PKEVENT FsRecLoadSync = NULL;
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject,PUNICODE_STRING Registry)
{
int Index = 0;
PDEVICE_OBJECT DeviceObject;
DriverObject->MajorFunction[IRP_MJ_FILE_SYSTEM_CONTROL] = FsRecFsControl;
DriverObject->MajorFunction[IRP_MJ_CREATE] = FsRecCreate;
DriverObject->MajorFunction[IRP_MJ_CLOSE] =
DriverObject->MajorFunction[IRP_MJ_CLEANUP] = FsRecCleanupClose;
DriverObject->DriverUnload = FsRecUnload;
FsRecLoadSync = (PKEVENT)ExAllocatePoolWithTag(sizeof(KEVENT),NonPagedPool,POOL_TAG);
if(FsRecLoadSync == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
KeInitializeEvent(FsRecLoadSync,SynchronizationEvent,TRUE);
if(NT_SUCCESS(FsRecCreateAndRegisterDO(DriverObject,NULL,NULL,
L"\\Cdfs",
L"\\FileSystem\\CdfsRecognizer",
CDFS_TYPE,
FILE_DEVICE_CD_ROM_FILE_SYSTEM,
TRUE)))
{
Index ++;
}
if (NT_SUCCESS( FsRecCreateAndRegisterDO(
DriverObject,
NULL,
&DeviceObject,
L"\\UdfsCdRom",
L"\\FileSystem\\UdfsCdRomRecognizer",
UDFS_TYPE,
FILE_DEVICE_CD_ROM_FILE_SYSTEM,
FALSE) ))
{
Index++;
}
if (NT_SUCCESS( FsRecCreateAndRegisterDO(
DriverObject,
NULL,
&DeviceObject,
L"\\Fat",
L"\\FileSystem\\FatDiskRecognizer",
FATCD_TYPE,
FILE_DEVICE_DISK_FILE_SYSTEM,
FALSE) ))
{
Index++;
}
if (NT_SUCCESS( FsRecCreateAndRegisterDO(
DriverObject,
DeviceObject,
NULL,
L"\\FatCdrom",
L"\\FileSystem\\FatCdRomRecognizer",
FATCD_TYPE,
FILE_DEVICE_CD_ROM_FILE_SYSTEM,
FALSE) ))
{
Index++;
}
if (NT_SUCCESS( FsRecCreateAndRegisterDO(DriverObject, NULL, NULL,
L"\\Ntfs",
L"\\FileSystem\\NtfsRecognizer",
NTFS_TYPE,
FILE_DEVICE_DISK_FILE_SYSTEM,
FALSE) ))
{
++Index;
}
if (NT_SUCCESS( FsRecCreateAndRegisterDO(DriverObject,
NULL,
NULL,
L"\\ExFat",
L"\\FileSystem\\ExFatRecognizer",
EXFAT_TYPE,
FILE_DEVICE_DISK_FILE_SYSTEM,
FALSE) ))
{
++Index;
}
return Index != 0 ? STATUS_SUCCESS : STATUS_IMAGE_ALREADY_LOADED;
}
NTSTATUS FsRecCreateAndRegisterDO(PDRIVER_OBJECT DriverObject,
PDEVICE_OBJECT ParentDev,
PDEVICE_OBJECT* CreatedDev,
LPWSTR DeviceName,
LPWSTR Recognizer,
FILE_SYSTEM_TYPE FileSystemType,
ULONG DeviceType,
BOOLEAN bLowPrority)
{
NTSTATUS Status;
IO_STATUS_BLOCK IoStatusBlock;
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING DestinationString;
HANDLE Handle;
PDEVICE_OBJECT DeviceObject;
PDEVICE_EXTENSION DevExt;
PFN_IoRegisterFileSystem pfn_IoRegisterFileSystem = NULL;
if(CreatedDev) CreatedDev = NULL;
RtlInitUnicodeString(&DestinationString, DeviceName);
InitializeObjectAttributes(&ObjectAttributes,&DestinationString,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = ZwCreateFile(&Handle,
SYNCHRONIZE, // 0x100000,
&ObjectAttributes,
&IoStatusBlock,
NULL,
0,
FILE_SHARE_READ | FILE_SHARE_WRITE,
1,
0,
NULL,
0);
if(NT_SUCCESS(Status))
{
ZwClose(Handle);
}
if(Status != STATUS_OBJECT_NAME_NOT_FOUND)
{
Status = STATUS_SUCCESS;
}
if(!NT_SUCCESS(Status))
{
RtlInitUnicodeString(&DestinationString, Recognizer);
Status = IoCreateDevice(DriverObject,
