-
-
求解文件系统过滤驱动FAT32中的问题
-
发表于: 2011-8-6 14:29 3597
-
在NTFS下正常,发现如果在FAT32下有隐藏文件,就是出现内存错误,出错部份为函数HideHandler,希望有懂的朋友解答一下,谢谢。代码如下:
头文件HideDirFile.h
typedef struct _ATTACH_EXTENSION {
CHAR VolumeLetter;
PDEVICE_OBJECT VolumeDevice;
} ATTACH_EXTENSION, *PATTACH_EXTENSION;
PDRIVER_OBJECT g_DriverObject;
源文件
#include
#include "HideDirFile.h"
//-------------------------------------------------
// F A S T I / O
//-------------------------------------------------
BOOLEAN
FilemonFastIoCheckifPossible(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN BOOLEAN CheckForReadOperation,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoQueryBasicInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_BASIC_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoQueryStandardInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_STANDARD_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoLock(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
BOOLEAN FailImmediately,
BOOLEAN ExclusiveLock,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoUnlockSingle(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoUnlockAll(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoUnlockAllByKey(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId, ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoDeviceControl(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
IN PVOID InputBuffer,
IN ULONG InputBufferLength,
OUT PVOID OutbufBuffer,
IN ULONG OutputBufferLength,
IN ULONG IoControlCode,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
VOID
FilemonFastIoAcquireFile(
PFILE_OBJECT FileObject
);
VOID
FilemonFastIoReleaseFile(
PFILE_OBJECT FileObject
);
VOID
FilemonFastIoDetachDevice(
PDEVICE_OBJECT SourceDevice,
PDEVICE_OBJECT TargetDevice
);
//
// These are new NT 4.0 Fast I/O calls
//
BOOLEAN
FilemonFastIoQueryNetworkOpenInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT struct _FILE_NETWORK_OPEN_INFORMATION *Buffer,
OUT struct _IO_STATUS_BLOCK *IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoAcquireForModWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER EndingOffset,
OUT struct _ERESOURCE **ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlReadComplete(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoPrepareMdlWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlWriteComplete(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoReadCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
OUT struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoWriteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
IN PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlReadCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlWriteCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoQueryOpen(
IN struct _IRP *Irp,
OUT PFILE_NETWORK_OPEN_INFORMATION NetworkInformation,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoReleaseForModWrite(
IN PFILE_OBJECT FileObject,
IN struct _ERESOURCE *ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoAcquireForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoReleaseForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
);
//-------------------------------------------------
// C U S T O M F U N C T I O N
//-------------------------------------------------
NTSTATUS
GetVolumesToAttach(
OUT PULONG VolumesToAttach
);
NTSTATUS
AttachAllVolume(
IN PDRIVER_OBJECT DriverObject
);
NTSTATUS
AttachOneVolume(
IN ULONG Volume,
IN PDRIVER_OBJECT DriverObject
);
NTSTATUS
FilterDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
NTSTATUS
CompletionRoutine(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
);
BOOLEAN
HideOrNot(
IN PWCHAR FileName,
IN ULONG FileNameLength
);
VOID
HideHandler(
IN ULONG Index,
