vc实现用文件系统过滤驱动实现文件隐藏的类
调用一个开源的文件过滤驱动,
头文件
typedef struct _ATTACH_EXTENSION {
CHAR VolumeLetter;
PDEVICE_OBJECT VolumeDevice;
} ATTACH_EXTENSION, *PATTACH_EXTENSION;
PDRIVER_OBJECT g_DriverObject;
源文件
#include <ntifs.h>
#include "HideDirFile.h"
//-------------------------------------------------
// F A S T I / O
//-------------------------------------------------
BOOLEAN
FilemonFastIoCheckifPossible(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN BOOLEAN CheckForReadOperation,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoQueryBasicInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_BASIC_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoQueryStandardInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_STANDARD_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoLock(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
BOOLEAN FailImmediately,
BOOLEAN ExclusiveLock,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoUnlockSingle(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoUnlockAll(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoUnlockAllByKey(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId, ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoDeviceControl(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
IN PVOID InputBuffer,
IN ULONG InputBufferLength,
OUT PVOID OutbufBuffer,
IN ULONG OutputBufferLength,
IN ULONG IoControlCode,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
VOID
FilemonFastIoAcquireFile(
PFILE_OBJECT FileObject
);
VOID
FilemonFastIoReleaseFile(
PFILE_OBJECT FileObject
);
VOID
FilemonFastIoDetachDevice(
PDEVICE_OBJECT SourceDevice,
PDEVICE_OBJECT TargetDevice
);
//
// These are new NT 4.0 Fast I/O calls
//
BOOLEAN
FilemonFastIoQueryNetworkOpenInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT struct _FILE_NETWORK_OPEN_INFORMATION *Buffer,
OUT struct _IO_STATUS_BLOCK *IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoAcquireForModWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER EndingOffset,
OUT struct _ERESOURCE **ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlReadComplete(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoPrepareMdlWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlWriteComplete(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoReadCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
OUT struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoWriteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
IN PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlReadCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoMdlWriteCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
);
BOOLEAN
FilemonFastIoQueryOpen(
IN struct _IRP *Irp,
OUT PFILE_NETWORK_OPEN_INFORMATION NetworkInformation,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoReleaseForModWrite(
IN PFILE_OBJECT FileObject,
IN struct _ERESOURCE *ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoAcquireForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FilemonFastIoReleaseForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
);
//-------------------------------------------------
// C U S T O M F U N C T I O N
//-------------------------------------------------
NTSTATUS
GetVolumesToAttach(
OUT PULONG VolumesToAttach
);
NTSTATUS
AttachAllVolume(
IN PDRIVER_OBJECT DriverObject
);
NTSTATUS
AttachOneVolume(
IN ULONG Volume,
IN PDRIVER_OBJECT DriverObject
);
NTSTATUS
FilterDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
NTSTATUS
CompletionRoutine(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
);
BOOLEAN
HideOrNot(
IN PWCHAR FileName,
IN ULONG FileNameLength
);
VOID
HideHandler(
IN ULONG Index,
IN PFILE_BOTH_DIR_INFORMATION CurrEntry,
IN PFILE_BOTH_DIR_INFORMATION LastEntry,
IN PIRP Irp
);
//-------------------------------------------------
// N A T I V E A P I F U N C T I O N
//-------------------------------------------------
