|
阅读:2510回复:18
文件加密的问题,郁闷中
我练习写了一个对特定文件进行加密的程序,但是发现,当时没有加密,重新启动机器后,文件被加密了,这是为什么阿?代码就是按照tooflat写的,只取了sfWrite和SfWriteCompletion,直接对要加密的文件操作。
我用的是虚拟机进行调试的,有关系吗? 那位老大知道,麻烦指教一下。 |
|
|
沙发#
发布于:2007-09-18 15:04
问题出在系统的缓存里面,保存成功了,但是没有刷新系统内存,所以看到的还是原来的明文。
|
|
|
板凳#
发布于:2007-09-15 00:34
问题在哪里?分享一下如何?
|
|
|
地板#
发布于:2007-09-07 11:03
回 15楼(wanghui219)的帖子
没明白你说的话?storage那里是那里 |
|
禁止发言
|
地下室#
发布于:2007-09-06 23:53
用户被禁言,该主题自动屏蔽! |
|
5楼#
发布于:2007-09-06 14:20
终于知道是什么原因了,哎!
 |
|
|
6楼#
发布于:2007-09-04 18:07
回 12楼(geland)的帖子
我在CREATE例程中取FileName,但是还是老样子。是不是我还需要在CLOSE或者什么地方设置呢。我的SfWrite的代码如下,大家能帮我看看吗? NTSTATUS SfWrite( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { PSFILTER_DEVICE_EXTENSION DevExt = (PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension; PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp); PFILE_OBJECT FileObject = IrpSp->FileObject; PFILE_CONTEXT pFileSrcCtx = NULL; PFILE_CONTEXT FileCtxPtr = NULL; PVOID OldBuffer = NULL; PVOID MyBuffer = NULL; ULONG Length = 0; ULONG Offset = 0; KEVENT WaitEvent; NTSTATUS Status = STATUS_SUCCESS; PAGED_CODE(); // // Sfilter doesn't allow handles to its control device object to be created, // therefore, no other operation should be able to come through. // ASSERT(!IS_MY_CONTROL_DEVICE_OBJECT(DeviceObject)); ASSERT(IS_MY_DEVICE_OBJECT(DeviceObject)); // // We only care about volume filter device object // if (!DevExt->StorageStackDeviceObject) { IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(DevExt->AttachedToDeviceObject, Irp); } // // We only care about IRP_NOCACHE | IRP_PAGING_IO | IRP_SYNCHRONOUS_PAGING_IO // if (!(Irp->Flags & (IRP_NOCACHE | IRP_PAGING_IO | IRP_SYNCHRONOUS_PAGING_IO))) { IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(DevExt->AttachedToDeviceObject, Irp); } pFileSrcCtx = ExAllocateFromPagedLookasideList(&gFileContextLookAsideList); if (!pFileSrcCtx) { KdPrint(("sfilter!SfWrite: Allocate File Context failure STATUS_INSUFFICIENT_RESOURCES\n")); Status = STATUS_INSUFFICIENT_RESOURCES; return Status; } ExAcquireFastMutex(&DevExt->FsCtxTableMutex); pFileSrcCtx->FsContext = FileObject->FsContext; FileCtxPtr = RtlLookupElementGenericTable(&DevExt->FsCtxTable, pFileSrcCtx); ExReleaseFastMutex(&DevExt->FsCtxTableMutex); ExFreeToPagedLookasideList(&gFileContextLookAsideList, pFileSrcCtx); if ( !FileCtxPtr ) { IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(DevExt->AttachedToDeviceObject, Irp); } KdPrint(("sfilter!SfWrite: it's we care about file.