|
阅读:1378回复:5
文件映射的疑问
如果一个文件已经被映射到内存了
我还能在我的程序中用ZWCreateFile打开进行读写操作吗 |
|
|
沙发#
发布于:2007-03-29 16:24
可以!
|
|
|
|
板凳#
发布于:2007-03-29 16:57
在hookcreatesection里面
用IOworkqueue的方式调用了一下这个函数 会出现KERNEL_STACK_INPAGE_ERROR的错误,是为什么呢? void GetCheckSum(PGETCHECKSUMDATA Data) { HANDLE hFileHandle = NULL; NTSTATUS ntStatus; IO_STATUS_BLOCK IoStatus; PCHAR pbData=NULL; DWORD nFileLen=0; DWORD ntemLen =0; DWORD ReadFileLen = 4*1024; FILE_STANDARD_INFORMATION StandardFileInfo; DWORD i = 0; LARGE_INTEGER Byteoffset; ntStatus = ObOpenObjectByPointer(Data->pFileObject, OBJ_KERNEL_HANDLE, NULL, SYNCHRONIZE|GENERIC_READ, *IoFileObjectType, KernelMode, &hFileHandle); if(!NT_SUCCESS(ntStatus)) { KdPrint(("ProcessCheckSum: ObOpenObjectByPointer Failed! Error Code: %x\n", ntStatus)); Data->CheckSum = 0; KeSetEvent(&(Data->event), IO_NO_INCREMENT, FALSE); return; } pbData=(PCHAR)ExAllocatePool(NonPagedPool, ReadFileLen); if (pbData==NULL) { //zz KdPrint(("ProcessCheckSum: ExAllocatePool failed!\n")); ZwClose(hFileHandle); Data->CheckSum = 0; KeSetEvent(&(Data->event), IO_NO_INCREMENT, FALSE); return; } RtlZeroMemory(pbData,ReadFileLen); do { ntStatus=ZwReadFile(hFileHandle, NULL, NULL, NULL, &IoStatus, (PVOID)pbData, ReadFileLen, NULL, NULL); if(ntStatus != STATUS_SUCCESS) { //zz KdPrint(("ProcessCheckSum: ZwReadFile %s Failed\n", pFile)); ZwClose(hFileHandle); ExFreePool(pbData); Data->CheckSum = 0; KeSetEvent(&(Data->event), IO_NO_INCREMENT, FALSE); return; } CheckSum(&(Data->CheckSum),pbData,ReadFileLen); // }while (IoStatus.Information != STATUS_END_OF_FILE); ZwClose(hFileHandle); ExFreePool(pbData); KeSetEvent(&(Data->event), IO_NO_INCREMENT, FALSE); return; } |
|
|
地板#
发布于:2007-03-29 17:01
忘记了.好像.可以.
|
|
|
|
地下室#
发布于:2007-04-10 16:47
可能是文件读写属性设置不一致
|
|
|
5楼#
发布于:2007-04-11 08:01
既然有了FILE_OBJECT就直接IRP操作吧,再转换成HANDLE就存在权限问题
|
|
|
