驱动开发之二:尝试挂接file system
来源:互联网 发布:中文字体设计软件 编辑:程序博客网 时间:2024/05/21 06:28
hookfilesystem.c
代码 //尝试挂接file system
#include "Hookfilesystem.h"
HANDLE hFileHandle;
OBJECT_ATTRIBUTES ObjectAttrib;
PDEVICE_OBJECT pFileDeviceObject;
struct _DRIVER_OBJECT *pDeviceObject;
PDRIVER_DISPATCH RealCreateDispatch;
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject ,IN PUNICODE_STRING RegistryPath)
{
UNICODE_STRING uninameString,unilinkString;
NTSTATUS ntStatus;
PDEVICE_OBJECT pDeviceObject;
RtlInitUnicodeString(&uninameString,L"//Device//Shadow3");
ntStatus = IoCreateDevice(DriverObject,
0,
&uninameString,
FILE_DEVICE_UNKNOWN,
0,
TRUE,
&pDeviceObject
);
if(!NT_SUCCESS(ntStatus)) //如果创建设备失败,则直接退出
return ntStatus;
//创建Win32可见的符号连接
RtlInitUnicodeString( &unilinkString, L"//DosDevices//shadow3" );
ntStatus = IoCreateSymbolicLink(&unilinkString ,&uninameString);
if(!NT_SUCCESS(ntStatus))
{
return ntStatus;
}
//设置Dispatch
DriverObject->MajorFunction[IRP_MJ_CREATE] = DriverDispatch;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DriverDispatch;
//设置Unload
DriverObject->DriverUnload = DriverUnload;
//Hook File System
HookFileSystem();
return 0;
}
NTSTATUS
DriverDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest (Irp,IO_NO_INCREMENT);
return Irp->IoStatus.Status;
}
void DriverUnload(IN PDRIVER_OBJECT pDriverObject)
{
UNICODE_STRING uniNameString;
RtlInitUnicodeString(&uniNameString, L"//DosDevices//shadow3");
IoDeleteSymbolicLink(&uniNameString); //删除win32可见
IoDeleteDevice(pDriverObject->DeviceObject); //删除设备
return ;
}
void HookFileSystem(void)
{
UNICODE_STRING uniDeviceName;
NTSTATUS Ntstatus;
IO_STATUS_BLOCK IoStatusBlock;
PVOID pFileObject;
RtlInitUnicodeString(&uniDeviceName ,L"//DosDevices//C://");
InitializeObjectAttributes(&ObjectAttrib ,&uniDeviceName ,OBJ_CASE_INSENSITIVE, NULL, NULL);
//打开一个设备
Ntstatus = ZwCreateFile(
&hFileHandle,
SYNCHRONIZE|FILE_ANY_ACCESS,
&ObjectAttrib,
&IoStatusBlock,
0,
0,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE,
0,
0
);
if(!NT_SUCCESS(Ntstatus))
{
DbgPrint("ZwCreateFile Failed,ntstatus:%ld/n",Ntstatus);
return;
}
//通过文件句柄得到与之向对应的文件对象
Ntstatus = ObReferenceObjectByHandle(hFileHandle,FILE_READ_DATA,0,0,&pFileObject,NULL);
if(!NT_SUCCESS(Ntstatus))
{
ZwClose(hFileHandle);
DbgPrint("ObReferenceObjectByHandle Failed,ntstatus:%ld/n",Ntstatus);
return;
}
//在通过该文件对象查找相对应的文件设备
pFileDeviceObject = IoGetRelatedDeviceObject(pFileObject);
//文件对象引用计数器减一
ObDereferenceObject(pFileObject);
ZwClose(hFileHandle);
if(pFileDeviceObject==NULL)
{
DbgPrint("Get File Object Failed/n");
return ;
}
pDeviceObject = pFileDeviceObject->DriverObject;
if(pDeviceObject->MajorFunction[IRP_MJ_CREATE] == HookCreateDispatch)
{
DbgPrint("already hook IRP_MJ_CREATE/n");
return ;
}
//保存IRP_MJ_CREATE处理的地址
RealCreateDispatch = pDeviceObject->MajorFunction[IRP_MJ_CREATE];
//Hook Create DisPatch
pDeviceObject->MajorFunction[IRP_MJ_CREATE] = HookCreateDispatch;
return;
}
NTSTATUS
HookCreateDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
// DbgPrint("hook success/r/n");
PIO_STACK_LOCATION pIocurrentstack;
PFILE_OBJECT pFileObject;
DbgPrint("DeviceName:%S/r/n",DeviceObject->DriverObject->DriverName.Buffer);
pIocurrentstack = IoGetCurrentIrpStackLocation(Irp);
pFileObject = pIocurrentstack->FileObject;
DbgPrint("FileName:%S/r/n",pFileObject->FileName.Buffer);
_asm
{
push Irp
push DeviceObject
call RealCreateDispatch
}
return 0;
}
hookfilesystem.h
代码 #ifndef _INCLUDE_
#define _INCLUDE_
#include <ntddk.h>
NTSTATUS
DriverDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
void DriverUnload(IN PDRIVER_OBJECT DriverObject);
void HookFileSystem(void);
NTSTATUS
HookCreateDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
#endif
- 驱动开发之二:尝试挂接file system
- 驱动开发之二:尝试挂接file system
- 驱动开发之二:尝试挂接file system
- 尝试行为驱动开发
- Android 开发之 ---- 底层驱动开发(二)
- Android 开发之 ---- 底层驱动开发(二)
- Android 开发之 ---- 底层驱动开发(二)
- Android 开发之 ---- 底层驱动开发(二)
- Android 开发之底层驱动开发(二)
- Android 开发之 ---- 底层驱动开发(二)
- Android 开发之 ---- 底层驱动开发(二)
- Android 开发之 ---- 底层驱动开发(二)
- Android 开发之 ---- 底层驱动开发(二)
- iOS尝试用测试驱动的方法开发一个列表模块【二】
- The Google File System (二)
- 驱动开发之四 --- 过滤驱动之二 【译文】
- 驱动开发之二 --- 输入输出控制 【译文】
- 尝试使用测试驱动(TDD)开发
- 全面了解ASP注入方法
- 一个C++的万年历类
- 目睹乡镇之怪现状
- 实习感慨
- Web页中级联下拉选择框问题的解决方法
- 驱动开发之二:尝试挂接file system
- c/c++/c#
- JS-URL类
- 一个对自己来说有记念意义的事务
- 驱动开发之三:简单的什么也不做的驱动程序筐架
- C/C++头文件一览
- 吵架公约
- hibernate uuid.hex主键生成+spring带来的困惑
- C#中直接调用VB.NET的函数,兼论半角与全角、简繁体中文互相转化