不能恢复明文是什么原因？

楼主^#

更多发布于：2010-04-22 15:16

运行该程序，对word进行加密，但重新启动后却无法恢复原文？麻烦高手给看看代码，哪里出错？
FLT_PREOP_CALLBACK_STATUS
PreRead(
   __inout PFLT_CALLBACK_DATA Data,
   __in PCFLT_RELATED_OBJECTS FltObjects,
   __deref_out_opt PVOID *CompletionContext
   )

{
   NTSTATUS status;
   FLT_PREOP_CALLBACK_STATUS FltStatus = FLT_PREOP_SUCCESS_NO_CALLBACK;

   PFLT_IO_PARAMETER_BLOCK iopb = Data->Iopb;
   ULONG readLen = iopb->Parameters.Read.Length;

   PVOID newBuf = NULL;
   PMDL newMdl = NULL;
   PPRE_2_POST_CONTEXT p2pCtx;

   PVOLUME_CONTEXT volCtx = NULL;
   PSTREAM_CONTEXT pStreamCtx = NULL ;

   try {
   status = FltGetVolumeContext( FltObjects->Filter, FltObjects->Volume, &volCtx );
   if (!NT_SUCCESS(status))
   return FltStatus ;

   status = Ctx_FindOrCreateStreamContext(Data,FltObjects,FALSE,&pStreamCtx,NULL) ;
   if (!NT_SUCCESS(status))
   __leave ;

   if (!Ps_IsCurrentProcessMonitored(pStreamCtx->FileName.Buffer,pStreamCtx->FileName.Length/sizeof(WCHAR), NULL, NULL))
   __leave ;

   //fast io path, disallow it, this will lead to an equivalent irp request coming in
   if (FLT_IS_FASTIO_OPERATION(Data))
   {
   FltStatus = FLT_PREOP_DISALLOW_FASTIO ;
   __leave ;
   }

   if (!(Data->Iopb->IrpFlags & (IRP_NOCACHE | IRP_PAGING_IO | IRP_SYNCHRONOUS_PAGING_IO)))
   {
   __leave ;
   }

   if (iopb->Parameters.Read.ByteOffset.QuadPart >= pStreamCtx->FileValidLength.QuadPart)
   {
   Data->IoStatus.Status = STATUS_END_OF_FILE;
   Data->IoStatus.Information = 0 ;
   FltStatus = FLT_PREOP_COMPLETE ;
   __leave ;
   }

   if (readLen == 0)
   __leave;

   if (FlagOn(IRP_NOCACHE,iopb->IrpFlags))
   {
   readLen = (ULONG)ROUND_TO_SIZE(readLen,volCtx->SectorSize);
   }

   newBuf = ExAllocatePoolWithTag( NonPagedPool, readLen,BUFFER_SWAP_TAG );
   if (newBuf == NULL)
   __leave;

   if (FlagOn(Data->Flags,FLTFL_CALLBACK_DATA_IRP_OPERATION))
   {
   newMdl = IoAllocateMdl( newBuf,readLen, FALSE,FALSE, NULL );
   if (newMdl == NULL)
   __leave;
   MmBuildMdlForNonPagedPool( newMdl );
   }

   p2pCtx = ExAllocateFromNPagedLookasideList( &Pre2PostContextList );
   if (p2pCtx == NULL)
   __leave;

   iopb->Parameters.Read.ReadBuffer = newBuf;
   iopb->Parameters.Read.MdlAddress = newMdl;
   FltSetCallbackDataDirty( Data );

   p2pCtx->SwappedBuffer = newBuf;
   p2pCtx->VolCtx = volCtx;
   p2pCtx->pStreamCtx = pStreamCtx ;
   *CompletionContext = p2pCtx;

   FltStatus = FLT_PREOP_SUCCESS_WITH_CALLBACK;

   } finally {

   if (FltStatus != FLT_PREOP_SUCCESS_WITH_CALLBACK)
   {
   if (newBuf != NULL)
   {
   ExFreePool( newBuf );
   }

   if (newMdl != NULL)
   {
   IoFreeMdl( newMdl );
   }

   if (volCtx != NULL)
   {
   FltReleaseContext( volCtx );
   }

   if (NULL != pStreamCtx)
   {
   FltReleaseContext(pStreamCtx) ;
   }
   }
   }
   return FltStatus;
}

FLT_POSTOP_CALLBACK_STATUS
PostRead(
   __inout PFLT_CALLBACK_DATA Data,
   __in PCFLT_RELATED_OBJECTS FltObjects,
   __in PVOID CompletionContext,
   __in FLT_POST_OPERATION_FLAGS Flags
   )

{
   NTSTATUS status = STATUS_SUCCESS ;
   FLT_POSTOP_CALLBACK_STATUS FltStatus = FLT_POSTOP_FINISHED_PROCESSING;
   PFLT_IO_PARAMETER_BLOCK iopb = Data->Iopb;

   PVOID origBuf;
   PPRE_2_POST_CONTEXT p2pCtx = CompletionContext;
   BOOLEAN cleanupAllocatedBuffer = TRUE;

   KIRQL OldIrql ;

   ASSERT(!FlagOn(Flags, FLTFL_POST_OPERATION_DRAINING));

   try {
   if (!NT_SUCCESS(Data->IoStatus.Status) || (Data->IoStatus.Information == 0))
   leave;

   if (iopb->Parameters.Read.MdlAddress != NULL)
   {
   origBuf = MmGetSystemAddressForMdlSafe( iopb->Parameters.Read.MdlAddress, NormalPagePriority );
   if (origBuf == NULL)
   {
   Data->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
   Data->IoStatus.Information = 0;
   leave;
   }

