[求助]系统在什么时候会调用ZwOpenFile？-编程技术-看雪-安全社区|安全招聘|kanxue.com

最新回复 (2)
foxabu 雪币： 325 活跃值： (97) 能力值： ( LV13，RANK：530 ) 在线值：发帖 55 回帖 1236 粉丝 5 关注私信	foxabu 13 2 楼 NTSTATUS NtCreateFile ( __out PHANDLE FileHandle, __in ACCESS_MASK DesiredAccess, __in POBJECT_ATTRIBUTES ObjectAttributes, __out PIO_STATUS_BLOCK IoStatusBlock, __in_opt PLARGE_INTEGER AllocationSize, __in ULONG FileAttributes, __in ULONG ShareAccess, __in ULONG CreateDisposition, __in ULONG CreateOptions, __in_bcount_opt(EaLength) PVOID EaBuffer, __in ULONG EaLength ) /++ Routine Description: This service opens or creates a file, or opens a device. It is used to establish a file handle to the open device/file that can then be used in subsequent operations to perform I/O operations on. For purposes of readability, files and devices are treated as "files" throughout the majority of this module and the system service portion of the I/O system. The only time a distinction is made is when it is important to determine which is really being accessed. Then a distinction is also made in the comments. Arguments: FileHandle - A pointer to a variable to receive the handle to the open file. DesiredAccess - Supplies the types of access that the caller would like to the file. ObjectAttributes - Supplies the attributes to be used for file object (name, SECURITY_DESCRIPTOR, etc.) IoStatusBlock - Specifies the address of the caller's I/O status block. AllocationSize - Initial size that should be allocated to the file. This parameter only has an affect if the file is created. Further, if not specified, then it is taken to mean zero. FileAttributes - Specifies the attributes that should be set on the file, if it is created. ShareAccess - Supplies the types of share access that the caller would like to the file. CreateDisposition - Supplies the method for handling the create/open. CreateOptions - Caller options for how to perform the create/open. EaBuffer - Optionally specifies a set of EAs to be applied to the file if it is created. EaLength - Supplies the length of the EaBuffer. Return Value: The function value is the final status of the create/open operation. --/ { // // Simply invoke the common I/O file creation routine to do the work. // PAGED_CODE(); return IoCreateFile( FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, AllocationSize, FileAttributes, ShareAccess, CreateDisposition, CreateOptions, EaBuffer, EaLength, CreateFileTypeNone, (PVOID)NULL, 0 ); NTSTATUS NtOpenFile( __out PHANDLE FileHandle, __in ACCESS_MASK DesiredAccess, __in POBJECT_ATTRIBUTES ObjectAttributes, __out PIO_STATUS_BLOCK IoStatusBlock, __in ULONG ShareAccess, __in ULONG OpenOptions ) /++ Routine Description: This service opens a file or a device. It is used to establish a file handle to the open device/file that can then be used in subsequent operations to perform I/O operations on. Arguments: FileHandle - A pointer to a variable to receive the handle to the open file. DesiredAccess - Supplies the types of access that the caller would like to the file. ObjectAttributes - Supplies the attributes to be used for file object (name, SECURITY_DESCRIPTOR, etc.) IoStatusBlock - Specifies the address of the caller's I/O status block. ShareAccess - Supplies the types of share access that the caller would like to the file. OpenOptions - Caller options for how to perform the open. Return Value: The function value is the final completion status of the open/create operation. --/ { // // Simply invoke the common I/O file creation routine to perform the work. // PAGED_CODE(); return IoCreateFile( FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, (PLARGE_INTEGER) NULL, 0L, ShareAccess, FILE_OPEN, OpenOptions, (PVOID) NULL, 0L, CreateFileTypeNone, (PVOID) NULL, 0 ); } 2008-3-5 19:37 0
combojiang 雪币： 321 活跃值： (271) 能力值： ( LV13，RANK：1050 ) 在线值：发帖 44 回帖 765 粉丝 55 关注私信	combojiang 26 3 楼 GetVolumeInformation 和FindFirstFile会调用ZwOpenFile 2008-3-5 20:08 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (2)