#define ProcessDeviceMap 23
#define DRIVE_UNKNOWN 0
#define DRIVE_NO_ROOT_DIR 1
#define DRIVE_REMOVABLE 2
#define DRIVE_CDROM 5
NTSTATUS
ZwQueryInformationProcess(
IN HANDLE ProcessHandle,
IN ULONG ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
OUT PULONG ReturnLength
);
FAST_IO_DISPATCH FastIOHook = {
sizeof(FAST_IO_DISPATCH),
FilemonFastIoCheckifPossible,
FilemonFastIoRead,
FilemonFastIoWrite,
FilemonFastIoQueryBasicInfo,
FilemonFastIoQueryStandardInfo,
FilemonFastIoLock,
FilemonFastIoUnlockSingle,
FilemonFastIoUnlockAll,
FilemonFastIoUnlockAllByKey,
FilemonFastIoDeviceControl,
FilemonFastIoAcquireFile,
FilemonFastIoReleaseFile,
FilemonFastIoDetachDevice,
//
// new for NT 4.0
//
FilemonFastIoQueryNetworkOpenInfo,
FilemonFastIoAcquireForModWrite,
FilemonFastIoMdlRead,
FilemonFastIoMdlReadComplete,
FilemonFastIoPrepareMdlWrite,
FilemonFastIoMdlWriteComplete,
FilemonFastIoReadCompressed,
FilemonFastIoWriteCompressed,
FilemonFastIoMdlReadCompleteCompressed,
FilemonFastIoMdlWriteCompleteCompressed,
FilemonFastIoQueryOpen,
FilemonFastIoReleaseForModWrite,
FilemonFastIoAcquireForCcFlush,
FilemonFastIoReleaseForCcFlush
};
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
ULONG i;
g_DriverObject = DriverObject;
//
// Dispatch Routine
//
for ( i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++ ) {
DriverObject->MajorFunction[i] = FilterDispatch;
}
//
// Fast I/O Calls
//
DriverObject->FastIoDispatch = &FastIOHook;
return AttachAllVolume( DriverObject );
}
NTSTATUS GetVolumesToAttach(OUT PULONG VolumesToAttach)
{
NTSTATUS status;
PROCESS_DEVICEMAP_INFORMATION DeviceMapInfo;
ULONG MaxVolumeSet;
ULONG CurVolumeSet;
ULONG i;
status = ZwQueryInformationProcess(
(HANDLE) 0xffffffff,
ProcessDeviceMap,
&DeviceMapInfo,
sizeof(DeviceMapInfo),
NULL
);
if ( !NT_SUCCESS(status) )
return status;
MaxVolumeSet = DeviceMapInfo.Query.DriveMap;
CurVolumeSet = MaxVolumeSet;
//
// 排除以下指定的类型
//
for ( i = 0; i < 26; i++ ) {
if ( MaxVolumeSet & (1 << i) ) {
switch ( DeviceMapInfo.Query.DriveType[i] ) {
case DRIVE_UNKNOWN:
case DRIVE_NO_ROOT_DIR:
case DRIVE_REMOVABLE:
case DRIVE_CDROM:
CurVolumeSet &= ~(1 << i);
break;
}
}
}
*VolumesToAttach = CurVolumeSet;
return STATUS_SUCCESS;
}
NTSTATUS
AttachOneVolume(
IN ULONG Volume,
IN PDRIVER_OBJECT DriverObject
)
{
WCHAR RootDirectory[] = L"//DosDevices//A://";
UNICODE_STRING ustrRootDirectory;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE FileHandle;
IO_STATUS_BLOCK IoStatus;
PFILE_OBJECT FileObject;
PDEVICE_OBJECT VolumeDevice;
PDEVICE_OBJECT AttachDevice;
PATTACH_EXTENSION AttachExtension;
NTSTATUS status;
RootDirectory[12] = (CHAR) ('A' + Volume);
RtlInitUnicodeString( &ustrRootDirectory, RootDirectory );
InitializeObjectAttributes(
&ObjectAttributes,
&ustrRootDirectory,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
status = ZwCreateFile(
&FileHandle,
SYNCHRONIZE | FILE_ANY_ACCESS,
&ObjectAttributes,
&IoStatus,
NULL,
0,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE,
NULL,
0
);
if ( !NT_SUCCESS(status) ) return status;
status = ObReferenceObjectByHandle(
FileHandle,
FILE_READ_DATA,
NULL,
KernelMode,
&FileObject,
NULL
);
if ( !NT_SUCCESS(status) ) {
ZwClose( FileHandle );
return status;
}
VolumeDevice = IoGetRelatedDeviceObject( FileObject );
if ( !VolumeDevice ) {
ObDereferenceObject( FileObject );
ZwClose( FileHandle );
return STATUS_UNSUCCESSFUL;
}
status = IoCreateDevice(
DriverObject,
sizeof(ATTACH_EXTENSION),
NULL,
VolumeDevice->DeviceType,
VolumeDevice->Characteristics,
FALSE,
&AttachDevice
);
if ( !NT_SUCCESS(status) ) {
ObDereferenceObject( FileObject );
ZwClose( FileHandle );
return status;
}
AttachDevice->Flags &= ~DO_DEVICE_INITIALIZING;
AttachDevice->Flags |= ( VolumeDevice->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO) );
AttachExtension = (PATTACH_EXTENSION) AttachDevice->DeviceExtension;
AttachExtension->VolumeLetter = (CHAR) ('A' + Volume);
