|
20楼#
发布于:2007-03-26 09:55
使用这样的 file.$encrypt$ 文件标志。会有什么问题呢?
我的程序简单跑的没问题。遇到大文件处理。比如安装OFFICE 。需要建立Temp目录下很多临时文件。这时候就坏掉了。有时候出现文件损坏,或文件标志没有。导致无法解密。目录下的相同扩展名的标志文件小于这种扩展名的文件。 tooflat 指点一下哦。 |
|
|
|
21楼#
发布于:2007-03-26 10:02
这个函数有什么用处?
#define FAT_NTC_FCB 0x0502 #define NTFS_NTC_FCB 0x0705 BOOLEAN SfIsObjectFile( IN PFILE_OBJECT FileObject ) { PFSRTL_COMMON_FCB_HEADER fcb = (PFSRTL_COMMON_FCB_HEADER) FileObject->FsContext; // KdPrint(("sfilter!SfIsObjectFile: fcb->NodeTypeCode = %x\n", fcb->NodeTypeCode)); if (fcb->NodeTypeCode == FAT_NTC_FCB) return TRUE; else if (fcb->NodeTypeCode == NTFS_NTC_FCB) return TRUE; return FALSE; } |
|
|
|
22楼#
发布于:2007-03-26 11:43
我把所有创建的文件都打出来了。 发现 丢失加密标志的文件 都没有打出来。怎么跳过去了。重要的是,文件还被加密了。55
|
|
|
|
23楼#
发布于:2007-03-30 00:43
诶呀,大家真厉害...
我做的毕业设计就是这个,还一点都不懂呢... 郁闷  |
|
|
|
24楼#
发布于:2007-04-05 16:54
NTSTATUS WdmReadCompletion(IN PDEVICE_OBJECT DebiceObject, IN PIRP Irp, IN PVOID Context)
{ KEVENT* pEvent = (KEVENT*)Context; UNREFERENCED_PARAMETER(Irp); UNREFERENCED_PARAMETER(DebiceObject); KeSetEvent(pEvent, IO_NO_INCREMENT, FALSE); return STATUS_SUCCESS; } NTSTATUS WdmRead(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) { PIO_STACK_LOCATION IrpStack = IoGetCurrentIrpStackLocation(Irp); NTSTATUS status = STATUS_SUCCESS; KEVENT kEvent; int i=0; LONGLONG FilePointer = IrpStack->Parameters.Read.ByteOffset.QuadPart; LONG ReadLen = IrpStack->Parameters.Read.Length; KIRQL irql; PVOID OldBuffer = NULL; PSFILTER_DEVICE_EXTENSION DevExt = (PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension; PAGED_CODE(); DeviceObject = DeviceObject; KdPrint(("Read: %d bytes from file pointer %d.\r\n", (int)ReadLen, (int)FilePointer)); if (!(Irp->Flags & (IRP_NOCACHE | IRP_PAGING_IO | IRP_SYNCHRONOUS_PAGING_IO))) { IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(DevExt->AttachedToDeviceObject, Irp); } do { if(FilePointer < 0) { status = STATUS_INVALID_PARAMETER; break; } else { if (Irp->MdlAddress) OldBuffer = MmGetSystemAddressForMdl(Irp->MdlAddress); else if(Irp->AssociatedIrp.SystemBuffer == NULL) OldBuffer = Irp->UserBuffer; else OldBuffer = Irp->AssociatedIrp.SystemBuffer; if(OldBuffer == NULL) break; KeClearEvent(&kEvent); IoSetCompletionRoutine(Irp, WdmReadCompletion, (PVOID)&kEvent, TRUE, TRUE, TRUE); status = IoCallDriver(DevExt->AttachedToDeviceObject, Irp); if(STATUS_PENDING == status) { status = KeWaitForSingleObject(&kEvent, Executive, KernelMode, FALSE, NULL); ASSERT(STATUS_SUCCESS == status); } KeAcquireSpinLock(&BufferLock, &irql); for(i = 0; i < ReadLen; i++) ((char*)OldBuffer) = ((char*)OldBuffer)-1; KeReleaseSpinLock(&BufferLock, irql); return IoCallDriver(DevExt->AttachedToDeviceObject, Irp); } } while(0); Irp->IoStatus.Status = status; IoCompleteRequest(Irp, IO_NO_INCREMENT); return status; } |
|
|
|
25楼#
发布于:2007-04-05 17:00
NTSTATUS