   }
   else if (FlagOn(Data->Flags,FLTFL_CALLBACK_DATA_SYSTEM_BUFFER) ||FlagOn(Data->Flags,FLTFL_CALLBACK_DATA_FAST_IO_OPERATION))
   {
   origBuf = iopb->Parameters.Read.ReadBuffer;
   }
   else
   {
   if (FltDoCompletionProcessingWhenSafe( Data,
   FltObjects,
   CompletionContext,
   Flags,
   PostReadWhenSafe,
   &FltStatus ))
   {

   cleanupAllocatedBuffer = FALSE;
   }
   else
   {
   Data->IoStatus.Status = STATUS_UNSUCCESSFUL;
   Data->IoStatus.Information = 0;
   }
   leave;
   }

   try {
   do{

   if (p2pCtx->pStreamCtx->bIsFileCrypt || p2pCtx->pStreamCtx->bDecryptOnRead)
   {
   if (p2pCtx->pStreamCtx->FileValidLength.QuadPart < (Data->Iopb->Parameters.Read.ByteOffset.QuadPart + Data->IoStatus.Information))
   {
   Data->IoStatus.Information = (ULONG)(p2pCtx->pStreamCtx->FileValidLength.QuadPart - Data->Iopb->Parameters.Read.ByteOffset.QuadPart) ;
   FltSetCallbackDataDirty(Data) ;
   }

   KeEnterCriticalRegion() ;
   KeLeaveCriticalRegion() ;
   }

   }while(FALSE) ;

   RtlCopyMemory( origBuf,
   p2pCtx->SwappedBuffer, // data need to be decrypted
   Data->IoStatus.Information );

   } except (EXCEPTION_EXECUTE_HANDLER) {

   Data->IoStatus.Status = GetExceptionCode();
   Data->IoStatus.Information = 0;
   }

   } finally {

   if (cleanupAllocatedBuffer)
   {
   ExFreePool( p2pCtx->SwappedBuffer );
   FltReleaseContext( p2pCtx->VolCtx );
   FltReleaseContext( p2pCtx->pStreamCtx) ;
   ExFreeToNPagedLookasideList( &Pre2PostContextList, p2pCtx );
   }
   }

   return FltStatus;
}

FLT_POSTOP_CALLBACK_STATUS
PostReadWhenSafe (
   __inout PFLT_CALLBACK_DATA Data,
   __in PCFLT_RELATED_OBJECTS FltObjects,
   __in PVOID CompletionContext,
   __in FLT_POST_OPERATION_FLAGS Flags
   )

{
   PFLT_IO_PARAMETER_BLOCK iopb = Data->Iopb;
   PPRE_2_POST_CONTEXT p2pCtx = CompletionContext;
   PVOID origBuf;
   NTSTATUS status;

   KIRQL OldIrql ;

   UNREFERENCED_PARAMETER( FltObjects );
   UNREFERENCED_PARAMETER( Flags );
   ASSERT(Data->IoStatus.Information != 0);

   status = FltLockUserBuffer( Data );

   if (!NT_SUCCESS(status))
   {
   Data->IoStatus.Status = status;
   Data->IoStatus.Information = 0;

   }
   else
{
   origBuf = MmGetSystemAddressForMdlSafe( iopb->Parameters.Read.MdlAddress,
   NormalPagePriority );
   if (origBuf == NULL)
   {
   Data->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
   Data->IoStatus.Information = 0;
   }
   else
   {
   do{

   if (p2pCtx->pStreamCtx->bIsFileCrypt || p2pCtx->pStreamCtx->bDecryptOnRead)
   {
   if (p2pCtx->pStreamCtx->FileValidLength.QuadPart < (Data->Iopb->Parameters.Read.ByteOffset.QuadPart + Data->IoStatus.Information))
   {
   Data->IoStatus.Information = (ULONG)(p2pCtx->pStreamCtx->FileValidLength.QuadPart - Data->Iopb->Parameters.Read.ByteOffset.QuadPart) ;
   FltSetCallbackDataDirty(Data) ;
   }

   KeEnterCriticalRegion() ;
   ///}
   KeLeaveCriticalRegion() ;
   }

   }while(FALSE) ;

   RtlCopyMemory( origBuf,p2pCtx->SwappedBuffer,Data->IoStatus.Information );
   }
   }

   ExFreePool( p2pCtx->SwappedBuffer );
   FltReleaseContext( p2pCtx->VolCtx );
   FltReleaseContext(p2pCtx->pStreamCtx) ;

   ExFreeToNPagedLookasideList( &Pre2PostContextList,
   p2pCtx );

   return FLT_POSTOP_FINISHED_PROCESSING;
}

喜欢0

Pegram

论坛版主

注册日期2005-12-03
最后登录2013-08-23
粉丝13
关注5
积分1333分
威望4717点
贡献值1点
好评度78点
原创分0分
专家分2分

加关注写私信

沙发^#

发布于：2010-04-26 22:20

自己调过吗？有啥发现？

《寒江独钓》与《竹林蹊径》的合作作者。精通USB开发，设计了CY001 USB驱动套件（http://bbs.driverdevelop.com/read.php?tid-119314.html）。

回复喜欢

chenguanghuaxue 驱动牛犊注册日期2009-02-20 最后登录2011-01-21 粉丝2 关注5 积分15分威望151点贡献值0点好评度0点原创分0分专家分0分加关注写私信	板凳^# 发布于：2010-12-17 13:17 楼上的问题解决了吗？我也遇到同样的问题，就是前面的字节能够解密，但文件过大时，就会出现没有解密的问题。如果有什么新发现，告诉小弟一声
	回复(0) 喜欢(0)

您需要登录后才可以回帖，登录或者注册

不能恢复明文是什么原因？

最新喜欢：