看了网上用minifilter隐藏文件的代码,自己照着做了一下,结果测试的时候发现问题,如果文件数目少了可以正确隐藏和显示,但是如果文件数目多了之后,部分该隐藏的文件却没有被隐藏掉,但是部分该显示的文件却被隐藏掉,不知道怎么回事,求大神指教,如果能给一段隐藏部分的代码参考最好,隐藏部分的代码如下
do
{
//Byte offset of the next FILE_ID_BOTH_DIR_INFORMATION entry
DbgPrint("file name buffer length is %d,filename length is %d\n",wcslen(currentFileIdInfo->FileName),currentFileIdInfo->FileNameLength);
nextOffset = currentFileIdInfo->NextEntryOffset;
nextFileIdInfo = (PFILE_ID_BOTH_DIR_INFORMATION)((PCHAR)(currentFileIdInfo) + nextOffset);
if (currentFileIdInfo->FileAttributes == FILE_ATTRIBUTE_DIRECTORY)//Îļþ¼Ð
{
FunctionPionter = ChkDir;
}
else
{
FunctionPionter = IsFileInUpLoadAnlyData;
}
if(/*FunctionPionter(currentFileIdInfo->FileName) == FALSE*/wcsstr(currentFileIdInfo->FileName,L"xls") != NULL)
{
if (previousFileIdInfo == currentFileIdInfo)
{
//RtlCopyMemory(currentFileIdInfo->FileName,L"..",4);
RtlZeroMemory(currentFileIdInfo->FileName,currentFileIdInfo->FileNameLength);
// ExFreePool(currentFileIdInfo->FileName);
FltSetCallbackDataDirty( Data );
}
if( nextOffset == 0 )
{
previousFileIdInfo->NextEntryOffset = 0;
}
else
{
previousFileIdInfo->NextEntryOffset = (ULONG)((PCHAR)currentFileIdInfo - (PCHAR)previousFileIdInfo) + nextOffset;
}
modified = 1;
}
else
{
removedAllEntries = 0;
previousFileIdInfo = currentFileIdInfo;
}
currentFileIdInfo = nextFileIdInfo;
} while( nextOffset != 0 );
}
if( modified )
{
if( removedAllEntries )
{
Data->IoStatus.Status = STATUS_NO_MORE_FILES;
}
else
{
FltSetCallbackDataDirty( Data );
}
}
测试用了640个txt文件,640个xls文件,隐藏xls文件,结果显示了639个文件,但是其中有两个xls文件,txt只显示了637个,请教大神这是为什么
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
