|
阅读:14830回复:49
终于搞定隐藏文件、目录了,好高兴啊!!!!!哈哈
可以过滤掉目录下的所有entry,不需要重新构造irp
NTSTATUS DispatchDirectoryControl( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { PDEVICE_EXTENSION devExt = DeviceObject->DeviceExtension; PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation(Irp); KEVENT waitEvent; NTSTATUS status; PWSTR fileNameBuffer; ULONG bufferLength; ULONG newLength; ULONG offset; ULONG currentPosition; PFILE_BOTH_DIR_INFORMATION dirInfo = NULL; PFILE_BOTH_DIR_INFORMATION preDirInfo = NULL; PAGED_CODE(); if (IS_MY_CONTROL_DEVICE_OBJECT(DeviceObject)) { Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST; Irp->IoStatus.Information = 0; IoCompleteRequest(Irp, IO_NO_INCREMENT); return STATUS_INVALID_DEVICE_REQUEST; } if (Irp->RequestorMode == KernelMode) { IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(((PDEVICE_EXTENSION) DeviceObject->DeviceExtension)->AttachedToDeviceObject, Irp); } if (FileBothDirectoryInformation != irpSp->Parameters.QueryDirectory.FileInformationClass) { IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(((PDEVICE_EXTENSION) DeviceObject->DeviceExtension)->AttachedToDeviceObject, Irp); } KeInitializeEvent(&waitEvent, NotificationEvent, FALSE); IoCopyCurrentIrpStackLocationToNext(Irp); IoSetCompletionRoutine(Irp, DirectoryControlCompletion, &waitEvent, //context parameter TRUE, TRUE, TRUE ); status = IoCallDriver(devExt->AttachedToDeviceObject, Irp); // // Wait for the operation to complete // if (STATUS_PENDING == status) { status = KeWaitForSingleObject(&waitEvent, Executive, KernelMode, FALSE, NULL ); ASSERT(STATUS_SUCCESS == status); } if (!NT_SUCCESS(status) ||(0 == irpSp->Parameters.QueryFile.Length)) { IoCompleteRequest(Irp, IO_NO_INCREMENT); return status; } fileNameBuffer =(PWSTR) ExAllocatePoolWithTag(NonPagedPool, MAX_PATH * sizeof(WCHAR), POOL_TAG); if (!fileNameBuffer) { IoCompleteRequest(Irp, IO_NO_INCREMENT); return status; } RtlZeroMemory(fileNameBuffer, MAX_PATH * sizeof(WCHAR)); if (!NT_SUCCESS(GetFileName(DeviceObject, irpSp->FileObject, fileNameBuffer))) { ExFreePoolWithTag(fileNameBuffer, POOL_TAG); IoCompleteRequest(Irp, IO_NO_INCREMENT); return status; } if (0 != _wcsicmp(fileNameBuffer, L"\\")) { ExFreePoolWithTag(fileNameBuffer, POOL_TAG); IoCompleteRequest(Irp, IO_NO_INCREMENT); return status; } while (TRUE) { bufferLength = irpSp->Parameters.QueryDirectory.Length; newLength = bufferLength; currentPosition = 0; dirInfo =(PFILE_BOTH_DIR_INFORMATION) Irp->UserBuffer; preDirInfo = dirInfo; if ((!dirInfo) ||(dirInfo->NextEntryOffset > bufferLength)) { IoCompleteRequest(Irp, IO_NO_INCREMENT); return status; } do { offset = dirInfo->NextEntryOffset; if ((dirInfo->FileNameLength > 0) && (_wcsnicmp(HIDDEN_DIRECTORY, dirInfo->FileName, dirInfo->FileNameLength / sizeof(WCHAR)) == 0)) { if (0 == offset) { // the last one preDirInfo->NextEntryOffset = 0; newLength = currentPosition; } else { if (preDirInfo != dirInfo) { preDirInfo->NextEntryOffset += dirInfo->NextEntryOffset; dirInfo = (PFILE_BOTH_DIR_INFORMATION) ((PUCHAR) dirInfo + offset); } else { RtlMoveMemory((PUCHAR) dirInfo,(PUCHAR) dirInfo + offset, bufferLength - currentPosition - offset); newLength -= offset; } } // break; } else { currentPosition += offset; preDirInfo = dirInfo; dirInfo =(PFILE_BOTH_DIR_INFORMATION)((PUCHAR) dirInfo + offset); } } while(0 != offset); if (0 == newLength) { KeResetEvent(&waitEvent); IoCopyCurrentIrpStackLocationToNext(Irp); IoSetCompletionRoutine(Irp, DirectoryControlCompletion, &waitEvent, //context parameter TRUE, TRUE, TRUE ); status = IoCallDriver(devExt->AttachedToDeviceObject, Irp); // // Wait for the operation to complete // if (STATUS_PENDING == status) { status = KeWaitForSingleObject(&waitEvent, Executive, KernelMode, FALSE, NULL ); ASSERT(STATUS_SUCCESS == status); } if (!NT_SUCCESS(status) ||(0 == Irp->IoStatus.Information)) { break; } } else { Irp->IoStatus.Information = newLength; break; } } ExFreePoolWithTag(fileNameBuffer, POOL_TAG); Irp->IoStatus.Information = newLength; IoCompleteRequest(Irp, IO_NO_INCREMENT); return status; } NTSTATUS DirectoryControlCompletion( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context ) { UNREFERENCED_PARAMETER(DeviceObject); UNREFERENCED_PARAMETER(Irp); KeSetEvent((PKEVENT) Context, IO_NO_INCREMENT, FALSE); return STATUS_MORE_PROCESSING_REQUIRED; } |
|
|
沙发#
发布于:2011-01-05 09:45
后来仔细看了一下,已经没有bug了:) 此代码没问题:)
|
|
|
板凳#
发布于:2010-12-20 21:31
谢谢tooflat提供的方法
|
|
|
地板#
发布于:2010-12-10 00:06
引用第24楼llj2655506于2007-04-07 21:47发表的 : 有谁能解释一下吗,不太明白? |
|
|
地下室#
发布于:2008-11-06 10:12
|
|
|
5楼#
发布于:2007-12-06 08:46
也是一种进步。
|
|
|
|
6楼#
发布于:2007-08-31 22:04
最近刚好在学习这方面的东西,可以把你的代码发给我参考一下么,谢谢LZ!
EMAIL: fancylf@163.com |
|
|
7楼#
发布于:2007-08-08 15:55
不错,学习中
|
|
|
8楼#
发布于:2007-08-01 11:56
楼主把源文件传上来把
 |
|
|
|
9楼#
发布于:2007-08-01 10:28
我也想要一份代码 能不能给我发一份呢 谢谢!!
wanghonglun1983@163.com |
|
|
10楼#
发布于:2007-07-29 16:59
|
|
|
|
11楼#
发布于:2007-07-26 16:42
楼主,我最近刚好也在做这个程序。
我要隐藏的是指定路径下的文件, 在隐藏文件的时候,我用的是HOOK ZwQueryDirectoryFile 这个函数,但是我遇到一个问题,就是在显示文件路径的时候,打印出来的是这样的路径:\Device\HarddiskVolume1\Documents and Settings\All Users\,也就是说不带盘符的,我上网查了一下,都没有真正看到怎样转化的代码,可以给点建议么,谢谢!我的邮箱:yunfandayi◎163.com, |
|
|
12楼#
发布于:2007-07-20 15:44
wcsnicmp 比较可能在某些及其会出现蓝屏 现象
|
|
|
13楼#
发布于:2007-07-12 13:25
[Quote] (_wcsnicmp(HIDDEN_DIRECTORY, dirInfo->FileName, dirInfo->FileNameLength / sizeof(WCHAR)) == 0)) {[/Quote]
这样比较在某些机器上会出现蓝屏,按一个字符串的长度去比较,也很可能比较就没进行完成 ======= 1.check IsDirectory 2.check string length is equal |
|
|
14楼#
发布于:2007-07-11 16:22
可以给我一份吗wiseboy601710@163.com
|
|
|
|
15楼#
发布于:2007-06-28 15:20
麻烦也给我发一份代码学习吧
slq724@163.com |
|
|
16楼#
发布于:2007-06-27 15:46
楼主,能不能发一份代码给我研究研究啊?谢谢了!
zhxi987654@163.com |
|
|
17楼#
发布于:2007-06-20 14:27
楼主,发我一份让我学习研究一下可以不?多谢了!
pandaemail@163.com |
|
|
18楼#
发布于:2007-06-20 14:16
楼主,厉害,能发份代码给我吗?huanglovesun3@yahoo.com.cn
|
|
|
19楼#
发布于:2007-06-01 16:36
|
|
上一页
下一页