|
阅读:1638回复:0
2000下动态加载sfilter的问题
按照以下代码加载驱动之后,为什么在SfCreate中获取的文件路径没有了设备名,比如本来应该是\Device\HardDiskVolumn0\debug\,用这个函数动态加载之后变成了 \debug\ 这样。。。
//声明未公开的变量的函数原型 extern POBJECT_TYPE *IoDriverObjectType; extern NTKERNELAPI NTSTATUS ObReferenceObjectByName( IN PUNICODE_STRING ObjectName, IN ULONG Attributes, IN PACCESS_STATE PassedAccessState OPTIONAL, IN ACCESS_MASK DesiredAccess OPTIONAL, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, OUT PVOID *Object ); VOID SfAttachToVolumeDevice( ) { UNICODE_STRING szLinkPath; PDRIVER_OBJECT lpDriverObject; NTSTATUS Status; OBJECT_ATTRIBUTES ObjectAttributes; PDEVICE_OBJECT currentDevice = NULL; RtlInitUnicodeString(&szLinkPath, L"\\FileSystem\\FastFat"); InitializeObjectAttributes(&ObjectAttributes, &szLinkPath, OBJ_CASE_INSENSITIVE, NULL, NULL); Status = ObReferenceObjectByName( &szLinkPath, OBJ_CASE_INSENSITIVE, NULL, 0, *IoDriverObjectType, KernelMode, NULL, &lpDriverObject ); currentDevice = lpDriverObject->DeviceObject; while( currentDevice != NULL ) { SfFsNotification( currentDevice, TRUE ); currentDevice = currentDevice->NextDevice; } RtlInitUnicodeString(&szLinkPath, L"\\FileSystem\\Ntfs"); InitializeObjectAttributes(&ObjectAttributes, &szLinkPath, OBJ_CASE_INSENSITIVE, NULL, NULL ); Status = ObReferenceObjectByName( &szLinkPath, OBJ_CASE_INSENSITIVE, NULL, 0, *IoDriverObjectType, KernelMode, NULL, &lpDriverObject); currentDevice = lpDriverObject->DeviceObject; while( currentDevice != NULL ){ SfFsNotification( currentDevice, TRUE ); currentDevice = currentDevice->NextDevice; } } } } |
|