AttachExtension->VolumeDevice = VolumeDevice;
if ( !IoAttachDeviceToDeviceStack(
AttachDevice,
VolumeDevice) ) {
IoDeleteDevice( AttachDevice );
ObDereferenceObject( FileObject );
ZwClose( FileHandle );
return STATUS_UNSUCCESSFUL;
}
return STATUS_SUCCESS;
}
NTSTATUS AttachAllVolume(IN PDRIVER_OBJECT DriverObject)
{
NTSTATUS status;
ULONG VolumesToAttach;
ULONG i;
status = GetVolumesToAttach( &VolumesToAttach );
if ( !NT_SUCCESS(status) )
return status;
for ( i = 0; i < 26; i++ ) {
if ( VolumesToAttach & (1 << i) ) {
status = AttachOneVolume( i, DriverObject );
if ( !NT_SUCCESS(status) ) {
return status;
}
}
}
return STATUS_SUCCESS;
}
NTSTATUS
FilterDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
PATTACH_EXTENSION AttachExtension;
AttachExtension = (PATTACH_EXTENSION) DeviceObject->DeviceExtension;
IoCopyCurrentIrpStackLocationToNext( Irp );
IoSetCompletionRoutine(
Irp,
CompletionRoutine,
NULL,
TRUE,
TRUE,
FALSE
);
return IoCallDriver( AttachExtension->VolumeDevice, Irp );
}
NTSTATUS
CompletionRoutine(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
PFILE_BOTH_DIR_INFORMATION volatile CurrEntry;
PFILE_BOTH_DIR_INFORMATION volatile LastEntry;
ULONG BufferLength;
ULONG Index;
PIO_STACK_LOCATION IrpSp;
IrpSp = IoGetCurrentIrpStackLocation( Irp );
if ( IrpSp->MajorFunction == IRP_MJ_DIRECTORY_CONTROL
&& IrpSp->MinorFunction == IRP_MN_QUERY_DIRECTORY
&& KeGetCurrentIrql() == PASSIVE_LEVEL
&& IrpSp->Parameters.QueryDirectory.FileInformationClass == FileBothDirectoryInformation
) {
Index = -1;
LastEntry = NULL;
CurrEntry = (PFILE_BOTH_DIR_INFORMATION) Irp->UserBuffer;
BufferLength = Irp->IoStatus.Information;
if ( BufferLength > 0 ) {
do {
if ( LastEntry != NULL ) {
CurrEntry = (PFILE_BOTH_DIR_INFORMATION) /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset);
}
Index++;
if ( HideOrNot( CurrEntry->FileName, CurrEntry->FileNameLength ) ) {
HideHandler( Index, CurrEntry, LastEntry, Irp );
break;
}
LastEntry = CurrEntry;
} while ( CurrEntry->NextEntryOffset != 0 );
}
}
if ( Irp->PendingReturned ) {
IoMarkIrpPending( Irp );
}
return Irp->IoStatus.Status;
}
BOOLEAN
HideOrNot(
IN PWCHAR FileName,
IN ULONG FileNameLength
)
{
LONG ret;
UNICODE_STRING ustr1;
UNICODE_STRING ustr2;
RtlInitUnicodeString( &ustr1, FileName );
ustr1.Length = (USHORT) FileNameLength;
RtlInitUnicodeString( &ustr2, L"dream_8.txt" );
ret = RtlCompareUnicodeString(
&ustr1,
&ustr2,
TRUE
);
if ( ret == 0 ) return TRUE;
else return FALSE;
}
VOID
HideHandler(
IN ULONG Index,
IN PFILE_BOTH_DIR_INFORMATION CurrEntry,
IN PFILE_BOTH_DIR_INFORMATION LastEntry,
IN PIRP Irp
)
{
PVOID temp;
if ( Index == 0 && CurrEntry->NextEntryOffset == 0 ) {
RtlZeroMemory( CurrEntry, Irp->IoStatus.Information );
Irp->IoStatus.Information = 0;
Irp->UserBuffer = NULL;
} else if ( Index == 0 && CurrEntry->NextEntryOffset != 0 ) {
temp = ExAllocatePool(
NonPagedPool,
Irp->IoStatus.Information - CurrEntry->NextEntryOffset
);
if ( temp ) {
RtlCopyMemory(
temp,
(PCHAR) CurrEntry + CurrEntry->NextEntryOffset,
Irp->IoStatus.Information - CurrEntry->NextEntryOffset
);
RtlZeroMemory(
CurrEntry,
Irp->IoStatus.Information
);
RtlCopyMemory(
CurrEntry,
temp,
Irp->IoStatus.Information - CurrEntry->NextEntryOffset
);
Irp->IoStatus.Information -= CurrEntry->NextEntryOffset;
ExFreePool( temp );
}
} else if ( Index > 0 && CurrEntry->NextEntryOffset != 0 ) {
temp = ExAllocatePool(
NonPagedPool,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset)
);
if ( temp ) {
RtlCopyMemory(
temp,
(PCHAR) CurrEntry + CurrEntry->NextEntryOffset,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset)
);
RtlZeroMemory(
CurrEntry,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
(PCHAR) CurrEntry
);
RtlCopyMemory(
CurrEntry,
temp,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
((PCHAR) CurrEntry + CurrEntry->NextEntryOffset)
);
Irp->IoStatus.Information -= CurrEntry->NextEntryOffset;
ExFreePool( temp );
}