SfWriteCompletion( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context ) { PW_R_COMPLETION_STRUCT CompletionCtx = (PW_R_COMPLETION_STRUCT)Context; PVOID userBuffer = Irp->UserBuffer; DeviceObject = DeviceObject; Irp->MdlAddress = CompletionCtx->Mdl; Irp->UserBuffer = CompletionCtx->UserBuffer; Irp->AssociatedIrp.SystemBuffer = CompletionCtx->AssociatedBuffer; ExFreePoolWithTag(userBuffer, SFLT_POOL_TAG); ExFreePoolWithTag(CompletionCtx, SFLT_POOL_TAG); return STATUS_SUCCESS; } NTSTATUS WdmWrite(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) { PIO_STACK_LOCATION IrpStack = IoGetCurrentIrpStackLocation(Irp); NTSTATUS status = STATUS_SUCCESS; int i = 0; LONGLONG FilePointer = IrpStack->Parameters.Write.ByteOffset.QuadPart; LONG WriteLen = IrpStack->Parameters.Write.Length; KIRQL irql; PVOID OldBuffer = NULL; PVOID NewBuffer = NULL; PSFILTER_DEVICE_EXTENSION DevExt = (PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension; PW_R_COMPLETION_STRUCT pCompletionCtx=NULL; PAGED_CODE(); DeviceObject = DeviceObject; KdPrint(("Wirte: %d bytes from file pointer %d.\r\n", (int)WriteLen, (int)FilePointer)); if (!(Irp->Flags & (IRP_NOCACHE | IRP_PAGING_IO | IRP_SYNCHRONOUS_PAGING_IO))) { IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(DevExt->AttachedToDeviceObject, Irp); } do { if(FilePointer < 0) status = STATUS_INVALID_PARAMETER; else { if (Irp->MdlAddress) OldBuffer = MmGetSystemAddressForMdl(Irp->MdlAddress); else if(Irp->AssociatedIrp.SystemBuffer == NULL) OldBuffer = Irp->UserBuffer; else OldBuffer = Irp->AssociatedIrp.SystemBuffer; if(OldBuffer == NULL) break; NewBuffer = ExAllocatePoolWithTag(NonPagedPool, WriteLen, SFLT_POOL_TAG); if(NULL == NewBuffer) { IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(DevExt->AttachedToDeviceObject, Irp); } pCompletionCtx = ExAllocatePoolWithTag(NonPagedPool, sizeof(W_R_COMPLETION_STRUCT), SFLT_POOL_TAG); if(NULL == NewBuffer) { ExFreePoolWithTag(NewBuffer, SFLT_POOL_TAG); IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(DevExt->AttachedToDeviceObject, Irp); } pCompletionCtx->Mdl = Irp->MdlAddress; pCompletionCtx->UserBuffer = Irp->UserBuffer; pCompletionCtx->AssociatedBuffer = Irp->AssociatedIrp.SystemBuffer; KeAcquireSpinLock(&BufferLock, &irql); memset(NewBuffer, 0, WriteLen); memcpy(NewBuffer, OldBuffer, WriteLen); for(i = 0; i < WriteLen; i++) ((char*)NewBuffer) = ((char*)NewBuffer)+1; if(NULL != Irp->MdlAddress) Irp->MdlAddress = NULL; if(NULL != Irp->AssociatedIrp.SystemBuffer) Irp->AssociatedIrp.SystemBuffer = NULL; Irp->UserBuffer = NewBuffer; KeReleaseSpinLock(&BufferLock, irql); IoCopyCurrentIrpStackLocationToNext(Irp); IoSetCompletionRoutine(Irp, SfWriteCompletion, pCompletionCtx, TRUE, TRUE,TRUE); return IoCallDriver(DevExt->AttachedToDeviceObject, Irp); } } while(0); Irp->IoStatus.Status = status; IoCompleteRequest(Irp, IO_NO_INCREMENT); return status; } 上面的WdmWrite和WdmRead会蓝屏,为什么啊? |
|
|
|
26楼#
发布于:2007-04-05 18:44
看看
|
|
|
|
27楼#
发布于:2008-11-22 18:58
不错,真的是吐血了
|
|
|
28楼#
发布于:2008-11-22 22:08
请问一下bluacat,您是如何判断您要加密的文件的?
|
|
|
29楼#
发布于:2008-11-24 09:35
恳请bluacat的回复
|
|
|
30楼#
发布于:2008-12-07 05:25
原理是这样,
实现方法很多种, 做到高效安全最费功夫. |
|
|
31楼#
发布于:2008-12-21 10:42
汗 ~ 自己都弄错了
|
|
|
32楼#
发布于:2009-04-08 09:26
文件过滤驱动透明加解密学习之!
|
|
|
33楼#
发布于:2010-02-07 20:05
不太懂。。。
|
|
|
34楼#
发布于:2010-05-20 21:13
学习啦!
 |
|
上一页
下一页