IN PFILE_BOTH_DIR_INFORMATION CurrEntry,
IN PFILE_BOTH_DIR_INFORMATION LastEntry,
IN PIRP Irp
);
//-------------------------------------------------
// N A T I V E A P I F U N C T I O N
//-------------------------------------------------
#define ProcessDeviceMap 23
#define DRIVE_UNKNOWN 0
#define DRIVE_NO_ROOT_DIR 1
#define DRIVE_REMOVABLE 2
#define DRIVE_CDROM 5
NTSTATUS
ZwQueryInformationProcess(
IN HANDLE ProcessHandle,
IN ULONG ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
OUT PULONG ReturnLength
);
FAST_IO_DISPATCH FastIOHook = {
sizeof(FAST_IO_DISPATCH),
FilemonFastIoCheckifPossible,
FilemonFastIoRead,
FilemonFastIoWrite,
FilemonFastIoQueryBasicInfo,
FilemonFastIoQueryStandardInfo,
FilemonFastIoLock,
FilemonFastIoUnlockSingle,
FilemonFastIoUnlockAll,
FilemonFastIoUnlockAllByKey,
FilemonFastIoDeviceControl,
FilemonFastIoAcquireFile,
FilemonFastIoReleaseFile,
FilemonFastIoDetachDevice,
//
// new for NT 4.0
//
FilemonFastIoQueryNetworkOpenInfo,
FilemonFastIoAcquireForModWrite,
FilemonFastIoMdlRead,
FilemonFastIoMdlReadComplete,
FilemonFastIoPrepareMdlWrite,
FilemonFastIoMdlWriteComplete,
FilemonFastIoReadCompressed,
FilemonFastIoWriteCompressed,
FilemonFastIoMdlReadCompleteCompressed,
FilemonFastIoMdlWriteCompleteCompressed,
FilemonFastIoQueryOpen,
FilemonFastIoReleaseForModWrite,
FilemonFastIoAcquireForCcFlush,
FilemonFastIoReleaseForCcFlush
};
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
ULONG i;
g_DriverObject = DriverObject;
//
// Dispatch Routine
//
for ( i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++ ) {
DriverObject->MajorFunction[i] = FilterDispatch;
}
//
// Fast I/O Calls
//
DriverObject->FastIoDispatch = &FastIOHook;
return AttachAllVolume( DriverObject );
}
NTSTATUS GetVolumesToAttach(OUT PULONG VolumesToAttach)
{
NTSTATUS status;
PROCESS_DEVICEMAP_INFORMATION DeviceMapInfo;
ULONG MaxVolumeSet;
ULONG CurVolumeSet;
ULONG i;
status = ZwQueryInformationProcess(
(HANDLE) 0xffffffff,
ProcessDeviceMap,
&DeviceMapInfo,
sizeof(DeviceMapInfo),
NULL
);
if ( !NT_SUCCESS(status) )
return status;
MaxVolumeSet = DeviceMapInfo.Query.DriveMap;
CurVolumeSet = MaxVolumeSet;
//
// 排除以下指定的类型
//
for ( i = 0; i < 26; i++ ) {
if ( MaxVolumeSet & (1 << i) ) {
switch ( DeviceMapInfo.Query.DriveType[i] ) {
case DRIVE_UNKNOWN:
case DRIVE_NO_ROOT_DIR:
case DRIVE_REMOVABLE:
case DRIVE_CDROM:
CurVolumeSet &= ~(1 << i);
break;
}
}
}
*VolumesToAttach = CurVolumeSet;
return STATUS_SUCCESS;
}
NTSTATUS
AttachOneVolume(
IN ULONG Volume,
IN PDRIVER_OBJECT DriverObject
)
{
WCHAR RootDirectory[] = L"//DosDevices//A://";
UNICODE_STRING ustrRootDirectory;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE FileHandle;
IO_STATUS_BLOCK IoStatus;
PFILE_OBJECT FileObject;
PDEVICE_OBJECT VolumeDevice;
PDEVICE_OBJECT AttachDevice;
PATTACH_EXTENSION AttachExtension;
NTSTATUS status;
RootDirectory[12] = (CHAR) ('A' + Volume);
RtlInitUnicodeString( &ustrRootDirectory, RootDirectory );
InitializeObjectAttributes(
&ObjectAttributes,
&ustrRootDirectory,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
status = ZwCreateFile(
&FileHandle,
SYNCHRONIZE | FILE_ANY_ACCESS,
&ObjectAttributes,
&IoStatus,
NULL,
0,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE,
NULL,
0
);
if ( !NT_SUCCESS(status) ) return status;
status = ObReferenceObjectByHandle(
FileHandle,
FILE_READ_DATA,
NULL,
KernelMode,
&FileObject,
NULL
);
if ( !NT_SUCCESS(status) ) {
ZwClose( FileHandle );
return status;
}
VolumeDevice = IoGetRelatedDeviceObject( FileObject );
if ( !VolumeDevice ) {
ObDereferenceObject( FileObject );
ZwClose( FileHandle );
return STATUS_UNSUCCESSFUL;
}
status = IoCreateDevice(
DriverObject,
sizeof(ATTACH_EXTENSION),
NULL,
VolumeDevice->DeviceType,
VolumeDevice->Characteristics,
FALSE,
