minifilter 读写错误，请教高手

楼主^#

更多发布于：2010-05-16 15:40

根据WDK中的例子SwapBuffers修改的，加密头在IRP_MJ_CREATE中写入文件的头部，我在读写中都修改拉偏移量，为什么读的时候还是把加密头读出来的，写保存后加密头被覆盖拉，文件变成没有标识，麻烦高手帮我看看，为什么隐藏不了加密头的，读写代码如下：
FLT_PREOP_CALLBACK_STATUS
SwapPreReadBuffers(
   __inout PFLT_CALLBACK_DATA Data,
   __in PCFLT_RELATED_OBJECTS FltObjects,
   __deref_out_opt PVOID *CompletionContext
   )
{
   PFILE_OBJECT file;
   PFile_node node;
   PFLT_IO_PARAMETER_BLOCK iopb = Data->Iopb;
   FLT_PREOP_CALLBACK_STATUS retValue = FLT_PREOP_SUCCESS_NO_CALLBACK;
   PVOID newBuf = NULL;
   PMDL newMdl = NULL;
   PVOLUME_CONTEXT volCtx = NULL;
   PPRE_2_POST_CONTEXT p2pCtx;
   NTSTATUS status;
   BOOLEAN istag;
   ULONG readLen = iopb->Parameters.Read.Length;
   PLARGE_INTEGER offset = &Data->Iopb->Parameters.Read.ByteOffset;
   file=iopb->TargetFileObject;
   istag=NPIsCurProcSec();
   try {
   if (readLen == 0) {
   leave;
   }
   if(!istag)
   {
   leave;
   }
   //检查是否已经在加密表中
   AddLock();
   node=NPIsFileNeedCrypt(file);
   ReleaseLock();
   if(node==NULL)
   leave;
   if (!FlagOn((IRP_PAGING_IO |IRP_SYNCHRONOUS_PAGING_IO|IRP_NOCACHE),iopb->IrpFlags))
   {
   DbgPrint(" 缓存读 ");
   leave;
   }
   //增加读的偏移量
   offset->QuadPart += CF_FILE_HEADER_SIZE;
   status = FltGetVolumeContext( FltObjects->Filter,
   FltObjects->Volume,
   &volCtx );
   if (!NT_SUCCESS(status)) {
   leave;
   }
   if (FlagOn(IRP_NOCACHE,iopb->IrpFlags)) {
   readLen = (ULONG)ROUND_TO_SIZE(readLen,volCtx->SectorSize);
   }
   newBuf = ExAllocatePoolWithTag( NonPagedPool,
   readLen,
   BUFFER_SWAP_TAG );
   if (newBuf == NULL)
   {
   leave;
   }
   if (FlagOn(Data->Flags,FLTFL_CALLBACK_DATA_IRP_OPERATION))
   {
   newMdl = IoAllocateMdl( newBuf,
   readLen,
   FALSE,
   FALSE,
   NULL );
   if (newMdl == NULL) {

