阅读:1848回复:7
已知文件名柄,只能取得路径名(无法得到盘符),如何取得文件的完整路径?
HANDLE hFile; //已知的文件句柄
PFILE_OBJECT pFileObj=NULL; OBJECT_HANDLE_INFORMATION info; ANSI_STRING str; char* buff; ObReferenceObjectByHandle(hFile,0,0,KernelMode,(PVOID)&pFileObj,&info); if (!pFile) return; RtlUnicodeStringToAnsiString(&str,&pFile->FileName,1); buff=str.Buffer; DbgPrint("FilePath:%s\n",buff); //输出结果: FilePath:\abc.exe //而实际路径为:d:\abc.exe RtlFreeAnsiString(&str); ObDereferenceObject(pFile); 请高手指教怎样实现输出结果为: FilePath:d:\abc.exe |
|
最新喜欢:linshi... |
沙发#
发布于:2007-09-17 02:01
只是差一个郑信息,呵呵
|
|
|
板凳#
发布于:2007-09-17 08:56
ObQueryObjectName试试
|
|
地板#
发布于:2007-09-17 11:47
句柄是应用层的东西,并且在应用层就可以通过句柄得到文件名,不用驱动,你到网上搜下
|
|
|
地下室#
发布于:2007-09-19 10:40
句柄估计不行
怎么也要个文件对象吧 |
|
5楼#
发布于:2007-09-19 23:58
rtlvolumedevicetodosname
|
|
6楼#
发布于:2008-07-25 09:29
ObReferenceObjectByHandle(FileHandle,0,0,KernelMode,&file,&info);
RtlVolumeDeviceToDosName(file->DeviceObject, &dosName); // DbgPrint(" %ws\n",dosName.Buffer); //获得盘符 //将盘符拷贝到大容量的地方存放-----------ok RtlCopyUnicodeString(&fullUniName, &dosName); //将盘符和名字放在一起,得到总路径 RtlAppendUnicodeStringToString(&fullUniName,&((PFILE_OBJECT)file)->FileName); |
|
7楼#
发布于:2008-08-21 14:21
NTSTATUS GetFullName(HANDLE KeyHandle,char *fullname,char *filename)
{ NTSTATUS ns; PVOID pKey=NULL,pFile=NULL; UNICODE_STRING fullUniName; ANSI_STRING akeyname; ULONG actualLen; UNICODE_STRING dosName; fullUniName.Buffer=NULL; fullUniName.Length=0; fullname[0]=0x00; ns= ObReferenceObjectByHandle( KeyHandle, 0, NULL, KernelMode, &pKey, NULL ) ; if( !NT_SUCCESS(ns)) return ns; fullUniName.Buffer = ExAllocatePool( PagedPool, MAXPATHLEN*2);//1024*2 fullUniName.MaximumLength = MAXPATHLEN*2; __try { pFile=(PVOID)*(ULONG *)((char *)pKey+20); pFile=(PVOID)*(ULONG *)((char *)pFile); pFile=(PVOID)*(ULONG *)((char *)pFile+36); ObReferenceObjectByPointer(pFile, 0, NULL, KernelMode); RtlVolumeDeviceToDosName(((PFILE_OBJECT)pFile)->DeviceObject,&dosName); //ns=ObQueryNameString( pFile, fullUniName, MAXPATHLEN, &actualLen ); RtlCopyUnicodeString(&fullUniName, &dosName); RtlAppendUnicodeStringToString(&fullUniName,&((PFILE_OBJECT)pFile)->FileName); ObDereferenceObject(pFile); ObDereferenceObject(pKey ); RtlUnicodeStringToAnsiString( &akeyname, &fullUniName, TRUE ); if(akeyname.Length<MAXPATHLEN) { ULONG iLength; char*buff; ULONG iCount = 0; memcpy(fullname,akeyname.Buffer,akeyname.Length); fullname[akeyname.Length]=0x00; iLength = akeyname.Length; iCount = iLength; buff=akeyname.Buffer; while(iLength) { if(buff[iLength]=='\\') { iLength++; break; } iLength--; } if (iLength>0) { memcpy(filename,&buff[iLength],iCount-iLength); filename[iCount-iLength+1]=0x00; } } else { memcpy(fullname,akeyname.Buffer,MAXPATHLEN); fullname[MAXPATHLEN-1]=0x00; } RtlFreeAnsiString( &akeyname ); ExFreePool(dosName.Buffer); ExFreePool( fullUniName.Buffer); return STATUS_SUCCESS; } __except(1) { if(fullUniName.Buffer) ExFreePool( fullUniName.Buffer ); if(pKey) ObDereferenceObject(pKey ); return STATUS_SUCCESS; } } |
|