buf_len = 0;
             PUCHAR buf = NULL;
             size_t numKeys;
             ULONG i,num;
             KIRQL IrqLevel;

             if (NT_SUCCESS(Irp->IoStatus.Status))
             {
                     pCursor = (PMOUSE_INPUT_DATA)(Irp->AssociatedIrp.SystemBuffer);
                     buf_len = Irp->IoStatus.Information;
                     numKeys = buf_len / sizeof(MOUSE_INPUT_DATA);
                     nUm = numKeys;
                     pCursor->Flags = 0;
                             if (pCursor->ButtonFlags == MOUSE_LEFT_BUTTON_UP)
                             {
                                           //// The pCursorLastX and pCursorLastY is global variables that will be outputed to the application via the DeviceIoControl procedure. If I assigned the specific value to them, the application receive the correct data. But if I assigned  pCursor-> LastX and pCursor-> LastY to them, the application receive the data awlays zero. Where is the key error?


                                            pCursorLastX = pCursor->LastX;
                                             pCursorLastY = pCursor->LastY;
                                             DbgPrint(("LEFT Buttons\n"));

                             }

             }
             KeyCount--;
             if (Irp->pendingReturned)
             {
                     IoMarkIrpPending(Irp);
             }
             KeAcquireSpinLock(&devExt->SpinLock, &IrqLevel);
             InterlockedDecrement(&devExt->IrpsInProgress);
             KeReleaseSpinLock(&devExt->SpinLock, IrqLevel);
             return Irp->IoStatus.Status;
     }

     NTSTATUS c2pAttachDevices(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
     {
             UNREFERENCED_PARAMETER(RegistryPath);
             NTSTATUS status = STATUS_UNSUCCESSFUL;
             UNICODE_STRING        uDeviceName = { 0 };
             UNICODE_STRING        uSymbolName = { 0 };
             UNICODE_STRING uniNtNameString;
             PMOU_DEV_EXT  devExt;
             PDEVICE_OBJECT FiltObject = NULL;
             PDEVICE_OBJECT PhysObject = NULL;
             PDEVICE_OBJECT LowerObject = NULL;
             PDRIVER_OBJECT MouseDriverObject = NULL;
             UNICODE_STRING sddl = RTL_CONSTANT_STRING(L"D(A;;GA;;;WD)";
             RtlInitUnicodeString(&uDeviceName, micksysur);
             RtlInitUnicodeString(&uSymbolName, micksysTestr);
             RtlInitUnicodeString(&uniNtNameString, mouclass);

             status = ObReferenceObjectByName(
                     &uniNtNameString,
                     OBJ_CASE_INSENSITIVE,
                     NULL,
                     FILE_ALL_ACCESS,
                     *IoDriverObjectType,
                     KernelMode,
                     NULL,
                     &MouseDriverObject
             );
             if (!NT_SUCCESS(status))
             {
                     KdPrint(("MyAttach: ObReferenceObjectByName Failed!!");
                     return(status);
             }
             else
            {
                     ObDereferenceObject(DriverObject);
             }
             PhysObject = MouseDriverObject->DeviceObject;

    status = IoCreateDeviceSecure(
                             IN DriverObject,
                             IN sizeof(PMOU_DEV_EXT),
                             IN &uDeviceName,
                             IN PhysObject->DeviceType,
                             IN PhysObject->Characteristics,
                             IN FALSE,
                             IN &sddl,
                             IN(LPCGUID)&Com_GUID,
                             OUT &FiltObject
                     );
                     IoCreateSymbolicLink(&uSymbolName, &uDeviceName);

    if (!NT_SUCCESS(status))
                     {
                             KdPrint(("MyAttach: IoCreateDeviceSecure Failed!!");
                             return (status);
                     }
                     LowerObject = IoAttachDeviceToDeviceStack(FiltObject, PhysObject);

                    devExt = (PMOU_DEV_EXT)(FiltObject->DeviceExtension);

                     memset(devExt, 0, sizeof(PMOU_DEV_EXT));
                     devExt->FiltObject = FiltObject;
                     devExt->PhysObject = PhysObject;
                     devExt->LowerObject = LowerObject;
                     KeInitializeSpinLock(&devExt->SpinLock);
                     devExt->IrpsInProgress = 0;

                    FiltObject->DeviceType = LowerObject->DeviceType;
                     FiltObject->Characteristics = LowerObject->Characteristics;
                     FiltObject->StackSize = LowerObject->StackSize + 1;
                     FiltObject->Flags |= (DO_BUFFERED_IO | DO_POWER_PAGABLE);
                     FiltObject->Flags &= ~DO_DEVICE_INITIALIZING;
             return status;
     }

    Wednesday, January 31, 2018 10:02 AM

Answers

  • LastX and Y are relative position values. Zero means the mouse didn’t move. Regardless at this layer you can’t compute position as it is computed at the win32k.sys later. Also, it is not recommended to attach after the stack has been started. You can use the moufiltr example in git and it will put your filter in the right spot when the stack is starting. Finally, you have a bug in the size of your device extension when calling iocreatedevicesecure. You have sizeof(PMOU_DEV_EXT),, should be sizeof(MOU_DEV_EXT),

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, January 31, 2018 3:27 PM