windows driver 映射小文件

NTSTATUS status;UNICODE_STRING strFileSrc = RTL_CONSTANT_STRING(L"\\??\\C:\\网络调试工具.exe");//几十kbUNICODE_STRING strFileDest = RTL_CONSTANT_STRING(L"\\??\\C:\\网络调试工具1.exe");UNICODE_STRING strSectionName = RTL_CONSTANT_STRING(L"\\MySection");//可以是符号连接的方法,也可以用\\MySection,如果不加\\会报错HANDLE hFileSrc = NULL;HANDLE hFileDest = NULL;OBJECT_ATTRIBUTES oaSrc;OBJECT_ATTRIBUTES oaDest;OBJECT_ATTRIBUTES oaSection;IO_STATUS_BLOCK iosb;FILE_NETWORK_OPEN_INFORMATION fnoi;HANDLE hSection = NULL;PVOID pAddress = NULL;SIZE_T viewsize = 0;LARGE_INTEGER li_Section;LARGE_INTEGER li_Offset;LARGE_INTEGER li_WriteOffset;InitializeObjectAttributes(&oaSrc, &strFileSrc, OBJ_KERNEL_HANDLE, NULL, NULL);InitializeObjectAttributes(&oaDest, &strFileDest, OBJ_KERNEL_HANDLE, NULL, NULL);InitializeObjectAttributes(&oaSection, &strSectionName, OBJ_KERNEL_HANDLE, NULL, NULL);status = ZwCreateFile(&hFileSrc, GENERIC_READ, &oaSrc, &iosb, NULL, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN, FILE_NON_DIRECTORY_FILE, NULL, 0);if (!NT_SUCCESS(status)){ZwClose(hFileSrc);KdPrint(("hFileSrc: ZwCreateFile failed with error %I32X", status));return status;}status = ZwQueryFullAttributesFile(&oaSrc, &fnoi);if (!NT_SUCCESS(status)){ZwClose(hFileSrc);ZwClose(hSection);KdPrint(("ZwQueryFullAttributesFile failed with error %I32X", status));return status;}KdPrint(("文件大小:%I64d", fnoi.AllocationSize.QuadPart));li_Section.QuadPart = fnoi.AllocationSize.QuadPart;status = ZwCreateSection(&hSection, SECTION_MAP_READ | SECTION_MAP_WRITE, &oaSection, &li_Section, PAGE_READWRITE, SEC_RESERVE, hFileSrc);//只分配在虚拟内存中,不提交到物理内存.参考VirtualAllocif (!NT_SUCCESS(status)){ZwClose(hFileSrc);ZwClose(hSection);KdPrint(("ZwCreateSection failed with error %I32X", status));return status;}li_Offset.QuadPart = 0;status = ZwMapViewOfSection(hSection,ZwCurrentProcess(),&pAddress,//BaseAddress 如果不为NULL,则分配在指定的位置,有可能失败0,//为NULL,表示可以分配在虚拟内存的任意位置,请参考windows核心编程里面的VirtualAlloc(ULONG)li_Section.LowPart,//文件大小&li_Offset,//从文件的那里开始映射,从其实位置开始映射,则li_Offset.QuadPart = 0;&viewsize,//对于小文件,SectionOffset 和 ViewSize 都为0ViewUnmap,MEM_RESERVE | MEM_LARGE_PAGES ,PAGE_READWRITE);if (!NT_SUCCESS(status)){ZwClose(hFileSrc);ZwClose(hSection);ZwClose(hFileDest);ZwUnmapViewOfSection(hSection, pAddress);KdPrint(("ZwMapViewOfSection failed with error %I32X", status));return status;}status = ZwCreateFile(&hFileDest, GENERIC_READ | GENERIC_WRITE,&oaDest,&iosb,&li_Section,//要创建的文件大小FILE_ATTRIBUTE_NORMAL,0,FILE_CREATE,FILE_NON_DIRECTORY_FILE,NULL,0);if (!NT_SUCCESS(status)){ZwClose(hFileSrc);ZwClose(hSection);ZwClose(hFileDest);KdPrint(("hFileDest: ZwCreateFile failed with error %I32X", status));return status;}li_WriteOffset.QuadPart = 0;ZwWriteFile(hFileDest, NULL, NULL, NULL, &iosb, pAddress, viewsize, &li_WriteOffset, NULL);//参数ByteOffset为0表示从其实地址开始写数据,适用于小文件ZwUnmapViewOfSection(ZwCurrentProcess(), pAddress);ZwClose(hSection);ZwClose(hFileDest);ZwClose(hFileSrc);return STATUS_SUCCESS;