&AttachDevice
);
if ( !NT_SUCCESS(status) ) {
ObDereferenceObject( FileObject );
ZwClose( FileHandle );
return status;
}
AttachDevice->Flags &= ~DO_DEVICE_INITIALIZING;
AttachDevice->Flags |= ( VolumeDevice->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO) );
AttachExtension = (PATTACH_EXTENSION) AttachDevice->DeviceExtension;
AttachExtension->VolumeLetter = (CHAR) ('A' + Volume);
AttachExtension->VolumeDevice = VolumeDevice;
if ( !IoAttachDeviceToDeviceStack(
AttachDevice,
VolumeDevice) ) {
IoDeleteDevice( AttachDevice );
ObDereferenceObject( FileObject );
ZwClose( FileHandle );
return STATUS_UNSUCCESSFUL;
}
return STATUS_SUCCESS;
}
NTSTATUS AttachAllVolume(IN PDRIVER_OBJECT DriverObject)
{
NTSTATUS status;
ULONG VolumesToAttach;
ULONG i;
status = GetVolumesToAttach( &VolumesToAttach );
if ( !NT_SUCCESS(status) )
return status;
for ( i = 0; i < 26; i++ ) {
if ( VolumesToAttach & (1 << i) ) {
status = AttachOneVolume( i, DriverObject );
if ( !NT_SUCCESS(status) ) {
return status;
}
}
}
return STATUS_SUCCESS;
}
NTSTATUS
FilterDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
PATTACH_EXTENSION AttachExtension;
AttachExtension = (PATTACH_EXTENSION) DeviceObject->DeviceExtension;
IoCopyCurrentIrpStackLocationToNext( Irp );
IoSetCompletionRoutine(
Irp,
CompletionRoutine,
NULL,
TRUE,
TRUE,
FALSE
);
return IoCallDriver( AttachExtension->VolumeDevice, Irp );
}
NTSTATUS
CompletionRoutine(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
PFILE_BOTH_DIR_INFORMATION volatile CurrEntry;
PFILE_BOTH_DIR_INFORMATION volatile LastEntry;
ULONG BufferLength;
ULONG Index;
PIO_STACK_LOCATION IrpSp;
IrpSp = IoGetCurrentIrpStackLocation( Irp );
if ( IrpSp->MajorFunction == IRP_MJ_DIRECTORY_CONTROL
&& IrpSp->MinorFunction == IRP_MN_QUERY_DIRECTORY
&& KeGetCurrentIrql() == PASSIVE_LEVEL
&& IrpSp->Parameters.QueryDirectory.FileInformationClass == FileBothDirectoryInformation
) {
Index = -1;
LastEntry = NULL;
CurrEntry = (PFILE_BOTH_DIR_INFORMATION) Irp->UserBuffer;
BufferLength = Irp->IoStatus.Information;
if ( BufferLength > 0 ) {
do {
if ( LastEntry != NULL ) {
CurrEntry = (PFILE_BOTH_DIR_INFORMATION) /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset);
}
Index++;
if ( HideOrNot( CurrEntry->FileName, CurrEntry->FileNameLength ) ) {
HideHandler( Index, CurrEntry, LastEntry, Irp );
break;
}
LastEntry = CurrEntry;
} while ( CurrEntry->NextEntryOffset != 0 );
}
}
if ( Irp->PendingReturned ) {
IoMarkIrpPending( Irp );
}
return Irp->IoStatus.Status;
}
BOOLEAN
HideOrNot(
IN PWCHAR FileName,
IN ULONG FileNameLength
)
{
LONG ret;
UNICODE_STRING ustr1;
UNICODE_STRING ustr2;
RtlInitUnicodeString( &ustr1, FileName );
ustr1.Length = (USHORT) FileNameLength;
RtlInitUnicodeString( &ustr2, L"dream_8.txt" );
ret = RtlCompareUnicodeString(
&ustr1,
&ustr2,
TRUE
);
if ( ret == 0 ) return TRUE;
else return FALSE;
}
VOID
HideHandler(
IN ULONG Index,
IN PFILE_BOTH_DIR_INFORMATION CurrEntry,
IN PFILE_BOTH_DIR_INFORMATION LastEntry,
IN PIRP Irp
)
{
PVOID temp;
if ( Index == 0 && CurrEntry->NextEntryOffset == 0 ) {
RtlZeroMemory( CurrEntry, Irp->IoStatus.Information );
Irp->IoStatus.Information = 0;
Irp->UserBuffer = NULL;
} else if ( Index == 0 && CurrEntry->NextEntryOffset != 0 ) {
temp = ExAllocatePool(
NonPagedPool,
Irp->IoStatus.Information - CurrEntry->NextEntryOffset
);
if ( temp ) {
RtlCopyMemory(
temp,
(PCHAR) CurrEntry + CurrEntry->NextEntryOffset,
Irp->IoStatus.Information - CurrEntry->NextEntryOffset
);
RtlZeroMemory(
CurrEntry,
Irp->IoStatus.Information
);
RtlCopyMemory(
CurrEntry,
temp,
Irp->IoStatus.Information - CurrEntry->NextEntryOffset
);
Irp->IoStatus.Information -= CurrEntry->NextEntryOffset;
ExFreePool( temp );
}
} else if ( Index > 0 && CurrEntry->NextEntryOffset != 0 ) {
