Драйвер-фильтр клавиатуры

... В процедуре инициализации ...
mov ebx, [driver_object]
        mov [ebx + DRIVER_OBJECT.DriverUnload], DriverUnload
        lea edi, [ebx + DRIVER_OBJECT.MajorFunction]
        mov ecx, IRP_MJ_MAXIMUM_FUNCTION + 1
        mov eax, DriverDispatch
        rep stosd
        invoke IoCreateDevice,ebx,sizeof.FiDO_DEVICE_EXTENSION,NULL,FILE_DEVICE_UNKNOWN,0,FALSE,keyboard_filter_object
        cmp eax, STATUS_SUCCESS
        jne .create_filter_device_error
        invoke IoGetDeviceObjectPointer,keyboard_device_name,FILE_READ_DATA,keyboard_file_object,keyboard_device_object
        cmp eax, STATUS_SUCCESS
        jne .get_device_object_error
        invoke IoAttachDeviceToDeviceStack,[keyboard_filter_object],[keyboard_device_object]
        test eax, eax
        jz .get_device_object_error
        mov edx, eax
        mov ebx, [keyboard_filter_object]
        mov eax, [ebx + DEVICE_OBJECT.DeviceExtension]
        mov [eax + FiDO_DEVICE_EXTENSION.NextLowerDeviceObject], edx
        push [keyboard_file_object]
        pop [eax + FiDO_DEVICE_EXTENSION.TargetFileObject]
        mov eax, [edx + DEVICE_OBJECT.DeviceType]
        mov [ebx + DEVICE_OBJECT.DeviceType], eax
        mov eax, [edx + DEVICE_OBJECT.Flags]
        and eax, DO_DIRECT_IO + DO_BUFFERED_IO + DO_POWER_PAGABLE
        or [ebx + DEVICE_OBJECT.Flags], eax
        and [ebx + DEVICE_OBJECT.Flags], not DO_DEVICE_INITIALIZING
...
proc DriverDispatch stdcall,_device_object,io_request_packet
        mov eax, [_device_object]
        cmp eax, [device_object]
        je .driver_control
        cmp eax, [keyboard_filter_object]
        je .keyboard_filter
        mov ecx, [io_request_packet]
        mov [ecx + IoRequestPacket.IoStatus.Status], STATUS_INVALID_DEVICE_REQUEST
        mov [ecx + IoRequestPacket.IoStatus.Information], 0
        fastcall IofCompleteRequest,ecx,IO_NO_INCREMENT
        mov eax, STATUS_INVALID_DEVICE_REQUEST
        jmp .exit
.driver_control:
        stdcall DispatchCreateClose,[_device_object],[io_request_packet]
        mov eax, STATUS_SUCCESS
        jmp .exit
.keyboard_filter:
        mov eax, [io_request_packet]
        mov eax, [eax + IoRequestPacket.CurrentStackLocation]
        movzx eax, [eax + IO_STACK_LOCATION.MajorFunction]
        cmp eax, IRP_MJ_POWER
        jne @f
        stdcall DispatchPower,[_device_object],[io_request_packet]
        jmp .exit
@@:
        stdcall DispatchPassThrough,[_device_object],[io_request_packet]
        jmp .exit
.exit:
        ret
endp
proc DispatchPassThrough stdcall _device_object,io_request_packet
        mov eax, [io_request_packet]
        inc [eax + IoRequestPacket.CurrentLocation]
        add [eax + IoRequestPacket.CurrentStackLocation], sizeof.IO_STACK_LOCATION
        mov eax, [_device_object]
        mov eax, [eax + DEVICE_OBJECT.DeviceExtension]
        invoke IoCallDriver,[eax + FiDO_DEVICE_EXTENSION.NextLowerDeviceObject],[io_request_packet]
        ret
endp
proc DispatchPower stdcall _device_object,io_request_packet
        invoke PoStartNextPowerIrp,[io_request_packet]
        mov eax, [io_request_packet]
        inc [eax + IoRequestPacket.CurrentLocation]
        add [eax + IoRequestPacket.CurrentStackLocation], sizeof.IO_STACK_LOCATION
        mov eax, [_device_object]
        mov eax, [eax + DEVICE_OBJECT.DeviceExtension]
        invoke PoCallDriver,[eax + FiDO_DEVICE_EXTENSION.NextLowerDeviceObject],[io_request_packet]
        ret
endp
proc DispatchCreateClose stdcall uses ebx,device_object,io_request_packet
        mov ebx, [io_request_packet]
virtual at ebx
        .irp IoRequestPacket
end virtual
        mov [.irp.IoStatus.Status], STATUS_SUCCESS
        mov [.irp.IoStatus.Information], 0
        fastcall IofCompleteRequest,ebx,IO_NO_INCREMENT
        mov eax, STATUS_SUCCESS
        ret
endp