|
阅读:1863回复:5
关于文件加密标识
根据devia 的提示,我试了试隐藏文件头的方法,结果用记事本打开时,总是提示"存储空间不足,无法处理此命令",但是用写字板就没问题.
虽然说原因可能是因为记事本和写字板的处理方式不同(记事本用文件映射方法),但是我觉得关键还是没有把文件长度给修改好.目前,我修改文件长度的入口有, IRP_MJ_QUERYINFORMATION, IRP_MJ_DIRECTORY_CONTROL和FastIoQueryStandardInformation.不知道是否还有遗露. |
|
|
沙发#
发布于:2008-01-07 10:34
你跟一下,看是不是query的irp里在Iocalldriver之后返回的状态码是STATUS_BUFFER_OVERFLOW?? 我的也是这个问题,后来我把这个错误屏蔽了下,结果好了,但是还没有最终解决这个问题。。。
|
|
|
板凳#
发布于:2008-01-08 00:35
没错,我跟了一下是这个错误.你说的屏蔽是什么意思,直接以SUCCESS返回吗?
|
|
|
地板#
发布于:2008-01-08 09:10
呵呵,就是当你Success的时候做什么处理,现在依然做什么处理,权宜之计,呵呵。。。。
我把if(NT_SUCCESS(status))改成了if(NT_STATUS(status) || status == STATUS_BUFFER_OVERFLOW)。。。还在查原因,,,这个改法很戳的,,  |
|
|
地下室#
发布于:2008-01-08 11:19
记事本以文件映射方式打开,下面是网上找到的资料,关于打开映像文件的,其中就有STATUS_BUFFER_OVER的错误返回。
HANDLE APIENTRY CreateFileMappingW( HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCWSTR lpName ) { HANDLE Section; NTSTATUS Status; LARGE_INTEGER SectionSizeData; PLARGE_INTEGER SectionSize; OBJECT_ATTRIBUTES Obja; POBJECT_ATTRIBUTES pObja; ACCESS_MASK DesiredAccess; UNICODE_STRING ObjectName; ULONG AllocationAttributes; PWCHAR pstrNewObjName = NULL; DesiredAccess = STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ; AllocationAttributes = flProtect & (SEC_FILE | SEC_IMAGE | SEC_RESERVE | SEC_COMMIT | SEC_NOCACHE); flProtect ^= AllocationAttributes; if (AllocationAttributes == 0) { AllocationAttributes = SEC_COMMIT; } if ( flProtect == PAGE_READWRITE ) { DesiredAccess |= (SECTION_MAP_READ | SECTION_MAP_WRITE); } else if ( flProtect != PAGE_READONLY && flProtect != PAGE_WRITECOPY ) { SetLastError(ERROR_INVALID_PARAMETER); return NULL; } if ( ARGUMENT_PRESENT(lpName) ) { if (gpTermsrvFormatObjectName && (pstrNewObjName = gpTermsrvFormatObjectName(lpName))) { RtlInitUnicodeString(&ObjectName,pstrNewObjName); } else { RtlInitUnicodeString(&ObjectName,lpName); } pObja = BaseFormatObjectAttributes(&Obja,lpFileMappingAttributes,&ObjectName); } else { pObja = BaseFormatObjectAttributes(&Obja,lpFileMappingAttributes,NULL); } if ( dwMaximumSizeLow || dwMaximumSizeHigh ) { SectionSize = &SectionSizeData; SectionSize->LowPart = dwMaximumSizeLow; SectionSize->HighPart = dwMaximumSizeHigh; } else { SectionSize = NULL; } if (hFile == INVALID_HANDLE_VALUE) { hFile = NULL; if ( !SectionSize ) { SetLastError(ERROR_INVALID_PARAMETER); if (pstrNewObjName) { RtlFreeHeap(RtlProcessHeap(), 0, pstrNewObjName); } return NULL; } } Status = NtCreateSection( &Section, DesiredAccess, pObja, SectionSize, flProtect, AllocationAttributes, hFile ); if (pstrNewObjName) { RtlFreeHeap(RtlProcessHeap(), 0, pstrNewObjName); } if ( !NT_SUCCESS(Status) ) { BaseSetLastNTError(Status); return Section = NULL; } else { if ( Status == STATUS_OBJECT_NAME_EXISTS ) { SetLastError(ERROR_ALREADY_EXISTS); } else { SetLastError(0); } } return Section; } HANDLE APIENTRY OpenFileMappingA( DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName ) { PUNICODE_STRING Unicode; ANSI_STRING AnsiString; NTSTATUS Status; if ( ARGUMENT_PRESENT(lpName) ) { Unicode = &NtCurrentTeb()->StaticUnicodeString; RtlInitAnsiString(&AnsiString,lpName); Status = RtlAnsiStringToUnicodeString(Unicode,&AnsiString,FALSE); if ( !NT_SUCCESS(Status) ) { if ( Status == STATUS_BUFFER_OVERFLOW ) { SetLastError(ERROR_FILENAME_EXCED_RANGE); } else { BaseSetLastNTError(Status); } return NULL; } } else { BaseSetLastNTError(STATUS_INVALID_PARAMETER); return NULL; } return OpenFileMappingW( dwDesiredAccess, bInheritHandle, (LPCWSTR)Unicode->Buffer ); } |
|
|
5楼#
发布于:2008-04-15 16:20
这个问题有人解决了吗,
提示一下思路,谢谢! |
|
|