temp = ExAllocatePool(
NonPagedPool,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset)
);
if ( temp ) {
RtlCopyMemory(
temp,
(PCHAR) CurrEntry + CurrEntry->NextEntryOffset,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset)
);
RtlZeroMemory(
CurrEntry,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
(PCHAR) CurrEntry
);
RtlCopyMemory(
CurrEntry,
temp,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset)
);
Irp->IoStatus.Information -= CurrEntry->NextEntryOffset;
ExFreePool( temp );
}
} else if ( Index > 0 && CurrEntry->NextEntryOffset == 0 ) {
RtlZeroMemory(
CurrEntry,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
(PCHAR) CurrEntry
);
LastEntry->NextEntryOffset = 0;
Irp->IoStatus.Information = (PCHAR) CurrEntry - (PCHAR) Irp->UserBuffer;
}
}
//----------------------------------------------------------------------
// F A S T I O R O U T I N E S
//----------------------------------------------------------------------
BOOLEAN
FilemonFastIoCheckifPossible(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN BOOLEAN CheckForReadOperation,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryBasicInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_BASIC_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryStandardInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_STANDARD_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoLock(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
BOOLEAN FailImmediately,
BOOLEAN ExclusiveLock,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoUnlockSingle(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoUnlockAll(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoUnlockAllByKey(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId,
ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryNetworkOpenInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT struct _FILE_NETWORK_OPEN_INFORMATION *Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
NTSTATUS
FilemonFastIoAcquireForModWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER EndingOffset,
OUT struct _ERESOURCE **ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlReadComplete(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoPrepareMdlWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlWriteComplete(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoReadCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
OUT struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoWriteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
OUT struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlReadCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlWriteCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryOpen(
IN PIRP Irp,
OUT PFILE_NETWORK_OPEN_INFORMATION NetworkInformation,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
NTSTATUS
FilemonFastIoReleaseForModWrite(
IN PFILE_OBJECT FileObject,
IN struct _ERESOURCE *ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
)
{
return STATUS_NOT_IMPLEMENTED;
}
NTSTATUS
FilemonFastIoAcquireForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
)
{
return STATUS_NOT_IMPLEMENTED;
}
NTSTATUS
FilemonFastIoReleaseForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
)
{
return STATUS_NOT_IMPLEMENTED;
}
BOOLEAN
FilemonFastIoDeviceControl(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
IN PVOID InputBuffer,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer,
IN ULONG OutputBufferLength,
IN ULONG IoControlCode,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
VOID
FilemonFastIoAcquireFile(
PFILE_OBJECT FileObject
)
{
}
VOID
FilemonFastIoReleaseFile(
PFILE_OBJECT FileObject
)
{
}
VOID
FilemonFastIoDetachDevice(
PDEVICE_OBJECT SourceDevice,
PDEVICE_OBJECT TargetDevice