} else if ( Index > 0 && CurrEntry->NextEntryOffset == 0 ) {
RtlZeroMemory(
CurrEntry,
((PCHAR) Irp->UserBuffer + Irp->IoStatus.Information) - /
(PCHAR) CurrEntry
);
LastEntry->NextEntryOffset = 0;
Irp->IoStatus.Information = (PCHAR) CurrEntry - (PCHAR) Irp->UserBuffer;
}
}
//----------------------------------------------------------------------
// F A S T I O R O U T I N E S
//----------------------------------------------------------------------
BOOLEAN
FilemonFastIoCheckifPossible(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN BOOLEAN CheckForReadOperation,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryBasicInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_BASIC_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryStandardInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_STANDARD_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoLock(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
BOOLEAN FailImmediately,
BOOLEAN ExclusiveLock,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoUnlockSingle(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PLARGE_INTEGER Length,
PEPROCESS ProcessId,
ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoUnlockAll(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoUnlockAllByKey(
IN PFILE_OBJECT FileObject,
PEPROCESS ProcessId,
ULONG Key,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryNetworkOpenInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT struct _FILE_NETWORK_OPEN_INFORMATION *Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
NTSTATUS
FilemonFastIoAcquireForModWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER EndingOffset,
OUT struct _ERESOURCE **ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlReadComplete(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoPrepareMdlWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlWriteComplete(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoReadCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
OUT struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoWriteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PMDL *MdlChain,
OUT PIO_STATUS_BLOCK IoStatus,
OUT struct _COMPRESSED_DATA_INFO *CompressedDataInfo,
IN ULONG CompressedDataInfoLength,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlReadCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoMdlWriteCompleteCompressed(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN PMDL MdlChain,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
BOOLEAN
FilemonFastIoQueryOpen(
IN PIRP Irp,
OUT PFILE_NETWORK_OPEN_INFORMATION NetworkInformation,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
NTSTATUS
FilemonFastIoReleaseForModWrite(
IN PFILE_OBJECT FileObject,
IN struct _ERESOURCE *ResourceToRelease,
IN PDEVICE_OBJECT DeviceObject
)
{
return STATUS_NOT_IMPLEMENTED;
}
NTSTATUS
FilemonFastIoAcquireForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
)
{
return STATUS_NOT_IMPLEMENTED;
}
NTSTATUS
FilemonFastIoReleaseForCcFlush(
IN PFILE_OBJECT FileObject,
IN PDEVICE_OBJECT DeviceObject
)
{
return STATUS_NOT_IMPLEMENTED;
}
BOOLEAN
FilemonFastIoDeviceControl(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
IN PVOID InputBuffer,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer,
IN ULONG OutputBufferLength,
IN ULONG IoControlCode,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject
)
{
return FALSE;
}
VOID
FilemonFastIoAcquireFile(
PFILE_OBJECT FileObject
)
{
}
VOID
FilemonFastIoReleaseFile(
PFILE_OBJECT FileObject
)
{
}
VOID
FilemonFastIoDetachDevice(
PDEVICE_OBJECT SourceDevice,
PDEVICE_OBJECT TargetDevice
)
{
}
调用时创建一个结构体,就可以隐藏自己的文件
原文链接: http://blog.csdn.net/yincheng01/article/details/4455216
转载于:https://my.oschina.net/junwong/blog/48107
vc实现用文件系统过滤驱动实现文件隐藏的类相关推荐
- Windows文件系统过滤驱动开发教程(0,1,2)
0. 作者,楚狂人自述 我长期网上为各位项目经理充当"技术实现者"的角色.我感觉Windows文件系统驱动的开发能找到的资料比较少.为了让技术经验不至于遗忘和引起大家交流的兴趣我以 ...