   leave;
   }
   MmBuildMdlForNonPagedPool( newMdl );
   }
   p2pCtx = ExAllocateFromNPagedLookasideList( &Pre2PostContextList );
   if (p2pCtx == NULL) {
   leave;
   }
   iopb->Parameters.Read.ReadBuffer = newBuf;
   iopb->Parameters.Read.MdlAddress = newMdl;
   FltSetCallbackDataDirty( Data );
   p2pCtx->SwappedBuffer = newBuf;
   p2pCtx->VolCtx = volCtx;
   *CompletionContext = p2pCtx;
   retValue = FLT_PREOP_SUCCESS_WITH_CALLBACK;
   } finally {
   if (retValue != FLT_PREOP_SUCCESS_WITH_CALLBACK) {
   if (newBuf != NULL) {
   ExFreePool( newBuf );
   }
   if (newMdl != NULL) {
   IoFreeMdl( newMdl );
   }
   if (volCtx != NULL) {
   FltReleaseContext( volCtx );
   }
   }
   }
   return retValue;
}
FLT_POSTOP_CALLBACK_STATUS
SwapPostReadBuffers(
   __inout PFLT_CALLBACK_DATA Data,
   __in PCFLT_RELATED_OBJECTS FltObjects,
   __in PVOID CompletionContext,
   __in FLT_POST_OPERATION_FLAGS Flags
   )
{
   PVOID origBuf;
   PFLT_IO_PARAMETER_BLOCK iopb = Data->Iopb;
   FLT_POSTOP_CALLBACK_STATUS retValue = FLT_POSTOP_FINISHED_PROCESSING;
   PPRE_2_POST_CONTEXT p2pCtx = CompletionContext;
   BOOLEAN cleanupAllocatedBuffer = TRUE;
   // This system won't draining an operation with swapped buffers, verify
   // the draining flag is not set.
   ASSERT(!FlagOn(Flags, FLTFL_POST_OPERATION_DRAINING));
   try {
   if (!NT_SUCCESS(Data->IoStatus.Status) ||
   (Data->IoStatus.Information == 0)) {
   leave;
   }
   if (iopb->Parameters.Read.MdlAddress != NULL) {
   origBuf = MmGetSystemAddressForMdlSafe( iopb->Parameters.Read.MdlAddress,
   NormalPagePriority );
   if (origBuf == NULL) {
   Data->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
   Data->IoStatus.Information = 0;
   leave;
   }
   } else if (FlagOn(Data->Flags,FLTFL_CALLBACK_DATA_SYSTEM_BUFFER) ||
   FlagOn(Data->Flags,FLTFL_CALLBACK_DATA_FAST_IO_OPERATION)) {
   // If this is a system buffer, just use the given address because
   // it is valid in all thread contexts.
   // If this is a FASTIO operation, we can just use the
   // buffer (inside a try/except) since we know we are in
   // the correct thread context (you can't pend FASTIO's).
   origBuf = iopb->Parameters.Read.ReadBuffer;
   } else {
   // They don't have a MDL and this is not a system buffer
   // or a fastio so this is probably some arbitrary user
   // buffer. We can not do the processing at DPC level so
   // try and get to a safe IRQL so we can do the processing.
   if (FltDoCompletionProcessingWhenSafe( Data,
   FltObjects,
   CompletionContext,
   Flags,
   SwapPostReadBuffersWhenSafe,
   &retValue )) {
   // This operation has been moved to a safe IRQL, the called
   // routine will do (or has done) the freeing so don't do it
   // in our routine.
   cleanupAllocatedBuffer = FALSE;
   } else {
   // We are in a state where we can not get to a safe IRQL and
   // we do not have a MDL. There is nothing we can do to safely
   // copy the data back to the users buffer, fail the operation
   // and return. This shouldn't ever happen because in those
   // situations where it is not safe to post, we should have
   // a MDL.
   Data->IoStatus.Status = STATUS_UNSUCCESSFUL;
   Data->IoStatus.Information = 0;
   }
   leave;
   }
   // We either have a system buffer or this is a fastio operation
