-
-
[求助]读写扇区遇到的一些奇怪问题
-
发表于:
2015-3-25 22:43
3454
-
问题已经解决,是设备名的问题,应该打开的是卷设备而不是物理设备
#include <fltKernel.h>
#include "ntdddisk.h"
NTSTATUS
WriteSector(IN PUNICODE_STRING PhysicalName, IN CHAR Sectorbuff[],IN INT StartSector)//指定扇区写
{
NTSTATUS status;
OBJECT_ATTRIBUTES ObjectAttributesL;
HANDLE hDeviceHandle;
IO_STATUS_BLOCK IoStatusBlock;
IO_STATUS_BLOCK IoStatusBlockR;
LARGE_INTEGER ByteOffset;
InitializeObjectAttributes(&ObjectAttributesL,
PhysicalName,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL);
//打开设备
status = ZwCreateFile(&hDeviceHandle,
FILE_ALL_ACCESS,
&ObjectAttributesL,
&IoStatusBlock,
NULL,
0,
FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_ALERT,
NULL,
0);
DbgPrint("ZwCreateFile status:%x\n", status);
if (!NT_SUCCESS(status))
{
ZwDeleteFile(&ObjectAttributesL);
return status;
}
//在指定扇区写入数据
ByteOffset.QuadPart = StartSector * 512;
status = ZwWriteFile(hDeviceHandle,
NULL,
NULL,
NULL,
&IoStatusBlockR,
Sectorbuff,
512,
&ByteOffset,
NULL);
DbgPrint("ZwWriteFile status:%x\n", status);
if (hDeviceHandle)
{
ZwClose(hDeviceHandle);
ZwDeleteFile(&ObjectAttributesL);
}
return status;
}
VOID
DriverUnload(PDRIVER_OBJECT driver)
{
DbgPrint("first: Our driver is unloading…\r\n");
}
NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
{
NTSTATUS status;
CHAR Sectorbuff[512]="111222";
//Harddisk1\\Partition0是Harddisk1\\harddiskvolume%d符号链接
//可以用Winobj看
WCHAR str[512]=L"\\Device\\Harddisk1\\Partition1";
UNICODE_STRING PhysicalName;
RtlInitUnicodeString(&PhysicalName,str);
status = ReadOrWriteSector(&PhysicalName, Sectorbuff,100);
if (!NT_SUCCESS(status))
return status;
driver->DriverUnload = DriverUnload;
return STATUS_SUCCESS;
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
