vc实现用文件系统过滤驱动实现文件隐藏的类
来源:互联网 发布:qq网络营销软件 编辑:程序博客网 时间:2024/05/16 09:35
调用一个开源的文件过滤驱动,
头文件
typedef struct _ATTACH_EXTENSION {
CHAR VolumeLetter;
PDEVICE_OBJECT VolumeDevice;
} ATTACH_EXTENSION, *PATTACH_EXTENSION;
PDRIVER_OBJECT g_DriverObject;
源文件
#include <ntifs.h>
#include "HideDirFile.h"
//-------------------------------------------------
// F A S T I / O
//-------------------------------------------------
BOOLEAN
FilemonFastIoCheckifPossible(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN BOOLEAN CheckForReadOperation,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoQueryBasicInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_BASIC_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoQueryStandardInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_STANDARD_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoLock(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
BOOLEAN FailImmediately,
BOOLEAN ExclusiveLock,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoUnlockSingle(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoUnlockAll(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoUnlockAllByKey(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId, ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoDeviceControl(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
IN PVOID InputBuffer,
IN ULONG InputBufferLength,
OUT PVOID OutbufBuffer,
IN ULONG OutputBufferLength,
IN ULONG IoControlCode,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
VOID
FilemonFastIoAcquireFile(
PFILE_OBJECT FileObject
);
VOID
FilemonFastIoReleaseFile(
PFILE_OBJECT FileObject
);
VOID
FilemonFastIoDetachDevice(
PDEVICE_OBJECT SourceDevice,
PDEVICE_OBJECT TargetDevice
);
//
// These are new NT 4.0 Fast I/O calls
//
BOOLEAN
FilemonFastIoQueryNetworkOpenInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT struct _FILE_NETWORK_OPEN_INFORMATION *Buffer,
OUT struct _IO_STATUS_BLOCK *IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoAcquireForModWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER EndingOffset,
OUT struct _ERESOURCE **ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlReadComplete(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoPrepareMdlWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlWriteComplete(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoReadCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
OUT struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoWriteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
IN PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlReadCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlWriteCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoQueryOpen(
IN struct _IRP *Irp,
OUT PFILE_NETWORK_OPEN_INFORMATION NetworkInformation,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoReleaseForModWrite(
IN PFILE_OBJECT FileObject,
IN struct _ERESOURCE *ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoAcquireForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoReleaseForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
);
//-------------------------------------------------
// C U S T O M F U N C T I O N
//-------------------------------------------------
NTSTATUS
GetVolumesToAttach(
OUT PULONG VolumesToAttach
);
NTSTATUS
AttachAllVolume(
IN PDRIVER_OBJECT DriverObject
);
NTSTATUS
AttachOneVolume(
IN ULONG Volume,
IN PDRIVER_OBJECT DriverObject
);
NTSTATUS
FilterDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
NTSTATUS
CompletionRoutine(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
);
BOOLEAN
HideOrNot(
IN PWCHAR FileName,
IN ULONG FileNameLength
);
VOID
HideHandler(
IN ULONG Index,
IN PFILE_BOTH_DIR_INFORMATION CurrEntry,
IN PFILE_BOTH_DIR_INFORMATION LastEntry,
IN PIRP Irp
);
//-------------------------------------------------
// N A T I V E A P I F U N C T I O N
//-------------------------------------------------
