文件操作-->Tesla.Angela基础教程之枚举文件
来源:互联网 发布:three.js包下载 编辑:程序博客网 时间:2024/06/05 15:19
搜索文件/文件夹函数例程
MyDriver.h
#include <ntddk.h>#define dprintfif (DBG) DbgPrint#defineDEVICE_NAMEL"\\Device\\MyDriver"#define LINK_NAMEL"\\DosDevices\\MyDriver"#define LINK_GLOBAL_NAMEL"\\DosDevices\\Global\\MyDriver"#define IOCTL_ULR3IN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS) //In LONG#define IOCTL_USR3IN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS) //In BSTR#define IOCTL_GetKPEB CTL_CODE(FILE_DEVICE_UNKNOWN, 0x802, METHOD_BUFFERED, FILE_ANY_ACCESS) //Out LONG#define IOCTL_GetBSTR CTL_CODE(FILE_DEVICE_UNKNOWN, 0x804, METHOD_BUFFERED, FILE_ANY_ACCESS) //Out BSTR#define IOCTL_ReInlineCTL_CODE(FILE_DEVICE_UNKNOWN, 0x803, METHOD_BUFFERED, FILE_ANY_ACCESS) //Test Call Only#define IOCTL_StructCTL_CODE(FILE_DEVICE_UNKNOWN, 0x805, METHOD_BUFFERED, FILE_ANY_ACCESS) //I+O StructNTKERNELAPI NTSTATUS ZwQueryDirectoryFile(HANDLE FileHandle,HANDLE Event,PIO_APC_ROUTINE ApcRoutine,PVOID ApcContext,PIO_STATUS_BLOCK IoStatusBlock,PVOID FileInformation,ULONG Length,FILE_INFORMATION_CLASS FileInformationClass,BOOLEAN ReturnSingleEntry,PUNICODE_STRING FileName,BOOLEAN RestartScan);#define INVALID_HANDLE_VALUE (HANDLE)-1#define MAX_PATH2 4096#define kmalloc(_s)ExAllocatePoolWithTag(NonPagedPool, _s, 'SYSQ')#define kfree(_p)ExFreePool(_p)typedef struct _FILE_BOTH_DIR_INFORMATION{ULONG NextEntryOffset;ULONG FileIndex;LARGE_INTEGER CreationTime;LARGE_INTEGER LastAccessTime;LARGE_INTEGER LastWriteTime;LARGE_INTEGER ChangeTime;LARGE_INTEGER EndOfFile;LARGE_INTEGER AllocationSize;ULONG FileAttributes;ULONG FileNameLength;ULONG EaSize;CCHAR ShortNameLength;WCHAR ShortName[12];WCHAR FileName[1];} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;HANDLE MyFindFirstFile(LPSTR lpDirectory,PFILE_BOTH_DIR_INFORMATION pDir,ULONG uLength){char strFolder[MAX_PATH2]= {0};STRING astrFolder;UNICODE_STRING ustrFolder;OBJECT_ATTRIBUTES oa;IO_STATUS_BLOCK ioStatus;NTSTATUS ntStatus;HANDLE hFind = INVALID_HANDLE_VALUE;memset(strFolder,0,MAX_PATH2);strcpy(strFolder,"\\??\\");strcat(strFolder,lpDirectory);RtlInitString(&astrFolder,strFolder);if (RtlAnsiStringToUnicodeString(&ustrFolder,&astrFolder,TRUE)==0){InitializeObjectAttributes(&oa,&ustrFolder,OBJ_CASE_INSENSITIVE,NULL,NULL);ntStatus = IoCreateFile( &hFind, FILE_LIST_DIRECTORY | SYNCHRONIZE | FILE_ANY_ACCESS, &oa, &ioStatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN,//FILE_OPEN FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT | FILE_OPEN_FOR_BACKUP_INTENT, NULL, 0, CreateFileTypeNone, NULL, IO_NO_PARAMETER_CHECKING);RtlFreeUnicodeString(&ustrFolder);if (ntStatus==0 && hFind!=INVALID_HANDLE_VALUE){ntStatus=ZwQueryDirectoryFile( hFind, // File Handle NULL, // Event NULL, // Apc routine NULL, // Apc context &ioStatus, // IoStatusBlock pDir, // FileInformation uLength, // Length FileBothDirectoryInformation, // FileInformationClass TRUE, // ReturnSingleEntry NULL, // FileName FALSE //RestartScan );if (ntStatus!=0){ZwClose(hFind);hFind=INVALID_HANDLE_VALUE;}}}return hFind;}BOOLEAN MyFindNextFile(HANDLE hFind, PFILE_BOTH_DIR_INFORMATION pDir, ULONG uLength){IO_STATUS_BLOCK ioStatus;NTSTATUS ntStatus;ntStatus=ZwQueryDirectoryFile( hFind, // File Handle NULL, // Event NULL, // Apc routine NULL, // Apc context &ioStatus, // IoStatusBlock pDir, // FileInformation uLength, // Length FileBothDirectoryInformation, // FileInformationClass FALSE, // ReturnSingleEntry NULL, // FileName FALSE //RestartScan );if (ntStatus==0)return TRUE;elsereturn FALSE;}ULONG SearchDirectory(LPSTR lpPath)//, PDIR_INFO pDirInfo{ULONG muFileCount=0;HANDLE hFind=INVALID_HANDLE_VALUE;PFILE_BOTH_DIR_INFORMATION pDir;char *strBuffer = NULL,*lpTmp=NULL;char strFileName[255*2];ULONG uLength=MAX_PATH2*2 + sizeof(FILE_BOTH_DIR_INFORMATION);strBuffer = (PCHAR)kmalloc(uLength);pDir = (PFILE_BOTH_DIR_INFORMATION)strBuffer;hFind=MyFindFirstFile(lpPath,pDir,uLength);if (hFind!