|
阅读:1780回复:0
請教關於SMBMRX的讀寫透明加密
最近在學習網絡文件系統SMBMRX的代碼,想在讀寫時對數據進行操作,比如取反,不過不知道應該在MRxSmbRead/Write()這2個函數的哪裡添加數據取反代碼
我自己寫的代碼如下,不過向遠程共享文件夾裏copy文件的時候會藍屏。。。我沒用取反,用的是write時字節+1、read時字節-1 NTSTATUS
MRxSmbRead(
IN PRX_CONTEXT RxContext
)
/*++
Routine Description:
This routine handles network read requests.
Arguments:
RxContext - the RDBSS context
Return Value:
NTSTATUS - The return status for the operation
--*/
{
NTSTATUS Status = STATUS_SUCCESS;
RxCaptureFcb;
RxCaptureFobx;
PMRX_SMB_FCB smbFcb = MRxSmbGetFcbExtension(capFcb);
PMRX_SRV_OPEN SrvOpen = capFobx->pSrvOpen;
PMRX_SMB_SRV_OPEN smbSrvOpen = MRxSmbGetSrvOpenExtension(SrvOpen);
PMRX_V_NET_ROOT VNetRootToUse = capFobx->pSrvOpen->pVNetRoot;
PSMB_PSE_ORDINARY_EXCHANGE OrdinaryExchange;
KdPrint(("Hacking %s\n", __FUNCTION__));
PAGED_CODE();
//RxDbgTrace(+1, Dbg, ("MRxSmbRead\n", 0 ));
ASSERT( NodeType(capFobx->pSrvOpen) == RDBSS_NTC_SRVOPEN );
do {
Status = __SmbPseCreateOrdinaryExchange(
RxContext,
VNetRootToUse,
SMBPSE_OE_FROM_READ,
SmbPseExchangeStart_Read,
&OrdinaryExchange );
KdPrint(("%s 1\n", __FUNCTION__));
if (Status != STATUS_SUCCESS) {
KdPrint(("Couldn't get the smb buf!\n"));
return Status;
}
OrdinaryExchange->pSmbCeSynchronizationEvent = &RxContext->SyncEvent;
Status = SmbPseInitiateOrdinaryExchange(OrdinaryExchange);
if (Status != STATUS_PENDING) {
BOOLEAN FinalizationComplete;
KdPrint(("%s 2\n", __FUNCTION__));
FinalizationComplete = SmbPseFinalizeOrdinaryExchange(OrdinaryExchange);
ASSERT(FinalizationComplete);
}
if ((Status == STATUS_RETRY) &&
BooleanFlagOn(RxContext->Flags,RX_CONTEXT_FLAG_ASYNC_OPERATION)) {
KdPrint(("%s 3\n", __FUNCTION__));
MRxSmbResumeAsyncReadWriteRequests(RxContext);
Status = STATUS_PENDING;
}
} while (Status == STATUS_RETRY);
// some change to buffer, added by me
{
PVOID newbuff = NULL;
PUCHAR tempbuff = NULL;
LONGLONG index = 0;
PLOWIO_CONTEXT LowIoContext = &RxContext->LowIoContext;
ULONG readlen = LowIoContext->ParamsFor.ReadWrite.ByteCount;
LONGLONG offset = LowIoContext->ParamsFor.ReadWrite.ByteOffset;
newbuff = ExAllocatePoolWithTag(NonPagedPool, readlen, BUFFER_SWAP_TAG);
if (newbuff == NULL) {
KdPrint(("%s: Failed to allocate %d bytes of memory\n",
__FUNCTION__, readlen));
Status = STATUS_NOT_SUPPORTED;
return Status;
}
RtlCopyMemory(newbuff, (PVOID)(LowIoContext->ParamsFor.ReadWrite.Buffer), readlen);
tempbuff = (PUCHAR)newbuff + offset;
for(index = offset; index < readlen; index++)
{
(*tempbuff) = (*tempbuff) - 1;
tempbuff++;
}
LowIoContext->ParamsFor.ReadWrite.Buffer = (PMDL)newbuff;
ExFreePoolWithTag(newbuff, BUFFER_SWAP_TAG);
newbuff = NULL;
tempbuff = NULL;
}
// end of change to buffer
RxDbgTrace(-1, Dbg, ("MRxSmbRead exit with status=%08lx\n", Status ));
return(Status);
} // MRxSmbReadNTSTATUS
MRxSmbWrite (
IN PRX_CONTEXT RxContext)
/*++
Routine Description:
This routine opens a file across the network.