#define ProcessDeviceMap 23
#define DRIVE_UNKNOWN 0
#define DRIVE_NO_ROOT_DIR 1
#define DRIVE_REMOVABLE 2
#define DRIVE_CDROM 5
NTSTATUS
ZwQueryInformationProcess(
IN HANDLE ProcessHandle,
IN ULONG ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
OUT PULONG ReturnLength
);
FAST_IO_DISPATCH FastIOHook = {
sizeof(FAST_IO_DISPATCH),
FilemonFastIoCheckifPossible,
FilemonFastIoRead,
FilemonFastIoWrite,
FilemonFastIoQueryBasicInfo,
FilemonFastIoQueryStandardInfo,
FilemonFastIoLock,
FilemonFastIoUnlockSingle,
FilemonFastIoUnlockAll,
FilemonFastIoUnlockAllByKey,
FilemonFastIoDeviceControl,
FilemonFastIoAcquireFile,
FilemonFastIoReleaseFile,
FilemonFastIoDetachDevice,
//
// new for NT 4.0
//
FilemonFastIoQueryNetworkOpenInfo,
FilemonFastIoAcquireForModWrite,
FilemonFastIoMdlRead,
FilemonFastIoMdlReadComplete,
FilemonFastIoPrepareMdlWrite,
FilemonFastIoMdlWriteComplete,
FilemonFastIoReadCompressed,
FilemonFastIoWriteCompressed,
FilemonFastIoMdlReadCompleteCompressed,
FilemonFastIoMdlWriteCompleteCompressed,
FilemonFastIoQueryOpen,
FilemonFastIoReleaseForModWrite,
FilemonFastIoAcquireForCcFlush,
FilemonFastIoReleaseForCcFlush
};
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
ULONG i;
g_DriverObject = DriverObject;
//
// Dispatch Routine
//
for ( i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++ ) {
DriverObject->MajorFunction[i] = FilterDispatch;
}
//
// Fast I/O Calls
//
DriverObject->FastIoDispatch = &FastIOHook;
return AttachAllVolume( DriverObject );
}
NTSTATUS GetVolumesToAttach(OUT PULONG VolumesToAttach)
{
NTSTATUS status;
PROCESS_DEVICEMAP_INFORMATION DeviceMapInfo;
ULONG MaxVolumeSet;
ULONG CurVolumeSet;
ULONG i;
status = ZwQueryInformationProcess(
(HANDLE) 0xffffffff,
ProcessDeviceMap,
&DeviceMapInfo,
sizeof(DeviceMapInfo),
NULL
);
if ( !NT_SUCCESS(status) )
return status;
MaxVolumeSet = DeviceMapInfo.Query.DriveMap;
CurVolumeSet = MaxVolumeSet;
//
// 排除以下指定的类型
//
for ( i = 0; i < 26; i++ ) {
if ( MaxVolumeSet & (1 << i) ) {
switch ( DeviceMapInfo.Query.DriveType[i] ) {
case DRIVE_UNKNOWN:
case DRIVE_NO_ROOT_DIR:
case DRIVE_REMOVABLE:
case DRIVE_CDROM:
CurVolumeSet &= ~(1 << i);
break;
}
}
}
*VolumesToAttach = CurVolumeSet;
return STATUS_SUCCESS;
}
NTSTATUS
AttachOneVolume(
IN ULONG Volume,
IN PDRIVER_OBJECT DriverObject
)
{
WCHAR RootDirectory[] = L"//DosDevices//A://";
UNICODE_STRING ustrRootDirectory;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE FileHandle;
IO_STATUS_BLOCK IoStatus;
PFILE_OBJECT FileObject;
PDEVICE_OBJECT VolumeDevice;
PDEVICE_OBJECT AttachDevice;
PATTACH_EXTENSION AttachExtension;
NTSTATUS status;
RootDirectory[12] = (CHAR) ('A' + Volume);
RtlInitUnicodeString( &ustrRootDirectory, RootDirectory );
InitializeObjectAttributes(
&ObjectAttributes,
&ustrRootDirectory,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
status = ZwCreateFile(
&FileHandle,
SYNCHRONIZE | FILE_ANY_ACCESS,
&ObjectAttributes,
&IoStatus,
NULL,
0,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE,
NULL,
0
);
if ( !NT_SUCCESS(status) ) return status;
status = ObReferenceObjectByHandle(
FileHandle,
FILE_READ_DATA,
NULL,
KernelMode,
&FileObject,
NULL
);
if ( !NT_SUCCESS(status) ) {
ZwClose( FileHandle );
return status;
}
VolumeDevice = IoGetRelatedDeviceObject( FileObject );
if ( !VolumeDevice ) {
ObDereferenceObject( FileObject );
ZwClose( FileHandle );
return STATUS_UNSUCCESSFUL;
}
status = IoCreateDevice(
DriverObject,
sizeof(ATTACH_EXTENSION),
NULL,
VolumeDevice->DeviceType,
VolumeDevice->Characteristics,
FALSE,
&AttachDevice
);
if ( !NT_SUCCESS(status) ) {
ObDereferenceObject( FileObject );
ZwClose( FileHandle );
return status;
}
AttachDevice->Flags &= ~DO_DEVICE_INITIALIZING;
AttachDevice->Flags |= ( VolumeDevice->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO) );
AttachExtension = (PATTACH_EXTENSION) AttachDevice->DeviceExtension;
AttachExtension->VolumeLetter = (CHAR) ('A' + Volume);