=INVALID_HANDLE_VALUE){kfree(strBuffer);uLength=(MAX_PATH2*2 + sizeof(FILE_BOTH_DIR_INFORMATION)) * 0x2000;strBuffer = (PCHAR)kmalloc(uLength);pDir = (PFILE_BOTH_DIR_INFORMATION)strBuffer;if (MyFindNextFile(hFind,pDir,uLength)){while (TRUE){memset(strFileName,0,255*2);memcpy(strFileName,pDir->FileName,pDir->FileNameLength);if (strcmp(strFileName,"..")!=0 && strcmp(strFileName,".")!=0){if (pDir->FileAttributes & FILE_ATTRIBUTE_DIRECTORY){DbgPrint("[目录]%S\n",strFileName);}else{DbgPrint("[文件]%S\n",strFileName);}muFileCount++;}if (pDir->NextEntryOffset==0) break;pDir = (PFILE_BOTH_DIR_INFORMATION)((char *)pDir+pDir->NextEntryOffset);}kfree(strBuffer);}ZwClose(hFind);}return muFileCount;}#include <ntddk.h>#include "MyDriver.h" VOID DriverUnload(PDRIVER_OBJECT pDriverObj){UNICODE_STRING strLink;RtlInitUnicodeString(&strLink, LINK_NAME);IoDeleteSymbolicLink(&strLink);IoDeleteDevice(pDriverObj->DeviceObject);}NTSTATUS DispatchCreate(PDEVICE_OBJECT pDevObj, PIRP pIrp){pIrp->IoStatus.Status = STATUS_SUCCESS;pIrp->IoStatus.Information = 0;IoCompleteRequest(pIrp, IO_NO_INCREMENT);return STATUS_SUCCESS;}NTSTATUS DispatchClose(PDEVICE_OBJECT pDevObj, PIRP pIrp){pIrp->IoStatus.Status = STATUS_SUCCESS;pIrp->IoStatus.Information = 0;IoCompleteRequest(pIrp, IO_NO_INCREMENT);return STATUS_SUCCESS;}NTSTATUS DispatchIoctl(PDEVICE_OBJECT pDevObj, PIRP pIrp){NTSTATUS status = STATUS_INVALID_DEVICE_REQUEST;PIO_STACK_LOCATION pIrpStack;ULONG uIoControlCode;PVOID pIoBuffer;ULONG uInSize;ULONG uOutSize;pIrpStack = IoGetCurrentIrpStackLocation(pIrp);uIoControlCode = pIrpStack->Parameters.DeviceIoControl.IoControlCode;pIoBuffer = pIrp->AssociatedIrp.SystemBuffer;uInSize = pIrpStack->Parameters.DeviceIoControl.InputBufferLength;uOutSize = pIrpStack->Parameters.DeviceIoControl.OutputBufferLength;switch(uIoControlCode){;}if(status == STATUS_SUCCESS)pIrp->IoStatus.Information = uOutSize;elsepIrp->IoStatus.Information = 0;pIrp->IoStatus.Status = status;IoCompleteRequest(pIrp, IO_NO_INCREMENT);return status;}NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj, PUNICODE_STRING pRegistryString){NTSTATUS status = STATUS_SUCCESS;UNICODE_STRING ustrLinkName;UNICODE_STRING ustrDevName; PDEVICE_OBJECT pDevObj;pDriverObj->MajorFunction[IRP_MJ_CREATE] = DispatchCreate;pDriverObj->MajorFunction[IRP_MJ_CLOSE] = DispatchClose;pDriverObj->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoctl;pDriverObj->DriverUnload = DriverUnload;RtlInitUnicodeString(&ustrDevName, DEVICE_NAME);status = IoCreateDevice(pDriverObj, 0, &ustrDevName, FILE_DEVICE_UNKNOWN, 0, FALSE, &pDevObj);if(!NT_SUCCESS(status))return status;if(IoIsWdmVersionAvailable(1, 0x10))RtlInitUnicodeString(&ustrLinkName, LINK_GLOBAL_NAME);elseRtlInitUnicodeString(&ustrLinkName, LINK_NAME);status = IoCreateSymbolicLink(&ustrLinkName, &ustrDevName); if(!NT_SUCCESS(status)){IoDeleteDevice(pDevObj); return status;}DbgPrint("Count=%ld\n",SearchDirectory("c:\\windows"));return STATUS_SUCCESS;} 0 0
- 文件操作-->Tesla.Angela基础教程之枚举文件
- 文件操作->Tesla.Angela教程整理
- python基础教程-文件操作
- python 基础教程之文件
- PHP基础教程十五之文件、目录的操作
- linux基础教程-----目录文件操作(1)
- linux基础教程-----目录文件操作(2)
- vc++中的文件操作及枚举进程
- 文件枚举
- [列表]Tesla.Angela写的一些与WINDOWS底层编程相关的PoC
- 文件管理器之文件操作
- 文件操作之读取文件
- 文件操作之特殊文件操作
- 文件操作2之plist文件操作
- java文件操作之文件操作
- VC之文件操作
- C++之文件操作
- VC之文件操作
- RESTful基本论述
- bzoj2565题解
- c 语言中结构体
- 【JQuery】stop()函数
- Set up NginX and PHP for development on Mac OS X
- 文件操作-->Tesla.Angela基础教程之枚举文件
- vsprintf函数和va_list用法详解
- Java 的多态
- macOSX 实用技巧
- JS正则表达式基本用法(经典全)
- 瀑布流 思想分析
- 一看就懂系列之 异步执行
- POJ2449 Remmarguts' Date
- 如何在ubuntu中通过串口访问开发板(如:树莓派)