\n")); do { // // Get file content. // if (Irp->MdlAddress) { OldBuffer = MmGetSystemAddressForMdl(Irp->MdlAddress); } else { PMDL Mdl; Mdl = IoAllocateMdl(Irp->UserBuffer, Length, FALSE, FALSE, NULL); if (Mdl == NULL) { KdPrint(("sfilter!SfWrite: IoAllocateMdl failed\n")); Status = STATUS_INSUFFICIENT_RESOURCES; break; } try { MmProbeAndLockPages(Mdl, Irp->RequestorMode, IoReadAccess); } except (EXCEPTION_EXECUTE_HANDLER) { KdPrint(("sfilter!SfWrite: STATUS_INVALID_USER_BUFFER\n")); IoFreeMdl(Mdl); Status = STATUS_INVALID_USER_BUFFER; break; } MmUnlockPages(Mdl); IoFreeMdl(Mdl); OldBuffer = Irp->UserBuffer; } if (!OldBuffer) { KdPrint(("sfilter!SfWrite: STATUS_INVALID_PARAMETER\n")); Status = STATUS_INVALID_PARAMETER; break; } Length = IrpSp->Parameters.Write.Length; MyBuffer = ExAllocatePoolWithTag(NonPagedPool, Length, SFLT_POOL_TAG_MYSELF); if (!MyBuffer) { KdPrint(("sfilter!SfWrite: STATUS_INSUFFICIENT_RESOURCES\n")); Status = STATUS_INSUFFICIENT_RESOURCES; break; } Irp->MdlAddress = IoAllocateMdl(MyBuffer, Length, FALSE, TRUE, NULL); if (!Irp->MdlAddress) { KdPrint(("sfilter!SfWrite: STATUS_INSUFFICIENT_RESOURCES\n")); Status = STATUS_INSUFFICIENT_RESOURCES; break; } for (Offset = 0; Offset < Length; ++Offset) { ((PUCHAR) MyBuffer)[Offset] = ~((PUCHAR) OldBuffer)[Offset]; } MmBuildMdlForNonPagedPool(Irp->MdlAddress); Irp->UserBuffer = MmGetMdlVirtualAddress(Irp->MdlAddress); KdPrint(("sfilter!SfWrite: Encrypt %ws\n", FileCtxPtr->Name)); KeInitializeEvent( &WaitEvent, NotificationEvent, FALSE ); IoCopyCurrentIrpStackLocationToNext(Irp); IoSetCompletionRoutine(Irp, SfWriteCompletion, &WaitEvent, TRUE, TRUE,TRUE); Status = IoCallDriver( DevExt->AttachedToDeviceObject, Irp ); if (STATUS_PENDING == Status) { Status = KeWaitForSingleObject( &WaitEvent, Executive, KernelMode, FALSE, NULL ); ASSERT( STATUS_SUCCESS == Status ); } // // Verify the IoCompleteRequest was called // ASSERT(KeReadStateEvent(&WaitEvent) || !NT_SUCCESS(Irp->IoStatus.Status)); ExFreePoolWithTag(MyBuffer, SFLT_POOL_TAG_MYSELF); } while(FALSE); KdPrint(("sfilter!SfWrite: leaving.\n")); Status = Irp->IoStatus.Status; IoCompleteRequest(Irp, IO_NO_INCREMENT); return Status; } NTSTATUS SfWriteCompletion( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context ) { PKEVENT event = (PKEVENT) Context; UNREFERENCED_PARAMETER(DeviceObject); UNREFERENCED_PARAMETER(Irp); if (Irp->PendingReturned) IoMarkIrpPending(Irp); KeSetEvent( event, IO_NO_INCREMENT, FALSE ); // Signal event return STATUS_MORE_PROCESSING_REQUIRED; } |
|
|
7楼#
发布于:2007-09-04 10:07
不要在sfWrite中直接使用FileObject->FileName,你应该在CREATE例程中取FileName,然后在其他地方使用
|
|
|
8楼#
发布于:2007-09-03 15:59
会不会是因为我在sfWrite中直接使用FileObject->FileName来判断是否是要加密的文件有关?