)
{
}
头文件HideDirFile.h
typedef struct _ATTACH_EXTENSION {
CHAR VolumeLetter;
PDEVICE_OBJECT VolumeDevice;
} ATTACH_EXTENSION, *PATTACH_EXTENSION;
PDRIVER_OBJECT g_DriverObject;
源文件
#include
#include "HideDirFile.h"
//-------------------------------------------------
// F A S T I / O
//-------------------------------------------------
BOOLEAN
FilemonFastIoCheckifPossible(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN BOOLEAN CheckForReadOperation,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoQueryBasicInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_BASIC_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoQueryStandardInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_STANDARD_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoLock(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
BOOLEAN FailImmediately,
BOOLEAN ExclusiveLock,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoUnlockSingle(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoUnlockAll(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoUnlockAllByKey(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId, ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoDeviceControl(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
IN PVOID InputBuffer,
IN ULONG InputBufferLength,
OUT PVOID OutbufBuffer,
IN ULONG OutputBufferLength,
IN ULONG IoControlCode,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
VOID
FilemonFastIoAcquireFile(
PFILE_OBJECT FileObject
);
VOID
FilemonFastIoReleaseFile(
PFILE_OBJECT FileObject
);
VOID
FilemonFastIoDetachDevice(
PDEVICE_OBJECT SourceDevice,
PDEVICE_OBJECT TargetDevice
);
//
// These are new NT 4.0 Fast I/O calls
//
BOOLEAN
FilemonFastIoQueryNetworkOpenInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT struct _FILE_NETWORK_OPEN_INFORMATION *Buffer,
OUT struct _IO_STATUS_BLOCK *IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoAcquireForModWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER EndingOffset,
OUT struct _ERESOURCE **ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlReadComplete(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoPrepareMdlWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlWriteComplete(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoReadCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
OUT struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoWriteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
IN PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlReadCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlWriteCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoQueryOpen(
IN struct _IRP *Irp,
OUT PFILE_NETWORK_OPEN_INFORMATION NetworkInformation,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoReleaseForModWrite(
IN PFILE_OBJECT FileObject,
IN struct _ERESOURCE *ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoAcquireForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoReleaseForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
);
//-------------------------------------------------
// C U S T O M F U N C T I O N
//-------------------------------------------------
NTSTATUS
GetVolumesToAttach(
OUT PULONG VolumesToAttach
);
NTSTATUS
AttachAllVolume(
IN PDRIVER_OBJECT DriverObject
);
NTSTATUS
AttachOneVolume(
IN ULONG Volume,
IN PDRIVER_OBJECT DriverObject
);
NTSTATUS
FilterDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
NTSTATUS
CompletionRoutine(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
);
BOOLEAN
HideOrNot(
IN PWCHAR FileName,
IN ULONG FileNameLength
);
VOID
HideHandler(
IN ULONG Index,
IN PFILE_BOTH_DIR_INFORMATION CurrEntry,
IN PFILE_BOTH_DIR_INFORMATION LastEntry,
IN PIRP Irp
);
