阅读:2174回复:19
请教 wowocock
刚才的问题还没有回答我阿 谢谢啦
filespy在xp下怎么动态加载和卸载阿 使用net start和net stop吗 好像用net stop不行阿 用install和uninstall也不行阿 |
|
沙发#
发布于:2004-04-27 22:16
先IoUnregisterFsRegistrationChange解除挂接,然后EnumerateDeviceObjectList搜索设备连表,依次删除设备
|
|
|
板凳#
发布于:2004-04-28 08:31
谢谢
给分了 呵呵 我现在要作一个程序 虚拟出一个磁盘 但是内容是一个本地的文件夹 请问怎么作阿 我想修改filespy来做 以前没有做过fs驱动的 请大哥指点迷津阿 |
|
地板#
发布于:2004-04-28 09:00
谢谢 改FileSpy和SFilter都无法实现这个功能。要实现这个功能必须编写一个FSD,FastFAT就是干这事的。不过FSD的复杂度是FileSpy的15倍以上,跟FileDisk这些东西相比就更复杂了,你可要做好心理准备,嘿嘿嘿……:D :D :D |
|
地下室#
发布于:2004-04-28 10:52
不是吧 这么难?!
我觉得用filespy好像可以吧 先用filedisk虚拟一个磁盘 然后在上面加filespy dispatch query directory,read,write 把别的文件夹的信息返回 不行吗? 还有个问题 nt file system internal 里面有什么PtrSFsdCCB 这些类型怎么在ddk和ifsddk里面都查不到阿 |
|
5楼#
发布于:2004-04-28 11:57
我现在要作一个程序 虚拟出一个磁盘 但是内容是一个本地的文件夹
一个DefineDosDevice即可,根本无须驱动. |
|
|
6楼#
发布于:2004-04-28 12:05
我现在要作一个程序 虚拟出一个磁盘 但是内容是一个本地的文件夹 这样做只是建立一个符号联接而已,调用最终还是转发到FASTFAT.SYS。 照你这么说,连DefineDosDevice()都不必调用了,直接在Win32中执行命令“subst”得了。 开个玩笑 :D |
|
7楼#
发布于:2004-04-28 13:25
是调用DEFINEDOSDEVICE就可以了
你分析SUBST 调用的主要功能函数就是DEFINEDOSDEVICE 利用文件夹做虚拟磁盘是不用写驱动 用户模式就可以解决 |
|
|
8楼#
发布于:2004-04-28 14:52
如果这个文件夹是网络上的呢
怎么作? |
|
9楼#
发布于:2004-04-28 15:13
一样,我都测试过,用UNC路径即可.
|
|
|
10楼#
发布于:2004-04-28 15:58
wowocock的话不错
所以我越看FILEDISK就越是迷茫 FILEDISK将文件虚拟为磁盘分区 但是为什么不直接将文件夹DefineDosDevice呢 这样除了不能格式化以外,和虚拟的磁盘分区是一模一样 有什么区别吗?? 如果仅仅是为了实现磁盘加密之类的功能 那么,那么与直接使用EFS的区别在那里 如果仅仅是将许多磁盘文件放到一个文件中,集中进行处理 那么这些要求使用复合结构文件完全可以达到 有什么区别吗??? 大虾赐教!!!! |
|
|
11楼#
发布于:2004-04-29 16:38
wowocock 兄:
先IoUnregisterFsRegistrationChange解除挂接,然后EnumerateDeviceObjectList搜索设备连表,依次删除设备 我试了好像没有用阿 呵呵 有没有源码阿 给我看看? 还有这些函数放在哪里实现呢? unload routine? |
|
12楼#
发布于:2004-04-29 20:14
VOID
DriverUnload ( IN PDRIVER_OBJECT DriverObject ) /*++ Routine Description: This routine is called when a driver can be unloaded. This performs all of the necessary cleanup for unloading the driver from memory. Note that an error can not be returned from this routine. When a request is made to unload a driver the IO System will cache that information and not actually call this routine until the following states have occurred: - All device objects which belong to this filter are at the top of their respective attachment chains. - All handle counts for all device objects which belong to this filter have gone to zero. WARNING: Microsoft does not officially support the unloading of File System Filter Drivers. This is an example of how to unload your driver if you would like to use it during development. This should not be made available in production code. Arguments: DriverObject - Driver object for this module Return Value: None. --*/ { PFILESPY_DEVICE_EXTENSION devExt; PFAST_IO_DISPATCH fastIoDispatch; NTSTATUS status; ULONG numDevices; ULONG i; LARGE_INTEGER interval; UNICODE_STRING linkString; # define DEVOBJ_LIST_SIZE 64 PDEVICE_OBJECT devList[DEVOBJ_LIST_SIZE]; ASSERT(DriverObject == gFileSpyDriverObject); // // Log we are unloading // SPY_LOG_PRINT( SPYDEBUG_DISPLAY_ATTACHMENT_NAMES, (\"FileSpy!DriverUnload: Unloading Driver (%p)\\n\", DriverObject) ); // // Remove the symbolic link so no one else will be able to find it. // RtlInitUnicodeString( &linkString, FILESPY_DOSDEVICE_NAME ); IoDeleteSymbolicLink( &linkString ); // // Don\'t get anymore file system change notifications // IoUnregisterFsRegistrationChange( DriverObject, SpyFsNotification ); // // This is the loop that will go through