   // so we are in the proper context. Copy the data handling an
   // exception.
   //
   try {
   RtlCopyMemory( origBuf,
   p2pCtx->SwappedBuffer,
   Data->IoStatus.Information );
   } except (EXCEPTION_EXECUTE_HANDLER) {
   Data->IoStatus.Status = GetExceptionCode();
   Data->IoStatus.Information = 0;
   }
   } finally {
   // If we are supposed to, cleanup the allocated memory and release
   // the volume context. The freeing of the MDL (if there is one) is
   // handled by FltMgr.
   if (cleanupAllocatedBuffer) {
   ExFreePool( p2pCtx->SwappedBuffer );
   FltReleaseContext( p2pCtx->VolCtx );
   ExFreeToNPagedLookasideList( &Pre2PostContextList,
   p2pCtx );
   }
   }
   return retValue;
}
FLT_POSTOP_CALLBACK_STATUS
SwapPostReadBuffersWhenSafe (
   __inout PFLT_CALLBACK_DATA Data,
   __in PCFLT_RELATED_OBJECTS FltObjects,
   __in PVOID CompletionContext,
   __in FLT_POST_OPERATION_FLAGS Flags
   )
{
   PFLT_IO_PARAMETER_BLOCK iopb = Data->Iopb;
   PPRE_2_POST_CONTEXT p2pCtx = CompletionContext;
   PVOID origBuf;
   NTSTATUS status;
   UNREFERENCED_PARAMETER( FltObjects );
   UNREFERENCED_PARAMETER( Flags );
   ASSERT(Data->IoStatus.Information != 0);
   // This is some sort of user buffer without a MDL, lock the user buffer
   // so we can access it. This will create a MDL for it.
   status = FltLockUserBuffer( Data );
   if (!NT_SUCCESS(status)) {
   Data->IoStatus.Status = status;
   Data->IoStatus.Information = 0;
   } else {
   // Get a system address for this buffer.
   origBuf = MmGetSystemAddressForMdlSafe( iopb->Parameters.Read.MdlAddress,
   NormalPagePriority );
   if (origBuf == NULL) {
   // If we couldn't get a SYSTEM buffer address, fail the operation
   Data->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
   Data->IoStatus.Information = 0;
   } else {
   //
   // Copy the data back to the original buffer. Note that we
   // don't need a try/except because we will always have a system
   // buffer address
   RtlCopyMemory( origBuf,
   p2pCtx->SwappedBuffer,
   Data->IoStatus.Information );
   }
   }
   ExFreePool( p2pCtx->SwappedBuffer );
   FltReleaseContext( p2pCtx->VolCtx );
   ExFreeToNPagedLookasideList( &Pre2PostContextList,
   p2pCtx );
   return FLT_POSTOP_FINISHED_PROCESSING;
}
FLT_PREOP_CALLBACK_STATUS
SwapPreWriteBuffers(
   __inout PFLT_CALLBACK_DATA Data,
   __in PCFLT_RELATED_OBJECTS FltObjects,
   __deref_out_opt PVOID *CompletionContext
   )
{
   PFILE_OBJECT file;
   PFLT_IO_PARAMETER_BLOCK iopb = Data->Iopb;
   FLT_PREOP_CALLBACK_STATUS retValue = FLT_PREOP_SUCCESS_NO_CALLBACK;
   PVOID newBuf = NULL;
   PMDL newMdl = NULL;
   PVOLUME_CONTEXT volCtx = NULL;
   PPRE_2_POST_CONTEXT p2pCtx;
   PVOID origBuf;
   NTSTATUS status;
   LARGE_INTEGER filesize,newsize;
   PFile_node node;
   BOOLEAN istag;
   ULONG writeLen = iopb->Parameters.Write.Length;
   PLARGE_INTEGER offset = &Data->Iopb->Parameters.Write.ByteOffset;
   file=iopb->TargetFileObject ;
   istag=NPIsCurProcSec();
   try {
   if (writeLen == 0)
   {
   leave;
   }
   //检查是否已经在加密表中
   AddLock();
   node=NPIsFileNeedCrypt(file);
   ReleaseLock();
   if(node==NULL)
   {
   leave;
   }
   if(istag==TRUE)
   {
   offset->QuadPart += CF_FILE_HEADER_SIZE;
   }
   if (!FlagOn((IRP_PAGING_IO |IRP_SYNCHRONOUS_PAGING_IO|IRP_NOCACHE),iopb->IrpFlags))