Arguments:
RxContext - the RDBSS context
Return Value:
NTSTATUS - The return status for the operation
--*/
{
NTSTATUS Status = STATUS_SUCCESS;
RxCaptureFcb;
RxCaptureFobx;
PMRX_SRV_OPEN SrvOpen;
PMRX_SMB_SRV_OPEN smbSrvOpen;
PSMB_PSE_ORDINARY_EXCHANGE OrdinaryExchange;
PLOWIO_CONTEXT LowIoContext = &RxContext->LowIoContext;
KdPrint(("Hacking %s\n", __FUNCTION__));
KdPrint(("%s length = %lld, buffer = 0x%X\n",
__FUNCTION__,
LowIoContext->ParamsFor.ReadWrite.ByteCount,
LowIoContext->ParamsFor.ReadWrite.Buffer));
PAGED_CODE();
//RxDbgTrace(+1, Dbg, ("MRxSmbWrite\n", 0 ));
if (RxContext->pFcb->pNetRoot->Type == NET_ROOT_PIPE) {
Status = STATUS_NOT_SUPPORTED;
KdPrint(("MRxSmbWrite: Pipe write returned %lx\n",Status));
return Status;
}
if ( NodeType(capFcb) == RDBSS_NTC_MAILSLOT ) {
Status = STATUS_NOT_SUPPORTED;
KdPrint(("MRxSmbWrite: Mailslot write returned %lx\n",Status));
return Status;
}
if(NodeType(capFcb) == RDBSS_NTC_STORAGE_TYPE_FILE) {
PMRX_SMB_FCB smbFcb = MRxSmbGetFcbExtension(capFcb);
KdPrint(("%s 1\n", __FUNCTION__));
smbFcb->MFlags |= SMB_FCB_FLAG_WRITES_PERFORMED;
}
ASSERT( NodeType(capFobx->pSrvOpen) == RDBSS_NTC_SRVOPEN );
SrvOpen = capFobx->pSrvOpen;
smbSrvOpen = MRxSmbGetSrvOpenExtension(SrvOpen);
if (smbSrvOpen->OplockLevel == SMB_OPLOCK_LEVEL_II &&
!BooleanFlagOn(LowIoContext->ParamsFor.ReadWrite.Flags,
LOWIO_READWRITEFLAG_PAGING_IO)) {
PSMBCE_V_NET_ROOT_CONTEXT pVNetRootContext;
PMRX_SRV_CALL pSrvCall;
pVNetRootContext = (PSMBCE_V_NET_ROOT_CONTEXT)SrvOpen->pVNetRoot->Context;
pSrvCall = SrvOpen->pVNetRoot->pNetRoot->pSrvCall;
RxIndicateChangeOfBufferingStateForSrvOpen(
pSrvCall,
SrvOpen,
MRxSmbMakeSrvOpenKey(pVNetRootContext->TreeId,smbSrvOpen->Fid),
ULongToPtr(SMB_OPLOCK_LEVEL_NONE));
KdPrint(("Breaking oplock to None in Write SO %lx\n",SrvOpen));
}
do {
Status = __SmbPseCreateOrdinaryExchange(
RxContext,
capFobx->pSrvOpen->pVNetRoot,
SMBPSE_OE_FROM_WRITE,
SmbPseExchangeStart_Write,
&OrdinaryExchange);
KdPrint(("%s 2\n", __FUNCTION__));
if (Status != STATUS_SUCCESS) {
RxDbgTrace(-1, Dbg, ("Couldn't get the smb buf!\n"));
return Status;
}
Status = SmbPseInitiateOrdinaryExchange(OrdinaryExchange);
if ( Status != STATUS_PENDING ) {
BOOLEAN FinalizationComplete = SmbPseFinalizeOrdinaryExchange(OrdinaryExchange);
KdPrint(("%s 3\n", __FUNCTION__));
ASSERT( FinalizationComplete );
} else {
KdPrint(("%s 4\n", __FUNCTION__));
ASSERT(BooleanFlagOn(RxContext->Flags,RX_CONTEXT_FLAG_ASYNC_OPERATION));
}
if ((Status == STATUS_RETRY) &&
BooleanFlagOn(RxContext->Flags,RX_CONTEXT_FLAG_ASYNC_OPERATION)) {
KdPrint(("%s 5\n", __FUNCTION__));
MRxSmbResumeAsyncReadWriteRequests(RxContext);
Status = STATUS_PENDING;
}
} while (Status == STATUS_RETRY);
// some change to buffer
{
PVOID newbuff = NULL;
PUCHAR tempbuff = NULL;
LONGLONG index = 0;
ULONG writelen = LowIoContext->ParamsFor.ReadWrite.ByteCount;
LONGLONG offset = LowIoContext->ParamsFor.ReadWrite.ByteOffset;
newbuff = ExAllocatePoolWithTag(NonPagedPool, writelen, BUFFER_SWAP_TAG);
if (newbuff == NULL) {
KdPrint(("%s: Failed to allocate %d bytes of memory\n",
__FUNCTION__, writelen));
Status = STATUS_NOT_SUPPORTED;
return Status;
}
RtlCopyMemory(newbuff, (PVOID)(LowIoContext->ParamsFor.ReadWrite.Buffer), writelen);
tempbuff = (PUCHAR)newbuff + offset;
for(index = offset; index < writelen; index++)
{
(*tempbuff) = (*tempbuff) + 1;
tempbuff++;
}
LowIoContext->ParamsFor.ReadWrite.Buffer = (PMDL)newbuff;
ExFreePoolWithTag(newbuff, BUFFER_SWAP_TAG);
newbuff = NULL;
tempbuff = NULL;
}
// end of change to buffer
KdPrint(("MRxSmbWrite exit with status = %08lx\n", Status));
return(Status);
} // MRxSmbWrite |
|