all of the devices we are attached // to and detach from them. Since we don\'t know how many there are and // we don\'t want to allocate memory (because we can\'t return an error) // we will free them in chunks using a local array on the stack. // for (;;) { // // Get what device objects we can for this driver. Quit if there // are not any more. Note that this routine should always be defined // since this routine is only compiled for Windows XP and later. // ASSERT( NULL != gSpyDynamicFunctions.EnumerateDeviceObjectList ); status = (gSpyDynamicFunctions.EnumerateDeviceObjectList)( DriverObject, devList, sizeof(devList), &numDevices); if (numDevices <= 0) { break; } numDevices = min( numDevices, DEVOBJ_LIST_SIZE ); // // First go through the list and detach each of the devices. // Our control device object does not have a DeviceExtension and // is not attached to anything so don\'t detach it. // for (i=0; i < numDevices; i++) { devExt = devList->DeviceExtension; if (NULL != devExt) { IoDetachDevice( devExt->AttachedToDeviceObject ); } } // // The IO Manager does not currently add a reference count to a device // object for each outstanding IRP. This means there is no way to // know if there are any outstanding IRPs on the given device. // We are going to wait for a reasonable amount of time for pending // irps to complete. // // WARNING: This does not work 100% of the time and the driver may be // unloaded before all IRPs are completed during high stress // situations. The system will fault if this occurs. This // is a sample of how to do this during testing. This is // not recommended for production code. // interval.QuadPart = (5 * DELAY_ONE_SECOND); //delay 5 seconds KeDelayExecutionThread( KernelMode, FALSE, &interval ); // // Now go back through the list and delete the device objects. // for (i=0; i < numDevices; i++) { // // See if this is our control device object. If not then cleanup // the device extension. If so then clear the global pointer // that references it. // if (NULL != devList->DeviceExtension) { SpyCleanupMountedDevice( devList ); } else { ASSERT(devList == gControlDeviceObject); ASSERT(gControlDeviceState == CLOSED); gControlDeviceObject = NULL; } // // Delete the device object, remove reference counts added by // IoEnumerateDeviceObjectList. Note that the delete does // not actually occur until the reference count goes to zero. // IoDeleteDevice( devList ); ObDereferenceObject( devList ); } } // // Delete the look aside list. // ASSERT(IsListEmpty( &gSpyDeviceExtensionList )); #ifndef MEMORY_DBG ExDeleteNPagedLookasideList( &gFreeBufferList ); #endif // // Free our FastIO table // fastIoDispatch = DriverObject->FastIoDispatch; DriverObject->FastIoDispatch = NULL; ExFreePoolWithTag( fastIoDispatch, FILESPY_POOL_TAG ); } #endif |
|
|
13楼#
发布于:2004-04-29 20:19
老大好强阿!仰慕ing
|
|
14楼#
发布于:2004-04-29 20:41
老大 你的代码不全哦
SpyFsNotification还有一些其他的没有定义阿 |
|
15楼#
发布于:2004-04-29 20:45
gSpyDynamicFunctions
还有SpyCleanupMountedDevice 也没有定义阿 |
|
16楼#
发布于:2004-04-30 11:37
EnumerateDeviceObjectList需要动态获得IoEnumerateDeviceObjectList在WINXP以后引进
|
|
|
17楼#
发布于:2004-04-30 12:54
什么地方的代码
我的FILESPY里面怎么没有这代码??? |
|
|
18楼#
发布于:2004-05-08 09:46
EnumerateDeviceObjectList需要动态获得IoEnumerateDeviceObjectList在WINXP以后引进
怎么动态获得阿? |
|
19楼#
发布于:2004-05-08 12:16
MmGetSystemRoutineAddress同
GETPROCADDRESS一样的原理,获得动态NTOSKRNL的地址. |
|
|