   {
   File_GetFileSize(Data, FltObjects, &filesize) ;
   if (offset->QuadPart + iopb->Parameters.Write.Length> filesize.QuadPart)
   {
   newsize.QuadPart = offset->QuadPart + iopb->Parameters.Write.Length;
   File_SetFileSize(Data, FltObjects,&newsize);
   }
   NPFileCacheClear(file);
   DbgPrint("缓存写");
   leave;
   }
   status = FltGetVolumeContext( FltObjects->Filter,
   FltObjects->Volume,
   &volCtx );
   if (!NT_SUCCESS(status)) {
   leave;
   }
   if (FlagOn(IRP_NOCACHE,iopb->IrpFlags)) {
   writeLen = (ULONG)ROUND_TO_SIZE(writeLen,volCtx->SectorSize);
   }
   newBuf = ExAllocatePoolWithTag( NonPagedPool,
   writeLen,
   BUFFER_SWAP_TAG );
   if (newBuf == NULL) {
   leave;
   }
   if (FlagOn(Data->Flags,FLTFL_CALLBACK_DATA_IRP_OPERATION)) {
   newMdl = IoAllocateMdl( newBuf,
   writeLen,
   FALSE,
   FALSE,
   NULL );
   if (newMdl == NULL)
   {
   leave;
   }
   MmBuildMdlForNonPagedPool( newMdl );
   }
   if (iopb->Parameters.Write.MdlAddress != NULL) {
   origBuf = MmGetSystemAddressForMdlSafe( iopb->Parameters.Write.MdlAddress,
   NormalPagePriority );
   if (origBuf == NULL) {
   Data->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
   Data->IoStatus.Information = 0;
   retValue = FLT_PREOP_COMPLETE;
   leave;
   }
   } else {
   origBuf = iopb->Parameters.Write.WriteBuffer;
   }
   try {
   RtlCopyMemory( newBuf,
   origBuf,
   writeLen );
   } except (EXCEPTION_EXECUTE_HANDLER) {
   Data->IoStatus.Status = GetExceptionCode();
   Data->IoStatus.Information = 0;
   retValue = FLT_PREOP_COMPLETE;
   leave;
   }
   p2pCtx = ExAllocateFromNPagedLookasideList( &Pre2PostContextList );
   if (p2pCtx == NULL) {
   leave;
   }
   iopb->Parameters.Write.WriteBuffer = newBuf;
   iopb->Parameters.Write.MdlAddress = newMdl;
   FltSetCallbackDataDirty( Data );
   p2pCtx->SwappedBuffer = newBuf;
   p2pCtx->VolCtx = volCtx;
   *CompletionContext = p2pCtx;
   retValue = FLT_PREOP_SUCCESS_WITH_CALLBACK;
   } finally {
   if (retValue != FLT_PREOP_SUCCESS_WITH_CALLBACK) {
   if (newBuf != NULL) {
   ExFreePool( newBuf );
   }
   if (newMdl != NULL) {
   IoFreeMdl( newMdl );
   }
   if (volCtx != NULL) {
   FltReleaseContext( volCtx );
   }
   }
   }
   return retValue;
}
FLT_POSTOP_CALLBACK_STATUS
SwapPostWriteBuffers(
   __inout PFLT_CALLBACK_DATA Data,
   __in PCFLT_RELATED_OBJECTS FltObjects,
   __in PVOID CompletionContext,
   __in FLT_POST_OPERATION_FLAGS Flags
   )
{
   PPRE_2_POST_CONTEXT p2pCtx = CompletionContext;
   UNREFERENCED_PARAMETER( FltObjects );
   UNREFERENCED_PARAMETER( Flags );
   ExFreePool( p2pCtx->SwappedBuffer );
   FltReleaseContext( p2pCtx->VolCtx );
   ExFreeToNPagedLookasideList( &Pre2PostContextList,
   p2pCtx );
   return FLT_POSTOP_FINISHED_PROCESSING;
}

喜欢0

lijizhong619 驱动牛犊注册日期2009-03-12 最后登录2012-06-04 粉丝0 关注0 积分40分威望321点贡献值0点好评度0点原创分0分专家分0分加关注写私信	沙发^# 发布于：2010-05-16 16:10 急要解决，在线等
	回复(0) 喜欢(0)

lijizhong619 驱动牛犊注册日期2009-03-12 最后登录2012-06-04 粉丝0 关注0 积分40分威望321点贡献值0点好评度0点原创分0分专家分0分加关注写私信	板凳^# 发布于：2010-05-17 09:05 高手，请帮忙解决啊，是不是偏移有错啊？？？
	回复(0) 喜欢(0)

lijizhong619 驱动牛犊注册日期2009-03-12 最后登录2012-06-04 粉丝0 关注0 积分40分威望321点贡献值0点好评度0点原创分0分专家分0分加关注写私信	地板^# 发布于：2010-05-17 19:22 自己再顶
	回复(0) 喜欢(0)

您需要登录后才可以回帖，登录或者注册

minifilter 读写错误，请教高手

最新喜欢：