IFS下的文件、文件夹隐藏问题，请高手帮忙看看下面的代码有什么问题？

楼主^#

更多发布于：2004-12-23 21:06

case IRP_MJ_DIRECTORY_CONTROL:
if( IrpSp->MinorFunction == IRP_MN_QUERY_DIRECTORY )
{
nStatus=RealFunction(DeviceObject,Irp);

if (!NT_SUCCESS( nStatus ))
{
return nStatus;
}

HookIrpMjDirCtrl( FullPath, DeviceObject, Irp );

}
else
{
nStatus=RealFunction(DeviceObject,Irp);
}

break;

NTSTATUS
HookIrpMjDirCtrl(PCHAR FullPath,PDEVICE_OBJECT DeviceObject,PIRP Irp )
{
PIO_STACK_LOCATION IrpSp=IoGetCurrentIrpStackLocation(Irp);

NTSTATUS Status = STATUS_SUCCESS;

PFILE_BOTH_DIR_INFORMATION pDirInfo = NULL;
PFILE_BOTH_DIR_INFORMATION pPrevDirInfo = NULL;

PCHAR pStartEntryToMove;
PCHAR pStartNextEntry;
DWORD nPos = 0;
DWORD nNewLength;
DWORD FileInformationBufferLength;

PUNICODE_STRING puObjectName = NULL;

DWORD Offset;
DWORD PrevOffset = 0;
DWORD Len;
DWORD Action;

HANDLE Pid;

char* FileName = NULL;
CHAR szFilePath[256];

strcpy( szFilePath, FullPath);
// DbgPrint(szFilePath);
pDirInfo = (PFILE_BOTH_DIR_INFORMATION) Irp->UserBuffer;
FileInformationBufferLength = IrpSp->Parameters.QueryFile.Length;
KdPrint(("FullPath:%S, QueryFile:%d", szFilePath, FileInformationBufferLength));
FileInformationBufferLength = IrpSp->Parameters.QueryDirectory.Length;
KdPrint(("FullPath:%S, QueryDirectory:%d",szFilePath, FileInformationBufferLength));
FileInformationBufferLength = Irp->IoStatus.Information;
KdPrint(("FullPath:%S, Information:%d", szFilePath, FileInformationBufferLength));

if( !pDirInfo || !FileInformationBufferLength )
{
return Status;
}

if( pDirInfo->NextEntryOffset > FileInformationBufferLength )
{
return Status;
}

nNewLength = FileInformationBufferLength;

puObjectName = (PUNICODE_STRING)ExAllocatePoolWithTag(PagedPool, 1024 + 8, 'AAA');

if(!puObjectName)
{
return Status;
}

RtlZeroMemory(puObjectName, 1024 + 8);

__try
{
puObjectName->Buffer = (PWSTR)((PCHAR)puObjectName + 8);
puObjectName->Length = 0;
puObjectName->MaximumLength = 1024;

// if(!GetObjectName(hFile, puObjectName, 1024))
// {
// ExFreePool(puObjectName);
// return Status;
// }

// Len = puObjectName->Length/2;
Len = strlen(FullPath);

if( Len >= 510 )
{
ExFreePool(puObjectName);
return Status;
}

// if(!ParsePath(puObjectName->Buffer))
// {
// ExFreePool(puObjectName);
// return Status;
// }

FileName = (char*) ExAllocatePoolWithTag(PagedPool, 512 + 8, 'BBB');
if( !FileName )
{
ExFreePool(puObjectName);
return Status;
}

RtlZeroMemory(FileName, 512 + 8);
RtlCopyMemory(FileName, FullPath, strlen(FullPath));

// if(!NT_SUCCESS(W2C(puObjectName->Buffer, FileName)))
// {
// ExFreePool(FileName);
// ExFreePool(puObjectName);
// return Status;
// }