//-------------------------------------------------
// N A T I V E A P I F U N C T I O N
//-------------------------------------------------
#define ProcessDeviceMap 23
#define DRIVE_UNKNOWN 0
#define DRIVE_NO_ROOT_DIR 1
#define DRIVE_REMOVABLE 2
#define DRIVE_CDROM 5
NTSTATUS
ZwQueryInformationProcess(
IN HANDLE ProcessHandle,
IN ULONG ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
OUT PULONG ReturnLength
);
FAST_IO_DISPATCH FastIOHook = {
sizeof(FAST_IO_DISPATCH),
FilemonFastIoCheckifPossible,
FilemonFastIoRead,
FilemonFastIoWrite,
FilemonFastIoQueryBasicInfo,
FilemonFastIoQueryStandardInfo,
FilemonFastIoLock,
FilemonFastIoUnlockSingle,
FilemonFastIoUnlockAll,
FilemonFastIoUnlockAllByKey,
FilemonFastIoDeviceControl,
FilemonFastIoAcquireFile,
FilemonFastIoReleaseFile,
FilemonFastIoDetachDevice,
//
// new for NT 4.0
//
FilemonFastIoQueryNetworkOpenInfo,
FilemonFastIoAcquireForModWrite,
FilemonFastIoMdlRead,
FilemonFastIoMdlReadComplete,
FilemonFastIoPrepareMdlWrite,
FilemonFastIoMdlWriteComplete,
FilemonFastIoReadCompressed,
FilemonFastIoWriteCompressed,
FilemonFastIoMdlReadCompleteCompressed,
FilemonFastIoMdlWriteCompleteCompressed,
FilemonFastIoQueryOpen,
FilemonFastIoReleaseForModWrite,
FilemonFastIoAcquireForCcFlush,
FilemonFastIoReleaseForCcFlush
};
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
ULONG i;
g_DriverObject = DriverObject;
//
// Dispatch Routine
//
for ( i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++ ) {
DriverObject->MajorFunction[i] = FilterDispatch;
}
//
// Fast I/O Calls
//
DriverObject->FastIoDispatch = &FastIOHook;
return AttachAllVolume( DriverObject );
}
NTSTATUS GetVolumesToAttach(OUT PULONG VolumesToAttach)
{
NTSTATUS status;
PROCESS_DEVICEMAP_INFORMATION DeviceMapInfo;
ULONG MaxVolumeSet;
ULONG CurVolumeSet;
ULONG i;
status = ZwQueryInformationProcess(
(HANDLE) 0xffffffff,
ProcessDeviceMap,
&DeviceMapInfo,
sizeof(DeviceMapInfo),
NULL
);
if ( !NT_SUCCESS(status) )
return status;
MaxVolumeSet = DeviceMapInfo.Query.DriveMap;
CurVolumeSet = MaxVolumeSet;
//
// 排除以下指定的类型
//
for ( i = 0; i < 26; i++ ) {
if ( MaxVolumeSet & (1 << i) ) {
switch ( DeviceMapInfo.Query.DriveType[i] ) {
case DRIVE_UNKNOWN:
case DRIVE_NO_ROOT_DIR:
case DRIVE_REMOVABLE:
case DRIVE_CDROM:
CurVolumeSet &= ~(1 << i);
break;
}
}
}
*VolumesToAttach = CurVolumeSet;
return STATUS_SUCCESS;
}
NTSTATUS
AttachOneVolume(
IN ULONG Volume,
IN PDRIVER_OBJECT DriverObject
)
{
WCHAR RootDirectory[] = L"//DosDevices//A://";
UNICODE_STRING ustrRootDirectory;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE FileHandle;
IO_STATUS_BLOCK IoStatus;
PFILE_OBJECT FileObject;
PDEVICE_OBJECT VolumeDevice;
PDEVICE_OBJECT AttachDevice;
PATTACH_EXTENSION AttachExtension;
NTSTATUS status;
RootDirectory[12] = (CHAR) ('A' + Volume);
RtlInitUnicodeString( &ustrRootDirectory, RootDirectory );
InitializeObjectAttributes(
&ObjectAttributes,
&ustrRootDirectory,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
status = ZwCreateFile(
&FileHandle,
SYNCHRONIZE | FILE_ANY_ACCESS,
&ObjectAttributes,
&IoStatus,
NULL,
0,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE,
NULL,
0
);
if ( !NT_SUCCESS(status) ) return status;
status = ObReferenceObjectByHandle(
FileHandle,
FILE_READ_DATA,
NULL,
KernelMode,
&FileObject,
NULL
);
if ( !NT_SUCCESS(status) ) {
ZwClose( FileHandle );
return status;
}
VolumeDevice = IoGetRelatedDeviceObject( FileObject );
if ( !VolumeDevice ) {
ObDereferenceObject( FileObject );
ZwClose( FileHandle );
return STATUS_UNSUCCESSFUL;
}
status = IoCreateDevice(
DriverObject,
sizeof(ATTACH_EXTENSION),
NULL,
VolumeDevice->DeviceType,
VolumeDevice->Characteristics,
FALSE,
&AttachDevice
);
if ( !NT_SUCCESS(status) ) {
ObDereferenceObject( FileObject );
ZwClose( FileHandle );
return status;
}