AttachExtension->VolumeDevice = VolumeDevice;
if ( !IoAttachDeviceToDeviceStack(
AttachDevice,
VolumeDevice) ) {
IoDeleteDevice( AttachDevice );
ObDereferenceObject( FileObject );
ZwClose( FileHandle );
return STATUS_UNSUCCESSFUL;
}
return STATUS_SUCCESS;
}
NTSTATUS AttachAllVolume(IN PDRIVER_OBJECT DriverObject)
{
NTSTATUS status;
ULONG VolumesToAttach;
ULONG i;
status = GetVolumesToAttach( &VolumesToAttach );
if ( !NT_SUCCESS(status) )
return status;
for ( i = 0; i < 26; i++ ) {
if ( VolumesToAttach & (1 << i) ) {
status = AttachOneVolume( i, DriverObject );
if ( !NT_SUCCESS(status) ) {
return status;
}
}
}
return STATUS_SUCCESS;
}
NTSTATUS
FilterDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
PATTACH_EXTENSION AttachExtension;
AttachExtension = (PATTACH_EXTENSION) DeviceObject->DeviceExtension;
IoCopyCurrentIrpStackLocationToNext( Irp );
IoSetCompletionRoutine(
Irp,
CompletionRoutine,
NULL,
TRUE,
TRUE,
FALSE
);
return IoCallDriver( AttachExtension->VolumeDevice, Irp );
}
NTSTATUS
CompletionRoutine(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
PFILE_BOTH_DIR_INFORMATION volatile CurrEntry;
PFILE_BOTH_DIR_INFORMATION volatile LastEntry;
ULONG BufferLength;
ULONG Index;
PIO_STACK_LOCATION IrpSp;
IrpSp = IoGetCurrentIrpStackLocation( Irp );
if ( IrpSp->MajorFunction == IRP_MJ_DIRECTORY_CONTROL
&& IrpSp->MinorFunction == IRP_MN_QUERY_DIRECTORY
&& KeGetCurrentIrql() == PASSIVE_LEVEL
&& IrpSp->Parameters.QueryDirectory.FileInformationClass == FileBothDirectoryInformation
) {
Index = -1;
LastEntry = NULL;
CurrEntry = (PFILE_BOTH_DIR_INFORMATION) Irp->UserBuffer;
BufferLength = Irp->IoStatus.Information;
if ( BufferLength > 0 ) {
do {
if ( LastEntry != NULL ) {
CurrEntry = (PFILE_BOTH_DIR_INFORMATION) /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset);
}
Index++;
if ( HideOrNot( CurrEntry->FileName, CurrEntry->FileNameLength ) ) {
HideHandler( Index, CurrEntry, LastEntry, Irp );
break;
}
LastEntry = CurrEntry;
} while ( CurrEntry->NextEntryOffset != 0 );
}
}
if ( Irp->PendingReturned ) {
IoMarkIrpPending( Irp );
}
return Irp->IoStatus.Status;
}
BOOLEAN
HideOrNot(
IN PWCHAR FileName,
IN ULONG FileNameLength
)
{
LONG ret;
UNICODE_STRING ustr1;
UNICODE_STRING ustr2;
RtlInitUnicodeString( &ustr1, FileName );
ustr1.Length = (USHORT) FileNameLength;
RtlInitUnicodeString( &ustr2, L"dream_8.txt" );
ret = RtlCompareUnicodeString(
&ustr1,
&ustr2,
TRUE
);
if ( ret == 0 ) return TRUE;
else return FALSE;
}
VOID
HideHandler(
IN ULONG Index,
IN PFILE_BOTH_DIR_INFORMATION CurrEntry,
IN PFILE_BOTH_DIR_INFORMATION LastEntry,
IN PIRP Irp
)
{
PVOID temp;
if ( Index == 0 && CurrEntry->NextEntryOffset == 0 ) {
RtlZeroMemory( CurrEntry, Irp->IoStatus.Information );
Irp->IoStatus.Information = 0;
Irp->UserBuffer = NULL;
} else if ( Index == 0 && CurrEntry->NextEntryOffset != 0 ) {
temp = ExAllocatePool(
NonPagedPool,
Irp->IoStatus.Information - CurrEntry->NextEntryOffset
);
if ( temp ) {
RtlCopyMemory(
temp,
(PCHAR) CurrEntry + CurrEntry->NextEntryOffset,
Irp->IoStatus.Information - CurrEntry->NextEntryOffset
);
RtlZeroMemory(
CurrEntry,
Irp->IoStatus.Information
);
RtlCopyMemory(
CurrEntry,
temp,
Irp->IoStatus.Information - CurrEntry->NextEntryOffset
);
Irp->IoStatus.Information -= CurrEntry->NextEntryOffset;
ExFreePool( temp );
}
} else if ( Index > 0 && CurrEntry->NextEntryOffset != 0 ) {
temp = ExAllocatePool(
NonPagedPool,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset)
);
if ( temp ) {
RtlCopyMemory(
temp,
(PCHAR) CurrEntry + CurrEntry->NextEntryOffset,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset)
);
RtlZeroMemory(
CurrEntry,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
(PCHAR) CurrEntry
);
RtlCopyMemory(
CurrEntry,
temp,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset)
);
Irp->IoStatus.Information -= CurrEntry->NextEntryOffset;
ExFreePool( temp );
}
} else if ( Index > 0 && CurrEntry->NextEntryOffset == 0 ) {
RtlZeroMemory(