Len = strlen(FileName);
if(FileName[Len - 1] != '\\')
{
FileName[Len] = '\\';
Len++;
}
FileName[Len] = 0;

do
{
Offset = pDirInfo->NextEntryOffset;

if(pDirInfo->FileNameLength == 0)
{
PrevOffset = Offset;
pPrevDirInfo = pDirInfo;
nPos += Offset;
pDirInfo = (PFILE_BOTH_DIR_INFORMATION)((PCHAR) pDirInfo + Offset);
continue;
}

if( pDirInfo->FileNameLength/2 + Len >= 510 )
{
PrevOffset = Offset;
pPrevDirInfo = pDirInfo;
nPos += Offset;
pDirInfo = (PFILE_BOTH_DIR_INFORMATION)((PCHAR) pDirInfo + Offset);
continue;
}

//放过"."
if( pDirInfo->FileNameLength == 2 && pDirInfo->FileName[0] == L'.' )
{
PrevOffset = Offset;
pPrevDirInfo = pDirInfo;
nPos += Offset;
pDirInfo = (PFILE_BOTH_DIR_INFORMATION)((PCHAR) pDirInfo + Offset);
continue;
}

//放过".."
if( pDirInfo->FileNameLength == 4 && pDirInfo->FileName[0] == L'.' && pDirInfo->FileName[1] == L'.' )
{
PrevOffset = Offset;
pPrevDirInfo = pDirInfo;
nPos += Offset;
pDirInfo = (PFILE_BOTH_DIR_INFORMATION)((PCHAR) pDirInfo + Offset);
continue;
}

RtlCopyMemory(puObjectName->Buffer, pDirInfo->FileName, pDirInfo->FileNameLength);
puObjectName->Buffer[pDirInfo->FileNameLength/2] = 0;

_wcsupr(puObjectName->Buffer);

if( !NT_SUCCESS(W2C(puObjectName->Buffer, &FileName[Len])) )
{
PrevOffset = Offset;
pPrevDirInfo = pDirInfo;
nPos += Offset;
pDirInfo = (PFILE_BOTH_DIR_INFORMATION)((PCHAR) pDirInfo + Offset);
continue;
}

Action = MatchRules(FileName);

// 如果需要隐藏
if( Action & ACTION_HIDDEN )
{
if(Offset)
{
RtlMoveMemory((PCHAR)pDirInfo, (PCHAR)pDirInfo + Offset, nNewLength - nPos - Offset);
nNewLength -= Offset;
}
else
{
if(pPrevDirInfo)
{
pPrevDirInfo->NextEntryOffset = 0;
nNewLength -= PrevOffset;
}
else
{
nNewLength = 0;
Status = STATUS_NO_MORE_FILES;
}
}
}
else
{
PrevOffset = Offset;
pPrevDirInfo = pDirInfo;
nPos += Offset;
pDirInfo = (PFILE_BOTH_DIR_INFORMATION)((PCHAR) pDirInfo + Offset);
continue;
}

} while( Offset );
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
if(FileName)
{
ExFreePool(FileName);
}

ExFreePool(puObjectName);
return Status;
}

if(FileName)
{
ExFreePool(FileName);
}

ExFreePool(puObjectName);

FileInformationBufferLength = nNewLength;

Irp->IoStatus.Status = Status;
Irp->IoStatus.Information = nNewLength;

return Status;

}

运行一段时间就出现计算机重启，而且当其它计算机访问本机时，也肯可能导致重启，
通过输出Debug信息发现获取文件列表的长度信息总是不对，
FileInformationBufferLength = IrpSp->Parameters.QueryFile.Length;
KdPrint(("FullPath:%S, QueryFile:%d", szFilePath, FileInformationBufferLength));
FileInformationBufferLength = IrpSp->Parameters.QueryDirectory.Length;
KdPrint(("FullPath:%S, QueryDirectory:%d",szFilePath, FileInformationBufferLength));
FileInformationBufferLength = Irp->IoStatus.Information;
KdPrint(("FullPath:%S, Information:%d", szFilePath, FileInformationBufferLength));中应该用哪一个才对，

喜欢0

etjon 驱动牛犊注册日期2004-09-19 最后登录2008-04-22 粉丝0 关注0 积分110分威望11点贡献值0点好评度11点原创分0分专家分0分加关注写私信	沙发^# 发布于：2007-01-12 16:38 Sorry 貼錯 ~~~
	回复(0) 喜欢(0)

您需要登录后才可以回帖，登录或者注册

IFS下的文件、文件夹隐藏问题，请高手帮忙看看下面的代码有什么问题？

最新喜欢：