- Windows 文件系统过滤驱动开发教程 (第二版)
Windows 文件系统过滤驱动开发教程 (第二版) 楚狂人-2007-上海 (MSN:walled_river@hotmail.com) -1. 改版序....... ...
- 文件系统过滤驱动开发(一)—Win32底层开发小组
声明:本文无太多新意,只是介绍下学习经验,大神级人物(如总监大人)请略过,谢谢合作>_< 吐槽一下:学驱动算起来也是从上学期9月份开始吧,之前在家买了<Windows驱动开发技术详解 ...
- 文件系统过滤驱动总结
文件系统过滤驱动 . 1 文件系统过滤驱动工作原理 Windows NT内核操作系统的驱动模型采用分层结构,如图1所示.图中左边是一个设备对象栈,设备对象 是操作系统为帮助软件管理硬件而创建的数据结构 ...
- Windows文件系统过滤驱动开发教程(4)
Windows文件系统过滤驱动开发教程 4.设备栈,过滤,文件系统的感知 前边都在介绍文件系统驱动的结构,却还没讲到我们的过滤驱动如何能捕获所有发给文件系统驱动的irp,让我们自己来处理?前面已经解释 ...
- Windows文件系统过滤驱动开发教程(4,5)
4.设备栈,过滤,文件系统的感知 前边都在介绍文件系统驱动的结构,却还没讲到我们的过滤驱动如何能捕获所有发给文件系统驱动的irp,让我们自己来处理?前面已经解释过了设备对象.现在来解释一下设备栈. 任 ...
- 过滤驱动加密文件(代码)
摘要: 我想做一个unlocker一样的程序,不管这个文件有没有被使用,先实现删除它.在查资料过程中,就知道了如果不访问磁盘扇区的话,除非写驱动才能做到.奈何时间有限,工作匆忙,一直没有完成. ...
- 文件过滤驱动 VPB 卷参数块 生命周期 IoGetRelatedDeviceObject
文件过滤驱动中,VPB(卷参数块),它将文件系统卷设备和磁盘设备卷设备联系起来,结构如下: typedef struct _VPB { CSHORT Type; CSHORT Size ...
- Windows驱动_文件系统微小过滤驱动之三微小过滤驱动的操作
30岁左右的程序员,现在除了奋斗以外,要开始考虑下自己的身体了,到了这个年纪,不能像之前20岁左的年轻人一样不顾一切去拼搏.现在的自己,应该更讲究效率.所以选择公司也很重要.同样,运动开始变得必需了, ...
最新文章
- cacti命令行添加监控详解
- 不动产登记证书曝光 一个“改变”必须注意(图)
- java在哪个文件夹_JVM具体在哪个文件夹下的
- python k线顶分型_【缠论】分型、笔的定义及其程序化
- iOS程序员也要学点算法吧 简单排序之插入排序
- 基于Bounding Box的激光点云聚类
- android studio中讯飞sdk“组件未安装.(错误码:21002)”的解决办法
- 达观杯文本智能处理(4)
- 让Office无处不在——Office Web App初体验
- 数据库备份与还原的过程中介质集有2个介质簇,但只提供了1个。必须提供所有成员...
- 【C++】一次遇到的需要加入const属性的情况
- Delphi 11.1 Alexandria 下载地址集合(包括以前版本)
- 微软亚洲研究院公布12项顶级研发成果(组图)
- 小程序二维码和小程序带参数二维码生成
- 什么是阻抗?影响阻抗的因素有哪些?
- 关于我想写个脚本,最后却搞了个桌面宠物这件事(一)
- 详解docker镜像管理命令
- 《How powerful are graph neural networks》论文翻译
- 开篇回忆——为什么选择java?
- 大促期间如何选择淘宝店铺托管?