RtlInitUnicodeString( &sourceName, L"\\1.txt" ); if (FileObject && RtlCompareUnicodeString( &sourceName, &FileObject->FileName, TRUE ) == 0) { ...... } 我的意思是,如果我想加密文件内容的话,是不是只需要处理IRP_MJ_WRITE,而其他的处理方式可以沿用微软的sfilter的例子。 |
|
|
9楼#
发布于:2007-09-03 13:33
真的没人能够明示了吗?
|
|
|
10楼#
发布于:2007-09-01 15:10
回 8楼(michaelgz)的帖子
Read过程中,没有进行解密。我是动态加载的,试过了保存后停止驱动,然后再打开,还是没有加密。写的时候如何注意NTFS MBR? |
|
|
11楼#
发布于:2007-08-31 21:53
Re:回 3楼(geland)的帖子
写入前,已经变成密文了,保存完后,再打开,还是明文,重起机器后打开,变成密文了 That's common behavior if you don't have decryption in READ. 关闭文件重新启动时,经常出现磁盘检查 Looks like your encryption in WRITE routines messed up NTFS MBR. |
|
|
12楼#
发布于:2007-08-31 17:44
加密后,关闭文件重新启动时,经常出现磁盘检查,内容大致如下:
Deleting index entry 1.txt. lnk in index $I30 OF FILE 12779 Deleting index entry 1txt~1. lnk in index $I30 OF FILE 12779 Deleting index entry (乱码)~1. lnk in index $I30 OF FILE 12779 Deleting index entry (乱码)(C). lnk in index $I30 OF FILE 12779 Index verification completed. CHKDSK is recovering lost files. Recovering orphaned file (乱码)~1. lnk (296) into directory file 12779. Recovering orphaned file (乱码)(C). lnk (296) into directory file 12779. Recovering orphaned file 1.txt. lnk (353) into directory file 12779. Recovering orphaned file 1TXT~1. LNK (353) into directory file 12779. 会不会和我的文件系统有关系阿,我的文件系统是NTFS. |
|
|
13楼#
发布于:2007-08-31 16:14
回 5楼(geland)的帖子
这个就是明文了。难道我还要在其他地方进行处理吗? |
|
|
14楼#
发布于:2007-08-31 16:06
你写入的就是缓存管理器交给你的数据,你说是明文还是密文?
|
|
|
15楼#
发布于:2007-08-31 15:34
回 3楼(geland)的帖子
写入前,已经变成密文了,保存完后,再打开,还是明文,重起机器后打开,变成密文了 |
|
|
16楼#
发布于:2007-08-31 14:59
在缓存中还是明文!!
|
|
|
17楼#
发布于:2007-08-31 13:53
编译和测试环境是VMware 5.5 + WindowsXP + IFS for winddows2003
我的代码如下: NTSTATUS SfWrite( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { ......... Irp->MdlAddress = IoAllocateMdl(MyBuffer, IrpSp->Parameters.Write.Length, FALSE, TRUE, NULL); if (!Irp->MdlAddress) { KdPrint(("sfilter!SfWrite: STATUS_INSUFFICIENT_RESOURCES\n")); Irp->MdlAddress = CompletionCtx->OldMdl; ExFreePool(CompletionCtx); ExFreePool(MyBuffer); status = STATUS_INSUFFICIENT_RESOURCES; break; } // encrypt 先加密,后写入,仅直接求反 for (Offset = 0; Offset < Length; ++Offset) { ((PUCHAR) MyBuffer)[Offset] = ~((PUCHAR) OldBuffer)[Offset]; } MmBuildMdlForNonPagedPool(Irp->MdlAddress); Irp->UserBuffer = MmGetMdlVirtualAddress(Irp->MdlAddress); IoCopyCurrentIrpStackLocationToNext(Irp); IoSetCompletionRoutine(Irp, SfWriteCompletion, CompletionCtx, TRUE, TRUE,TRUE); return IoCallDriver(DevExt->AttachedToDeviceObject, Irp); ................ } NTSTATUS SfWriteCompletion( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context ) { PREAD_WRITE_COMPLETION_CONTEXT CompletionCtx = (PREAD_WRITE_COMPLETION_CONTEXT) Context; ULONG Offset = 0; UNREFERENCED_PARAMETER(DeviceObject); if (Irp->PendingReturned) IoMarkIrpPending(Irp); IoFreeMdl(Irp->MdlAddress); ExFreePoolWithTag(CompletionCtx->MyBuffer, SFLT_POOL_TAG_MYSELF); ExFreeToNPagedLookasideList(&gReadWriteCompletionCtxLookAsideList, CompletionCtx); return STATUS_SUCCESS; } |
|
|
18楼#
发布于:2007-08-31 12:28
没人知道吗?真郁闷
|
|