CurrEntry,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
(PCHAR) CurrEntry
);
LastEntry->NextEntryOffset = 0;
Irp->IoStatus.Information = (PCHAR) CurrEntry - (PCHAR) Irp->UserBuffer;
}
}
//----------------------------------------------------------------------
// F A S T I O R O U T I N E S
//----------------------------------------------------------------------
BOOLEAN
FilemonFastIoCheckifPossible(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN BOOLEAN CheckForReadOperation,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryBasicInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_BASIC_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryStandardInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_STANDARD_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoLock(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
BOOLEAN FailImmediately,
BOOLEAN ExclusiveLock,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoUnlockSingle(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoUnlockAll(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoUnlockAllByKey(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId,
ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryNetworkOpenInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT struct _FILE_NETWORK_OPEN_INFORMATION *Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
NTSTATUS
FilemonFastIoAcquireForModWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER EndingOffset,
OUT struct _ERESOURCE **ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlReadComplete(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoPrepareMdlWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlWriteComplete(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoReadCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
OUT struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoWriteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
OUT struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlReadCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlWriteCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryOpen(
IN PIRP Irp,
OUT PFILE_NETWORK_OPEN_INFORMATION NetworkInformation,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
NTSTATUS
FilemonFastIoReleaseForModWrite(
IN PFILE_OBJECT FileObject,
IN struct _ERESOURCE *ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
)
{
return STATUS_NOT_IMPLEMENTED;
}
NTSTATUS
FilemonFastIoAcquireForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
)
{
return STATUS_NOT_IMPLEMENTED;
}
NTSTATUS
FilemonFastIoReleaseForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
)
{
return STATUS_NOT_IMPLEMENTED;
}
BOOLEAN
FilemonFastIoDeviceControl(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
IN PVOID InputBuffer,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer,
IN ULONG OutputBufferLength,
IN ULONG IoControlCode,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
VOID
FilemonFastIoAcquireFile(
PFILE_OBJECT FileObject
)
{
}
VOID
FilemonFastIoReleaseFile(
PFILE_OBJECT FileObject
)
{
}
VOID
FilemonFastIoDetachDevice(
PDEVICE_OBJECT SourceDevice,
PDEVICE_OBJECT TargetDevice
)
{
}
调用时创建一个结构体,就可以隐藏自己的文件
- vc实现用文件系统过滤驱动实现文件隐藏的类
- vc实现用文件系统过滤驱动实现文件隐藏的类
- vc实现用文件系统过滤驱动实现文件隐藏的类
- 文件过滤驱动 文件系统激活通知 IoRegisterFsRegistrationChange函数实现
- 文件过滤驱动短名转长名实现
- vc实现RootKit文件隐藏
- 驱动实现RootKit文件隐藏
- 文件过滤驱动--隐藏目录
- 编写驱动拦截NT的API实现隐藏文件目录
- 编写驱动拦截NT的API实现隐藏文件目录
- 【】编写驱动拦截NT的API实现隐藏文件目录
- 编写驱动拦截NT的API实现隐藏文件目录
- 编写驱动拦截NT的API实现隐藏文件目录
- 文件过滤驱动的开发的文件系统监视问题
- vc是实现RootKit文件隐藏
- vc是实现RootKit文件隐藏
- VC++实现防火墙过滤
- 文件过滤驱动-隐藏目标文件
- matlab 绘制系统的单位阶跃响应曲线 并编写程序求峰值时间 超调量 [李园7舍_404]
- CAS原理
- VC实现Rootkit端口隐藏
- vc是实现RootKit文件隐藏
- 先跑的不一定胜利
- vc实现用文件系统过滤驱动实现文件隐藏的类
- 特邀北京化工大学何宾老师谈对学习FPGA的一些思考
- poj 3252 Round Numbers 组合数学
- LOGMNR挖掘日志与DUMP日志对比
- 轻松解决 Eclipse Indigo 3.7 中文字体偏小,完美 Consolas 微软雅黑混合字体!
- 程序状态字寄存器PSW
- Qt 时间显示
- Linux ulimit限制问题以及优化
- 两个程序源码---ASM
