首页
社区
课程
招聘
山寨U盘加解密
发表于: 2013-3-26 20:29 5906

山寨U盘加解密

2013-3-26 20:29
5906

翻阅硬盘,偶然发现了很久以前的许多代码,当初只是改着玩一玩,也没有往深了写,发出来坐等大牛各种拍砖。大概看了一下,ms创建了一个线程来处理读写请求。改的diskperf,实在很挫,难登大雅之堂。
VOID
DiskPerfReadWriteThread(
  IN PVOID Context
)
{
  PDEVICE_OBJECT pDevice=(PDEVICE_OBJECT)Context;
  PDEVICE_EXTENSION DevExt=pDevice->DeviceExtension;
  PLIST_ENTRY ReqEntry=NULL;
  NTSTATUS status;
  PIRP Irp=NULL;
  PIO_STACK_LOCATION Irpsp=NULL;
  ULONG length=0;
  LARGE_INTEGER offset={0};
  PUCHAR sysBuf=NULL;

  KeSetPriorityThread(KeGetCurrentThread(), LOW_REALTIME_PRIORITY);
  for (; ; )
  {
    KeWaitForSingleObject(
      &DevExt->ReqEvent,
      Executive,
      KernelMode,
      FALSE,
      NULL);
    if (DevExt->ThreadTermFlag)
    {
      PsTerminateSystemThread(STATUS_SUCCESS);
      return ;
    }
    while (ReqEntry=ExInterlockedRemoveHeadList(&DevExt->ReqList, &DevExt->ReqLock))
    {
      Irp=CONTAINING_RECORD(ReqEntry, IRP, Tail.Overlay.ListEntry);
      Irpsp=IoGetCurrentIrpStackLocation(Irp);
      if (NULL==Irp->MdlAddress)
      {
        sysBuf=(PUCHAR)Irp->UserBuffer;
      }
      else
      {
        sysBuf=(PUCHAR)MmGetSystemAddressForMdlSafe(Irp->MdlAddress, NormalPagePriority);
      }

/*      if (gPDevice==DevExt->PhysicalDeviceObject || gPDevice==NULL)
      {
        IoSkipCurrentIrpStackLocation(Irp);
        IoCallDriver(DevExt->TargetDeviceObject, Irp);
        continue;
      }*/

/*      if (DiskPerfIsCVolume(DevExt))
      {
        IoSkipCurrentIrpStackLocation(Irp);
        IoCallDriver(DevExt->TargetDeviceObject, Irp);
        continue;
      }*/

      if (!DevExt->VolumeOnline)
      {
        IoSkipCurrentIrpStackLocation(Irp);
        IoCallDriver(DevExt->TargetDeviceObject, Irp);
        continue;
      }

      if(IRP_MJ_READ==Irpsp->MajorFunction)
      {
        IRP_CONTEXT readContext;
        KEVENT event;
        offset=Irpsp->Parameters.Read.ByteOffset;
        length=Irpsp->Parameters.Read.Length;
        readContext.DataBuf=sysBuf;
        readContext.length=length;
        readContext.offset=offset;
        KeInitializeEvent(&event, NotificationEvent, FALSE);
        readContext.Event=&event;

        IoCopyCurrentIrpStackLocationToNext(Irp);
        IoSetCompletionRoutine(
          Irp,
          DiskPerfReadCompletion,
          &readContext,
          TRUE,
          TRUE,
          TRUE);
        status=IoCallDriver(DevExt->TargetDeviceObject, Irp);
        if (status== STATUS_PENDING)
        {
          KeWaitForSingleObject(
            &event,
            Executive,
            KernelMode,
            FALSE,
            NULL);
          status=Irp->IoStatus.Status;
        }
        Irp->IoStatus.Status=STATUS_SUCCESS;
//        IoCompleteRequest(Irp, IO_DISK_INCREMENT);
        continue;
      }
      else
      {
        int i=0;
        IRP_CONTEXT readContext;
        KEVENT event;
        offset=Irpsp->Parameters.Write.ByteOffset;
        length=Irpsp->Parameters.Write.Length;
        readContext.DataBuf=sysBuf;
        readContext.length=length;
        readContext.offset=offset;
        KeInitializeEvent(&event, NotificationEvent, FALSE);
        readContext.Event=&event;

        for(i=0; i<length; i++)
        {
          sysBuf[i]=sysBuf[i]^0xff;
        }

        IoCopyCurrentIrpStackLocationToNext(Irp);
        IoSetCompletionRoutine(
          Irp,
          DiskPerfWriteCompletion,
          &readContext,
          TRUE,
          TRUE,
          TRUE);
        status=IoCallDriver(DevExt->TargetDeviceObject, Irp);
        if (status== STATUS_PENDING)
        {
          KeWaitForSingleObject(
            &event,
            Executive,
            KernelMode,
            FALSE,
            NULL);
          status=Irp->IoStatus.Status;
        }
        Irp->IoStatus.Status=STATUS_SUCCESS;
//        IoCompleteRequest(Irp, IO_DISK_INCREMENT);
        continue;
      }
    }
  }
}


[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

上传的附件:
收藏
免费 6
支持
分享
最新回复 (5)
雪    币: 121
活跃值: (11)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
2
怎么用?怎么加密的?
2013-4-4 08:21
0
雪    币: 51
活跃值: (25)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
谢谢分享。。。。。
2013-4-6 21:05
0
雪    币: 243
活跃值: (204)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
测试可以用,就是在未装驱动的系统里会提示格式化,容易误删除数据
2013-4-7 10:30
0
雪    币: 49
活跃值: (19)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
我也是这么觉得
是不是楼主需要 只针对磁盘数据部分加解密
磁盘元数据部分还是不加密的好?
2013-4-8 09:30
0
雪    币: 253
活跃值: (46)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
6
第一次需要格式化MBR
2013-4-9 15:55
0
游客
登录 | 注册 方可回帖
返回
//