购买一段简单的过滤驱动源码

kxskxs 驱动牛犊注册日期2007-10-07 最后登录2011-02-10 粉丝1 关注1 积分2分威望11点贡献值0点好评度0点原创分0分专家分0分加关注写私信	阅读：1787回复：2 购买一段简单的过滤驱动源码楼主^# 更多只看楼主倒序阅读发布于：2010-11-15 10:23 主要功能是禁止访问（不能读、写及删除）一个或多个指定的文件夹，要求代码稳定。诚意购买，有意者请联系email: qingdao3721@qq.com
	喜欢0 最新喜欢：回复

lijianhua12

驱动牛犊

注册日期2009-12-04
最后登录2013-03-29
粉丝12
关注9
积分33分
威望301点
贡献值0点
好评度0点
原创分0分
专家分11分

加关注写私信

沙发^#

发布于：2010-11-15 18:54

tooflat 的代码隐藏了保存加密文件标识文件的目录

代码很稳定

NTSTATUS
SfDirectoryControl(
   IN PDEVICE_OBJECT DeviceObject,
   IN PIRP Irp
   )
{
   PSFILTER_DEVICE_EXTENSION DevExt = (PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension;
   PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp);
   PFILE_OBJECT FileObject = IrpSp->FileObject;
   NTSTATUS Status = STATUS_SUCCESS;
   PFILE_BOTH_DIR_INFORMATION DirInfo = NULL;
   PFILE_BOTH_DIR_INFORMATION PreDirInfo = NULL;
   ULONG Length = 0;
   ULONG NewLength = 0;
   ULONG Offset = 0;
   ULONG CurPos = 0;

   //
   // We only care about volume filter device object
   //
   if (!DevExt->StorageStackDeviceObject)
   {
   IoSkipCurrentIrpStackLocation(Irp);
   return IoCallDriver(DevExt->AttachedToDeviceObject, Irp);
   }

#if DBG
   if (DevExt->DriveLetter != DEBUG_VOLUME)
   {
   IoSkipCurrentIrpStackLocation(Irp);
   return IoCallDriver(DevExt->AttachedToDeviceObject, Irp);
   }
#endif

   if (IrpSp->MinorFunction != IRP_MN_QUERY_DIRECTORY)
   {
   IoSkipCurrentIrpStackLocation(Irp);
   return IoCallDriver(DevExt->AttachedToDeviceObject, Irp);
   }

   if (IrpSp->Parameters.QueryDirectory.FileInformationClass != FileBothDirectoryInformation)
   {
   IoSkipCurrentIrpStackLocation(Irp);
   return IoCallDriver(DevExt->AttachedToDeviceObject, Irp);
   }

   Status = SfForwardIrpSyncronously(DevExt->AttachedToDeviceObject, Irp);

   while (TRUE)
   {
   if (!NT_SUCCESS(Status))
   break;

   Length = IrpSp->Parameters.QueryDirectory.Length;
   NewLength = Length;
   CurPos = 0;
   DirInfo = (PFILE_BOTH_DIR_INFORMATION) Irp->UserBuffer;
   PreDirInfo = DirInfo;

   //
   // There is no entry, so just complete the request
   //
   if (Length == 0)
   break;

   //
   // Sanity check
   //
   if ((!DirInfo) || (DirInfo->NextEntryOffset > Length))
   break;

   do
   {
   Offset = DirInfo->NextEntryOffset;

   if ((DirInfo->FileNameLength > SF_ENCRYPT_POSTFIX_LENGTH * sizeof(WCHAR)) &&
   (_wcsnicmp(&DirInfo->FileName[DirInfo->FileNameLength / sizeof(WCHAR) - SF_ENCRYPT_POSTFIX_LENGTH],
   SF_ENCRYPT_POSTFIX, SF_ENCRYPT_POSTFIX_LENGTH) == 0))
   {
   if (0 == Offset) // the last one
   {
   PreDirInfo->NextEntryOffset = 0;
   NewLength = CurPos;
   }
   else
   {
   if (PreDirInfo != DirInfo)
   {
   PreDirInfo->NextEntryOffset += DirInfo->NextEntryOffset;
   DirInfo = (PFILE_BOTH_DIR_INFORMATION) ((PUCHAR) DirInfo + Offset);
   }
   else
   {
   RtlMoveMemory((PUCHAR) DirInfo,(PUCHAR) DirInfo + Offset, Length - CurPos - Offset);
   NewLength -= Offset;
   }
   }
   }
   else
   {
   CurPos += Offset;
   PreDirInfo = DirInfo;
   DirInfo = (PFILE_BOTH_DIR_INFORMATION) ((PUCHAR) DirInfo + Offset);
   }
   } while (0 != Offset);

   if (0 == NewLength) // All entry is filtered
   {
   Status = SfForwardIrpSyncronously(DevExt->AttachedToDeviceObject, Irp);

   //
   // If no entry returned, just complete the request,
   // else we must continue to filter
   //
   if (0 == Irp->IoStatus.Information)
   break;
   }
   else
   {
   Irp->IoStatus.Information = NewLength;
   break;
   }

   // continue to filter
   }

   IoCompleteRequest(Irp, IO_NO_INCREMENT);
   return Status;
}

回复喜欢

wanghui219 禁止发言注册日期2007-08-28 最后登录2019-07-29 粉丝4 关注3 积分101166分威望505351点贡献值0点好评度137点原创分0分专家分4分加关注写私信	板凳^# 发布于：2010-11-18 10:04 用户被禁言,该主题自动屏蔽!
	回复(0) 喜欢(0)

您需要登录后才可以回帖，登录或者注册

购买一段简单的过滤驱动源码

最新喜欢：