驱动开发之二:尝试挂接file system
来源:互联网 发布:新版mac装win10不要u盘 编辑:程序博客网 时间:2024/06/13 04:34
hookfilesystem.c
代码 //尝试挂接file system
#include "Hookfilesystem.h"
HANDLE hFileHandle;
OBJECT_ATTRIBUTES ObjectAttrib;
PDEVICE_OBJECT pFileDeviceObject;
struct _DRIVER_OBJECT *pDeviceObject;
PDRIVER_DISPATCH RealCreateDispatch;
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject ,IN PUNICODE_STRING RegistryPath)
{
UNICODE_STRING uninameString,unilinkString;
NTSTATUS ntStatus;
PDEVICE_OBJECT pDeviceObject;
RtlInitUnicodeString(&uninameString,L"//Device//Shadow3");
ntStatus = IoCreateDevice(DriverObject,
0,
&uninameString,
FILE_DEVICE_UNKNOWN,
0,
TRUE,
&pDeviceObject
);
if(!NT_SUCCESS(ntStatus)) //如果创建设备失败,则直接退出
return ntStatus;
//创建Win32可见的符号连接
RtlInitUnicodeString( &unilinkString, L"//DosDevices//shadow3" );
ntStatus = IoCreateSymbolicLink(&unilinkString ,&uninameString);
if(!NT_SUCCESS(ntStatus))
{
return ntStatus;
}
//设置Dispatch
DriverObject->MajorFunction[IRP_MJ_CREATE] = DriverDispatch;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DriverDispatch;
//设置Unload
DriverObject->DriverUnload = DriverUnload;
//Hook File System
HookFileSystem();
return 0;
}
NTSTATUS
DriverDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest (Irp,IO_NO_INCREMENT);
return Irp->IoStatus.Status;
}
void DriverUnload(IN PDRIVER_OBJECT pDriverObject)
{
UNICODE_STRING uniNameString;
RtlInitUnicodeString(&uniNameString, L"//DosDevices//shadow3");
IoDeleteSymbolicLink(&uniNameString); //删除win32可见
IoDeleteDevice(pDriverObject->DeviceObject); //删除设备
return ;
}
void HookFileSystem(void)
{
UNICODE_STRING uniDeviceName;
NTSTATUS Ntstatus;
IO_STATUS_BLOCK IoStatusBlock;
PVOID pFileObject;
RtlInitUnicodeString(&uniDeviceName ,L"//DosDevices//C://");
InitializeObjectAttributes(&ObjectAttrib ,&uniDeviceName ,OBJ_CASE_INSENSITIVE, NULL, NULL);
//打开一个设备
Ntstatus = ZwCreateFile(
&hFileHandle,
SYNCHRONIZE|FILE_ANY_ACCESS,
&ObjectAttrib,
&IoStatusBlock,
0,
0,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE,
0,
0
);
if(!NT_SUCCESS(Ntstatus))
{
DbgPrint("ZwCreateFile Failed,ntstatus:%ld/n",Ntstatus);
return;
}
//通过文件句柄得到与之向对应的文件对象
Ntstatus = ObReferenceObjectByHandle(hFileHandle,FILE_READ_DATA,0,0,&pFileObject,NULL);
if(!NT_SUCCESS(Ntstatus))
{
ZwClose(hFileHandle);
DbgPrint("ObReferenceObjectByHandle Failed,ntstatus:%ld/n",Ntstatus);
return;
}
//在通过该文件对象查找相对应的文件设备
pFileDeviceObject = IoGetRelatedDeviceObject(pFileObject);
//文件对象引用计数器减一
ObDereferenceObject(pFileObject);
ZwClose(hFileHandle);
if(pFileDeviceObject==NULL)
{
DbgPrint("Get File Object Failed/n");
return ;
}
pDeviceObject = pFileDeviceObject->DriverObject;
if(pDeviceObject->MajorFunction[IRP_MJ_CREATE] == HookCreateDispatch)
{
DbgPrint("already hook IRP_MJ_CREATE/n");
return ;
}
//保存IRP_MJ_CREATE处理的地址
RealCreateDispatch = pDeviceObject->MajorFunction[IRP_MJ_CREATE];
//Hook Create DisPatch
pDeviceObject->MajorFunction[IRP_MJ_CREATE] = HookCreateDispatch;
return;
}
NTSTATUS
HookCreateDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
// DbgPrint("hook success/r/n");
PIO_STACK_LOCATION pIocurrentstack;
PFILE_OBJECT pFileObject;
DbgPrint("DeviceName:%S/r/n",DeviceObject->DriverObject->DriverName.Buffer);
pIocurrentstack = IoGetCurrentIrpStackLocation(Irp);
pFileObject = pIocurrentstack->FileObject;
DbgPrint("FileName:%S/r/n",pFileObject->FileName.Buffer);
_asm
{
push Irp
push DeviceObject
call RealCreateDispatch
}
return 0;
}
hookfilesystem.h
代码 #ifndef _INCLUDE_
#define _INCLUDE_
#include <ntddk.h>
NTSTATUS
DriverDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
void DriverUnload(IN PDRIVER_OBJECT DriverObject);
void HookFileSystem(void);
NTSTATUS
HookCreateDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
#endif
- 驱动开发之二:尝试挂接file system
- 驱动开发之二:尝试挂接file system
- 驱动开发之二:尝试挂接file system
- 尝试行为驱动开发
- Android 开发之 ---- 底层驱动开发(二)
- Android 开发之 ---- 底层驱动开发(二)
- Android 开发之 ---- 底层驱动开发(二)
- Android 开发之 ---- 底层驱动开发(二)
- Android 开发之底层驱动开发(二)
- Android 开发之 ---- 底层驱动开发(二)
- Android 开发之 ---- 底层驱动开发(二)
- Android 开发之 ---- 底层驱动开发(二)
- Android 开发之 ---- 底层驱动开发(二)
- iOS尝试用测试驱动的方法开发一个列表模块【二】
- The Google File System (二)
- 驱动开发之四 --- 过滤驱动之二 【译文】
- 驱动开发之二 --- 输入输出控制 【译文】
- 尝试使用测试驱动(TDD)开发
- 汇编
- 用JDBC编写查询Access和FoxPro数据库
- [ITIL学习笔记]之事件管理(1)
- html bianji
- Eclipse快捷键
- 驱动开发之二:尝试挂接file system
- FTP服务器
- 学过的课程英文译法
- Windows NT FileSystem Internals》学习笔记之Complete IRP
- Windows汇编语言程序设计同步练习(1)
- 嵌入式作业
- 四种进程或线程同步互斥的控制方法
- VC中由memset引起内存溢出错误的解决 by wangxg
- 突破Compobus SRM21 与 SRT21 8入8出的限制