AttachDevice->Flags &= ~DO_DEVICE_INITIALIZING;
AttachDevice->Flags |= ( VolumeDevice->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO) );
AttachExtension = (PATTACH_EXTENSION) AttachDevice->DeviceExtension;
AttachExtension->VolumeLetter = (CHAR) ('A' + Volume);
AttachExtension->VolumeDevice = VolumeDevice;
if ( !IoAttachDeviceToDeviceStack(
AttachDevice,
VolumeDevice) ) {
IoDeleteDevice( AttachDevice );
ObDereferenceObject( FileObject );
ZwClose( FileHandle );
return STATUS_UNSUCCESSFUL;
}
return STATUS_SUCCESS;
}
NTSTATUS AttachAllVolume(IN PDRIVER_OBJECT DriverObject)
{
NTSTATUS status;
ULONG VolumesToAttach;
ULONG i;
status = GetVolumesToAttach( &VolumesToAttach );
if ( !NT_SUCCESS(status) )
return status;
for ( i = 0; i < 26; i++ ) {
if ( VolumesToAttach & (1 << i) ) {
status = AttachOneVolume( i, DriverObject );
if ( !NT_SUCCESS(status) ) {
return status;
}
}
}
return STATUS_SUCCESS;
}
NTSTATUS
FilterDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
PATTACH_EXTENSION AttachExtension;
AttachExtension = (PATTACH_EXTENSION) DeviceObject->DeviceExtension;
IoCopyCurrentIrpStackLocationToNext( Irp );
IoSetCompletionRoutine(
Irp,
CompletionRoutine,
NULL,
TRUE,
TRUE,
FALSE
);
return IoCallDriver( AttachExtension->VolumeDevice, Irp );
}
NTSTATUS
CompletionRoutine(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
PFILE_BOTH_DIR_INFORMATION volatile CurrEntry;
PFILE_BOTH_DIR_INFORMATION volatile LastEntry;
ULONG BufferLength;
ULONG Index;
PIO_STACK_LOCATION IrpSp;
IrpSp = IoGetCurrentIrpStackLocation( Irp );
if ( IrpSp->MajorFunction == IRP_MJ_DIRECTORY_CONTROL
&& IrpSp->MinorFunction == IRP_MN_QUERY_DIRECTORY
&& KeGetCurrentIrql() == PASSIVE_LEVEL
&& IrpSp->Parameters.QueryDirectory.FileInformationClass == FileBothDirectoryInformation
) {
Index = -1;
LastEntry = NULL;
CurrEntry = (PFILE_BOTH_DIR_INFORMATION) Irp->UserBuffer;
BufferLength = Irp->IoStatus.Information;
if ( BufferLength > 0 ) {
do {
if ( LastEntry != NULL ) {
CurrEntry = (PFILE_BOTH_DIR_INFORMATION) /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset);
}
Index++;
if ( HideOrNot( CurrEntry->FileName, CurrEntry->FileNameLength ) ) {
HideHandler( Index, CurrEntry, LastEntry, Irp );
break;
}
LastEntry = CurrEntry;
} while ( CurrEntry->NextEntryOffset != 0 );
}
}
if ( Irp->PendingReturned ) {
IoMarkIrpPending( Irp );
}
return Irp->IoStatus.Status;
}
BOOLEAN
HideOrNot(
IN PWCHAR FileName,
IN ULONG FileNameLength
)
{
LONG ret;
UNICODE_STRING ustr1;
UNICODE_STRING ustr2;
RtlInitUnicodeString( &ustr1, FileName );
ustr1.Length = (USHORT) FileNameLength;
RtlInitUnicodeString( &ustr2, L"dream_8.txt" );
ret = RtlCompareUnicodeString(
&ustr1,
&ustr2,
TRUE
);
if ( ret == 0 ) return TRUE;
else return FALSE;
}
VOID
HideHandler(
IN ULONG Index,
IN PFILE_BOTH_DIR_INFORMATION CurrEntry,
IN PFILE_BOTH_DIR_INFORMATION LastEntry,
IN PIRP Irp
)
{
PVOID temp;
if ( Index == 0 && CurrEntry->NextEntryOffset == 0 ) {
RtlZeroMemory( CurrEntry, Irp->IoStatus.Information );
Irp->IoStatus.Information = 0;
Irp->UserBuffer = NULL;
} else if ( Index == 0 && CurrEntry->NextEntryOffset != 0 ) {
temp = ExAllocatePool(
NonPagedPool,
Irp->IoStatus.Information - CurrEntry->NextEntryOffset
);
if ( temp ) {
RtlCopyMemory(
temp,
(PCHAR) CurrEntry + CurrEntry->NextEntryOffset,
Irp->IoStatus.Information - CurrEntry->NextEntryOffset
);
RtlZeroMemory(
CurrEntry,
Irp->IoStatus.Information
);
RtlCopyMemory(
CurrEntry,
temp,
Irp->IoStatus.Information - CurrEntry->NextEntryOffset
);
Irp->IoStatus.Information -= CurrEntry->NextEntryOffset;
ExFreePool( temp );
}
} else if ( Index > 0 && CurrEntry->NextEntryOffset != 0 ) {
temp = ExAllocatePool(
NonPagedPool,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset)
);
if ( temp ) {
RtlCopyMemory(