foxabu 雪币： 325 活跃值： (97) 能力值： ( LV13，RANK：530 ) 在线值：发帖 55 回帖 1236 粉丝 5 关注私信	foxabu 13 2 楼 NTSTATUS NtCreateFile ( __out PHANDLE FileHandle, __in ACCESS_MASK DesiredAccess, __in POBJECT_ATTRIBUTES ObjectAttributes, __out PIO_STATUS_BLOCK IoStatusBlock, __in_opt PLARGE_INTEGER AllocationSize, __in ULONG FileAttributes, __in ULONG ShareAccess, __in ULONG CreateDisposition, __in ULONG CreateOptions, __in_bcount_opt(EaLength) PVOID EaBuffer, __in ULONG EaLength ) /++ Routine Description: This service opens or creates a file, or opens a device. It is used to establish a file handle to the open device/file that can then be used in subsequent operations to perform I/O operations on. For purposes of readability, files and devices are treated as "files" throughout the majority of this module and the system service portion of the I/O system. The only time a distinction is made is when it is important to determine which is really being accessed. Then a distinction is also made in the comments. Arguments: FileHandle - A pointer to a variable to receive the handle to the open file. DesiredAccess - Supplies the types of access that the caller would like to the file. ObjectAttributes - Supplies the attributes to be used for file object (name, SECURITY_DESCRIPTOR, etc.) IoStatusBlock - Specifies the address of the caller's I/O status block. AllocationSize - Initial size that should be allocated to the file. This parameter only has an affect if the file is created. Further, if not specified, then it is taken to mean zero. FileAttributes - Specifies the attributes that should be set on the file, if it is created. ShareAccess - Supplies the types of share access that the caller would like to the file. CreateDisposition - Supplies the method for handling the create/open. CreateOptions - Caller options for how to perform the create/open. EaBuffer - Optionally specifies a set of EAs to be applied to the file if it is created. EaLength - Supplies the length of the EaBuffer. Return Value: The function value is the final status of the create/open operation. --/ { // // Simply invoke the common I/O file creation routine to do the work. // PAGED_CODE(); return IoCreateFile( FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, AllocationSize, FileAttributes, ShareAccess, CreateDisposition, CreateOptions, EaBuffer, EaLength, CreateFileTypeNone, (PVOID)NULL, 0 ); NTSTATUS NtOpenFile( __out PHANDLE FileHandle, __in ACCESS_MASK DesiredAccess, __in POBJECT_ATTRIBUTES ObjectAttributes, __out PIO_STATUS_BLOCK IoStatusBlock, __in ULONG ShareAccess, __in ULONG OpenOptions ) /++ Routine Description: This service opens a file or a device. It is used to establish a file handle to the open device/file that can then be used in subsequent operations to perform I/O operations on. Arguments: FileHandle - A pointer to a variable to receive the handle to the open file. DesiredAccess - Supplies the types of access that the caller would like to the file. ObjectAttributes - Supplies the attributes to be used for file object (name, SECURITY_DESCRIPTOR, etc.) IoStatusBlock - Specifies the address of the caller's I/O status block. ShareAccess - Supplies the types of share access that the caller would like to the file. OpenOptions - Caller options for how to perform the open. Return Value: The function value is the final completion status of the open/create operation. --/ { // // Simply invoke the common I/O file creation routine to perform the work. // PAGED_CODE(); return IoCreateFile( FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, (PLARGE_INTEGER) NULL, 0L, ShareAccess, FILE_OPEN, OpenOptions, (PVOID) NULL, 0L, CreateFileTypeNone, (PVOID) NULL, 0 ); } 2008-3-5 19:37 0
combojiang 雪币： 321 活跃值： (271) 能力值： ( LV13，RANK：1050 ) 在线值：发帖 44 回帖 765 粉丝 55 关注私信	combojiang 26 3 楼 GetVolumeInformation 和FindFirstFile会调用ZwOpenFile 2008-3-5 20:08 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复