sizeof(DEVICE_EXTENSION),
&DestinationString,
DeviceType,
0,
FALSE,
&DeviceObject);
if(NT_SUCCESS(Status))
{
DevExt = (PDEVICE_EXTENSION)DeviceObject->DeviceExtension;
DevExt->FileSystemType = FileSystemType;
DevExt->LoadStatus = DRIVER_NOTLOAD;
if(ParentDev)
{
DevExt->ParentDevice = ((PDEVICE_EXTENSION)ParentDev->DeviceExtension)->ParentDevice;
DevExt = (PDEVICE_EXTENSION)ParentDev->DeviceExtension;
}
DevExt->ParentDevice = DeviceObject;
if(CreatedDev)
CreatedDev[0] = DeviceObject;
if(bLowPrority)
{
DeviceObject->Flags |= DO_LOW_PRIORITY_FILESYSTEM;
}
RtlInitUnicodeString(&DestinationString, L"IoRegisterFileSystem");
pfn_IoRegisterFileSystem =
(PFN_IoRegisterFileSystem)MmGetSystemRoutineAddress(&DestinationString);
if(pfn_IoRegisterFileSystem)
pfn_IoRegisterFileSystem(DeviceObject);
Status = STATUS_SUCCESS;
}
}
else
{
Status = STATUS_IMAGE_ALREADY_LOADED;
}
return Status;
}
NTSTATUS FsRecFsControl(PDEVICE_OBJECT DeviceObject,PIRP Irp)
{
NTSTATUS Status;
PDEVICE_EXTENSION DevExt;
PIO_STACK_LOCATION IrpSp;
PAGED_CODE();
IrpSp = IoGetCurrentIrpStackLocation(Irp);
DevExt = (PDEVICE_EXTENSION)DeviceObject->DeviceExtension;
if(DevExt->LoadStatus && IrpSp->MinorFunction == IRP_MN_MOUNT_VOLUME)
{
Status = DevExt->LoadStatus != DRIVER_LOADED ? STATUS_FS_DRIVER_REQUIRED : STATUS_UNRECOGNIZED_VOLUME;
Irp->IoStatus.Status = Status;
IoCompleteRequest(Irp,0);
return Status;
}
else
{
switch(DevExt->FileSystemType)
{
case CDFS_TYPE:
Status = CdfsRecFsControl(DeviceObject,Irp);
break;
case FATCD_TYPE:
Status = FatRecFsControl(DeviceObject,Irp);
break;
case NTFS_TYPE:
Status = NtfsRecFsControl(DeviceObject,Irp);
break;
case EXFAT_TYPE:
Status = ExFatRecFsControl(DeviceObject,Irp);
break;
default:
Status = STATUS_INVALID_DEVICE_REQUEST;
break;
}
}
return Status;
}
NTSTATUS ExFatRecFsControl(PDEVICE_OBJECT DeviceObject,PIRP Irp)
{
NTSTATUS Status = STATUS_SUCCESS;
PIO_STACK_LOCATION IrpSp;
PDEVICE_EXTENSION DevExt;
ULONG SectorSize;
LARGE_INTEGER StartingOffset;
BOOLEAN BlockReaded = FALSE;
UCHAR* BlockData;
PAGED_CODE();
IrpSp = IoGetCurrentIrpStackLocation(Irp);
if(IrpSp->MinorFunction == IRP_MN_MOUNT_VOLUME)
{
Status = STATUS_UNRECOGNIZED_VOLUME;
if(FsRecGetDeviceSectorSize(IrpSp->Parameters.MountVolume.DeviceObject,&SectorSize,0))
{
StartingOffset.QuadPart = 0;
BlockData = NULL;
if (FsRecReadBlock(IrpSp->Parameters.MountVolume.DeviceObject, &StartingOffset, 512, SectorSize, &BlockData, &BlockReaded) )
{
if ( IsExFatVolume(BlockData) )
Status = STATUS_FS_DRIVER_REQUIRED;
}
if(BlockData) ExFreePoolWithTag(BlockData,0);
}
else
{
BlockReaded = TRUE;
}
}
else if(IrpSp->MinorFunction == IRP_MN_LOAD_FILE_SYSTEM)
{
Status = FsRecLoadFileSystem(DeviceObject,L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\ExFat");
}
else
{
Status = STATUS_INVALID_DEVICE_REQUEST;
}
Irp->IoStatus.Status = Status;
IoCompleteRequest(Irp,0);
return Status;
}
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