temp,
(PCHAR) CurrEntry + CurrEntry->NextEntryOffset,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset)
);
RtlZeroMemory(
CurrEntry,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
(PCHAR) CurrEntry
);
RtlCopyMemory(
CurrEntry,
temp,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset)
);
Irp->IoStatus.Information -= CurrEntry->NextEntryOffset;
ExFreePool( temp );
}
} else if ( Index > 0 && CurrEntry->NextEntryOffset == 0 ) {
RtlZeroMemory(
CurrEntry,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
(PCHAR) CurrEntry
);
LastEntry->NextEntryOffset = 0;
Irp->IoStatus.Information = (PCHAR) CurrEntry - (PCHAR) Irp->UserBuffer;
}
}
//----------------------------------------------------------------------
// F A S T I O R O U T I N E S
//----------------------------------------------------------------------
BOOLEAN
FilemonFastIoCheckifPossible(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN BOOLEAN CheckForReadOperation,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryBasicInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_BASIC_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryStandardInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_STANDARD_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoLock(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
BOOLEAN FailImmediately,
BOOLEAN ExclusiveLock,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoUnlockSingle(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoUnlockAll(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoUnlockAllByKey(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId,
ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryNetworkOpenInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT struct _FILE_NETWORK_OPEN_INFORMATION *Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
NTSTATUS
FilemonFastIoAcquireForModWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER EndingOffset,
OUT struct _ERESOURCE **ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlReadComplete(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoPrepareMdlWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlWriteComplete(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoReadCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
OUT struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoWriteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
OUT struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlReadCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlWriteCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryOpen(
IN PIRP Irp,
OUT PFILE_NETWORK_OPEN_INFORMATION NetworkInformation,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
NTSTATUS
FilemonFastIoReleaseForModWrite(
IN PFILE_OBJECT FileObject,
IN struct _ERESOURCE *ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
)
{
return STATUS_NOT_IMPLEMENTED;
}
NTSTATUS
FilemonFastIoAcquireForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
)
{
return STATUS_NOT_IMPLEMENTED;
}
NTSTATUS
FilemonFastIoReleaseForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
)
{
return STATUS_NOT_IMPLEMENTED;
}
BOOLEAN
FilemonFastIoDeviceControl(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
IN PVOID InputBuffer,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer,
IN ULONG OutputBufferLength,
IN ULONG IoControlCode,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
VOID
FilemonFastIoAcquireFile(
PFILE_OBJECT FileObject
)
{
}
VOID
FilemonFastIoReleaseFile(
PFILE_OBJECT FileObject
)
{
}
VOID
FilemonFastIoDetachDevice(
PDEVICE_OBJECT SourceDevice,
PDEVICE_OBJECT TargetDevice
)
{
}
赞赏
他的文章
- 求解文件系统过滤驱动FAT32中的问题 3598
- 我是加密与解密学相关领域研究者,能和大家成为朋友吗? 4111
- 星空电影院6.01简单算法分析 9136
看原图
赞赏
雪币:
留言: