miniFilter下，文件透明加密写文件的错误

楼主^#

更多发布于：2010-03-16 10:14

   我的文件透明加密程序是在miniFilter下，加密标志放在头部，长度为4K，在PreWrite的时候加便宜并且加密内容，现在出现一个很奇怪的问题，就是我的程序在FAT32下测试正常，但是NTFS下写入返回值IoStatus的Information为0，证明未写入数据。我修改的是Write的ByteOffset。
   假如我写入的长度为4097，则information返回值为1，只写入了一个字符，很郁闷，下面是我的实现函数，请各位看看有什么问题

FLT_PREOP_CALLBACK_STATUS
SharePreWrite (
   __inout PFLT_CALLBACK_DATA Data,
   __in PCFLT_RELATED_OBJECTS FltObjects,
   __deref_out_opt PVOID *CompletionContext
   )
{
   NTSTATUS status;
   PFLT_IO_PARAMETER_BLOCK iopb = Data->Iopb;
   FLT_PREOP_CALLBACK_STATUS FltStatus = FLT_PREOP_SUCCESS_NO_CALLBACK;

   PVOID newBuf = NULL;
   PMDL newMdl = NULL;
   PPRE_2_POST_CONTEXT p2pCtx;

   PVOID origBuf;
   ULONG writeLen = iopb->Parameters.Write.Length;
   LARGE_INTEGER writeOffset = iopb->Parameters.Write.ByteOffset ;

   PSTREAM_CONTEXT pStreamCtx = NULL ;

   KIRQL OldIrql ;

   LARGE_INTEGER filesize={0};
   LARGE_INTEGER newsize={0};

   try {

   status = Ctx_FindOrCreateStreamContext(Data,FltObjects,FALSE,&pStreamCtx,NULL) ;
   if (!NT_SUCCESS(status))
   __leave ;

   //非加密文件不处理
   if (!pStreamCtx->bIsFileCrypt)
   {
   _leave;
   }

   if (FLT_IS_FASTIO_OPERATION(Data))
   {//暂时不处理FASTIO
   FltStatus = FLT_PREOP_DISALLOW_FASTIO ;
   __leave ;
   }

   writeOffset.QuadPart = iopb->Parameters.Write.ByteOffset.QuadPart;
   if (!IsSpecialProcess(Data))//如果不是我指定的进程，则不需要偏移
   {
   writeOffset.QuadPart += FILE_HEAD_LENGTH;
   }
   if (!(Data->Iopb->IrpFlags & (IRP_NOCACHE | IRP_PAGING_IO | IRP_SYNCHRONOUS_PAGING_IO)))
   {
   //由于在未设置文件大小的情况下写文件，这个操作会设置文件大小，所以要设置偏移
   File_GetFileSize(Data, FltObjects, &filesize) ;
   if (writeOffset.QuadPart + iopb->Parameters.Write.Length> filesize.QuadPart)
   {
   newsize.QuadPart = writeOffset.QuadPart + iopb->Parameters.Write.Length;
   File_SetFileSize(Data, FltObjects,&newsize);
   }
   FltStatus = FLT_PREOP_SUCCESS_NO_CALLBACK;
   __leave ;
   }

   if (writeLen == 0)
   __leave;

   if (FlagOn(IRP_NOCACHE,iopb->IrpFlags)) {
   writeLen = (ULONG)ROUND_TO_SIZE(writeLen,pStreamCtx->SectorSize);
   }

   newBuf = ExAllocatePoolWithTag( NonPagedPool, writeLen,BUFFER_SWAP_TAG );
   if (newBuf == NULL)
   __leave;

   if (FlagOn(Data->Flags,FLTFL_CALLBACK_DATA_IRP_OPERATION))
   {
   newMdl = IoAllocateMdl( newBuf, writeLen, FALSE,FALSE, NULL );
   if (newMdl == NULL)
   leave;
   MmBuildMdlForNonPagedPool( newMdl );
   }

   if (iopb->Parameters.Write.MdlAddress != NULL)
   {
   origBuf = MmGetSystemAddressForMdlSafe( iopb->Parameters.Write.MdlAddress, NormalPagePriority );
   if (origBuf == NULL)
   {
   Data->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
   Data->IoStatus.Information = 0;
   FltStatus = FLT_PREOP_COMPLETE;
   leave;
   }
   } else {
   origBuf = iopb->Parameters.Write.WriteBuffer;
   }

   try {
   RtlCopyMemory( newBuf,origBuf,writeLen );

   if (!IsSpecialProcess(Data))
   {
   do {

   if (pStreamCtx->bIsFileCrypt)
   {
   KeEnterCriticalRegion() ;
   //加密
   status = File_EncryptBuffer(newBuf,writeLen,NULL,NULL);
   if (NT_SUCCESS(status))
   {
   KeLeaveCriticalRegion() ;
   break;
   }
   KeLeaveCriticalRegion() ;
   }
   }while(FALSE) ;
   }

   } except (EXCEPTION_EXECUTE_HANDLER) {
   Data->IoStatus.Status = GetExceptionCode();
   Data->IoStatus.Information = 0;
   FltStatus = FLT_PREOP_COMPLETE;
   leave;
   }

   p2pCtx = ExAllocateFromNPagedLookasideList( &Pre2PostContextList );
   if (p2pCtx == NULL)
   __leave;

   iopb->Parameters.Write.WriteBuffer = newBuf;
   iopb->Parameters.Write.MdlAddress = newMdl;
   iopb->Parameters.Write.ByteOffset.QuadPart = writeOffset.QuadPart;
   FltSetCallbackDataDirty( Data );

   p2pCtx->SwappedBuffer = newBuf;
   p2pCtx->pStreamCtx = pStreamCtx ;
   *CompletionContext = p2pCtx;

   FltStatus = FLT_PREOP_SUCCESS_WITH_CALLBACK;

   } finally {
   if (FLT_PREOP_SUCCESS_WITH_CALLBACK != FltStatus)
   {
   if (newBuf != NULL)
   {
   ExFreePoolWithTag( newBuf,BUFFER_SWAP_TAG );
   }

   if (newMdl != NULL)
   {
   IoFreeMdl( newMdl );
   }

   if (NULL != pStreamCtx)
   {
   FltReleaseContext(pStreamCtx) ;
   }
   }
   }
   return FltStatus;
}

喜欢0

孙晓中孙晓中

驱动牛犊

注册日期2010-03-16
最后登录2010-03-16
粉丝0
关注0
积分2分
威望21点
贡献值0点
好评度0点
原创分0分
专家分0分

加关注写私信

沙发^#

发布于：2010-03-16 11:42

从一粒沙子看到一个世界

从一粒沙子看到一个世界，
Hold infinity in the palm of your hand,
永恒也就消融于一个时辰。
Love Your Life
把握在你手心里的就是无限，
To see a world in a grain of sand,
Henry David Thoreau/享利.大卫.梭罗
However mean your life is,cheap wedding dress meet it and live it;wedding dresses do not shun it and call it hard names. It is not Prom Dresses so bad as you are. It looks wedding dresses poorest when you are richest.cheap wedding dresses The faultfinder will find faults cheap Wedding dresses in paradise. Love your life, poor as it is.Wedding Gowns You may perhaps have wedding dresses some pleasant, thrilling,wedding dress glorious hours,cheap wedding dress even in a poorhouse. The cheap wedding dresses setting sun is reflected rom cheap wedding dresses the windows of the bridemaid dress alms-house as brightly Prom Dresses as from the rich man's abode;Wedding Gowns the snow melts before its door Prom Dress as early in the spring. I do not see but a quiet mind may live as contentedly there, and have as cheering thoughts, as in wedding dress a palace.2010 Wedding Dresses The town's poor bridal gown seem to me 2010 bridemaids dresses often to 2010 Wedding Dresses live the most independent lives Prom Dresses of any. May be they are simply great enough to receive cheap bridal gowns without misgiving. Most think that they are above Mother of bride dresses being supported by the town; but 2010 bridemaids dresses it often wedding dress happens that they 2010 Wedding Dresses are not above supporting 2010 Wedding Gowns themselves by dishonest means. Which should bridemaid dress be more disreputable.2010 Wedding Dresses Cultivate poverty like a garden herb, like sage.2010 bridemaids dresses Do not trouble yourself much Prom Dresses to get new things, whether cheap bridal gown clothes or friends, Turn the old,cheap Wedding dresses return to them. Things do Mother of bride dresses not change;Flower Girl Dresses we change. Sell your Flower Girl Dresses clothes 2010 Wedding Dresses and keep your wedding dress thoughts.
热爱生活
And a heaven in a wild fllower,
William Blake/威廉.布莱克
And eternity in an hour.
从一朵野花看到一个天堂，

[URL=http://www.wellbridal.com]wedding dresses[/URL] [URL=http://www.wellbridal.com]wedding dress[/URL]

回复喜欢

ander5115 驱动牛犊注册日期2009-12-23 最后登录2012-08-17 粉丝6 关注3 积分76分威望681点贡献值0点好评度0点原创分0分专家分0分加关注写私信	板凳^# 发布于：2010-04-22 14:06 我自己来回答吧，经过苦苦的跟踪，原来在Write里面，缓存写的时候，调用CcFlushCache才能写到磁盘上去，这应该不是正规做法，请问还有什么办法。
	回复(0) 喜欢(0)

liuhui19842003 驱动牛犊注册日期2009-12-30 最后登录2010-11-23 粉丝1 关注1 积分52分威望481点贡献值0点好评度0点原创分0分专家分0分加关注写私信	地板^# 发布于：2010-04-23 08:22 lz能否传份完整的代码参考！dongn0905@126.com
	回复(0) 喜欢(0)

michaelgz 论坛版主注册日期2005-01-26 最后登录2012-10-22 粉丝1 关注1 积分150分威望1524点贡献值1点好评度213点原创分0分专家分2分加关注写私信	地下室^# 发布于：2010-04-23 22:26 Cached data should be flushed out by Cache Manager, not by file system. Changing file size without owning resources deemed BSOD or dead lock in wild production environment.
	回复(0) 喜欢(0)

lijizhong619 驱动牛犊注册日期2009-03-12 最后登录2012-06-04 粉丝0 关注0 积分40分威望321点贡献值0点好评度0点原创分0分专家分0分加关注写私信	5楼^# 发布于：2010-05-13 19:25 我自己来回答吧，经过苦苦的跟踪，原来在Write里面，缓存写的时候，调用CcFlushCache才能写到磁盘上去，这应该不是正规做法，请问还有什么办法。？？？？？？？？？？？请问是在Write前还是在Write后调用调用CcFlushCache啊？
	回复(0) 喜欢(0)

ander5115 驱动牛犊注册日期2009-12-23 最后登录2012-08-17 粉丝6 关注3 积分76分威望681点贡献值0点好评度0点原创分0分专家分0分加关注写私信	6楼^# 发布于：2010-05-14 11:21 回 5楼(lijizhong619) 的帖子就是缓存写的时候。一般我们过滤处理的是非缓存写，这个CcFlushCache就是用在缓存写的时候。
	回复(0) 喜欢(0)

lijizhong619 驱动牛犊注册日期2009-03-12 最后登录2012-06-04 粉丝0 关注0 积分40分威望321点贡献值0点好评度0点原创分0分专家分0分加关注写私信	7楼^# 发布于：2010-05-15 11:47 楼主能否传份完整的代码参考！shuwen119922777@163.com ，谢谢
	回复(0) 喜欢(0)

您需要登录后才可以回帖，登录或者注册

miniFilter下，文件透明加密写文件的错误

最新喜欢：