|
阅读:1285回复:3
读取U盘DOS引导扇区内容
下面是一段读取U盘DOS引导扇区的代码,假设U盘的盘符是F。
RtlInitUnicodeString(&objectName, L"\\DosDevices\\F:") ; InitializeObjectAttributes(&attributes, &objectName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL) ; if(KeGetCurrentIrql() != PASSIVE_LEVEL) return STATUS_INVALID_DEVICE_STATE; status = ZwCreateFile(&handle, GENERIC_READ, &attributes, &ioStatusBlock, NULL, FILE_ATTRIBUTE_NORMAL, 0, FILE_OVERWRITE_IF, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); if(NT_SUCCESS(Status)) { byteOffset.LowPart = byteOffset.HighPart = 0; status = ZwReadFile(handle, NULL, NULL, NULL, &ioStatusBlock, buffer, sizeof(buffer), &byteOffset, NULL); if(NT_SUCCESS(ioStatusBlock.Status)) { buffer[512] = '\0'; DbgPrint("%s\n", buffer); } ZwClose(handle); } 我把这段代码放到SfCreate例程中进行测试,但却总是蓝屏。同样的代码,我把L"\\DosDevices\\F:"改为L"\\DosDevices\\F:\\example.txt"就可以对U盘上的example.txt文件进行读取,一点问题都没有。但为什么不能读扇区中的内容呢?请各位指点 |
|
最新喜欢: Leopar...
|
|
沙发#
发布于:2007-03-22 21:47
status = ZwCreateFile( &hHandle,
GENERIC_READ, &InitializedAttributes, &iostatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0 ); 读扇区时必须要带FILE_SHARE_WRITE参数。能将你的SfCreate例程下代码都贴出来吗?我连U盘上的文件都不能读。 |
|
|
板凳#
发布于:2007-03-24 11:33
好的,这是读写文件的一个小测试:
NTSTATUS SfCreate ( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) /*++ Routine Description: This function filters create/open operations. It simply establishes an I/O completion routine to be invoked if the operation was successful. Arguments: DeviceObject - Pointer to the target device object of the create/open. Irp - Pointer to the I/O Request Packet that represents the operation. Return Value: The function value is the status of the call to the file system's entry point. --*/ { NTSTATUS status; //////ADD BY Shenhui PSFILTER_DEVICE_EXTENSION devExt = DeviceObject->DeviceExtension ; UNICODE_STRING volumeName ; /*HANDLE handle ; UNICODE_STRING objectName ; OBJECT_ATTRIBUTES attributes ; IO_STATUS_BLOCK ioStatusBlock ; CHAR buffer[513] ; LARGE_INTEGER byteOffset ;*/ // UCHAR Buffer[512] ; //////END PAGED_CODE(); // // If this is for our control device object, don't allow it to be opened. // if (IS_MY_CONTROL_DEVICE_OBJECT(DeviceObject)) { // // Sfilter doesn't allow for any communication through its control // device object, therefore it fails all requests to open a handle // to its control device object. // // See the FileSpy sample for an example of how to allow creates to // the filter's control device object and manage communication via // that handle. // Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST; Irp->IoStatus.Information = 0; IoCompleteRequest( Irp, IO_NO_INCREMENT ); return STATUS_INVALID_DEVICE_REQUEST; } ASSERT(IS_MY_DEVICE_OBJECT( DeviceObject )); //////ADD BY Shenhui RtlInitUnicodeString(&volumeName, L"\\Device\\HarddiskVolume2") ; if (RtlCompareUnicodeString(&devExt->DeviceName, &volumeName, TRUE) < 0) { IoSkipCurrentIrpStackLocation(Irp) ; return IoCallDriver(devExt->AttachedToDeviceObject, Irp) ; } RtlInitUnicodeString(&objectName, L"\\DosDevices\\F:\\") ; InitializeObjectAttributes(&attributes, &objectName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL) ; if(KeGetCurrentIrql() != PASSIVE_LEVEL) return STATUS_INVALID_DEVICE_STATE; status = ZwCreateFile(&handle, FILE_READ_DATA | SYNCHRONIZE, &attributes, &ioStatusBlock, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, FILE_OPEN, FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); ///写文件 if(NT_SUCCESS(status)) { status = ZwWriteFile(handle, NULL, NULL, NULL, &ioStatusBlock, buffer, sizeof(buffer), NULL, NULL) ; ZwClose(handle); } ///读文件 if(NT_SUCCESS(ioStatusBlock.Status)) { byteOffset.LowPart = byteOffset.HighPart = 0; status = ZwReadFile(handle, NULL, NULL, NULL, &ioStatusBlock, buffer, sizeof(buffer), &byteOffset, NULL); if(NT_SUCCESS(ioStatusBlock.Status)) { ///这里最好不要用ZwReadFile返回的status buffer[31] = '\0'; ///因为如果读到文件结尾,就会返回STATUS_END_OF_FILE错误 DbgPrint("%s\n", buffer); } ZwClose(handle); } //////END // // If debugging is enabled, do the processing required to see the packet // upon its completion. Otherwise, let the request go with no further // processing. // if (!FlagOn( SfDebug, SFDEBUG_DO_CREATE_COMPLETION | SFDEBUG_GET_CREATE_NAMES| SFDEBUG_DISPLAY_CREATE_NAMES )) { // // Don't put us on the stack then call the next driver // IoSkipCurrentIrpStackLocation( Irp ); return IoCallDriver( ((PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension)->AttachedToDeviceObject, Irp ); } else { KEVENT waitEvent; // // Initialize an event to wait for the completion routine to occur // KeInitializeEvent( &waitEvent, NotificationEvent, FALSE ); // // Copy the stack and set our Completion routine // IoCopyCurrentIrpStackLocationToNext( Irp ); IoSetCompletionRoutine( Irp, SfCreateCompletion, &waitEvent, TRUE, TRUE, TRUE ); // // Call the next driver in the stack. // status = IoCallDriver( ((PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension)->AttachedToDeviceObject, Irp ); // // Wait for the completion routine to be called // if (STATUS_PENDING == status) { NTSTATUS localStatus = KeWaitForSingleObject(&waitEvent, Executive, KernelMode, FALSE, NULL); ASSERT(STATUS_SUCCESS == localStatus); } // // Verify the IoCompleteRequest was called // ASSERT(KeReadStateEvent(&waitEvent) || !NT_SUCCESS(Irp->IoStatus.Status)); // // Retrieve and display the filename if requested // if (FlagOn(SfDebug, (SFDEBUG_GET_CREATE_NAMES|SFDEBUG_DISPLAY_CREATE_NAMES))) { SfDisplayCreateFileName( Irp ); } // // Save the status and continue processing the IRP // status = Irp->IoStatus.Status; IoCompleteRequest( Irp, IO_NO_INCREMENT ); return status; } } |
|
|
|
地板#
发布于:2007-03-24 13:02
明白了,谢谢!
|
|