[驱动开发] 磁盘文件操作

A- A+
流沙团 驱动开发 4488View 0

详细的操作实例

相关内核API
ZwCreateFile
ZwOpenFile
ZwSetInformationFile
ZwQueryInfomationFile
ZwReadFile
ZwWriteFile


代码实例 


#include <ntddk.h>
#define TAG 'tset' //驱动在内存的标志,即test

NTSTATUS MyCreateFile()
{
	HANDLE hFile;
	UNICODE_STRING usFileName;
	OBJECT_ATTRIBUTES FileObjAttr;
	IO_STATUS_BLOCK IoStatusBlock;
	NTSTATUS Status;
	RtlInitUnicodeString(&usFileName,L"\\??\\c:\\1.txt");
	memset(&FileObjAttr,0,sizeof(OBJECT_ATTRIBUTES));
	//FileObjAttr.Attributes
	InitializeObjectAttributes(&FileObjAttr,&usFileName,OBJ_CASE_INSENSITIVE,NULL,NULL);
	Status = ZwCreateFile(&hFile,
		GENERIC_ALL,
		&FileObjAttr,
	    &IoStatusBlock,
		NULL,
		FILE_ATTRIBUTE_NORMAL,
		FILE_SHARE_READ,
		FILE_OPEN_IF,
		FILE_NON_DIRECTORY_FILE,
		NULL,
		0);

	if(!NT_SUCCESS(Status))
	{
		DbgPrint("ZwCreateFile Error");
		return Status;
	}
	DbgPrint("ZwCreateFile Success");
	//close handle;
	ZwClose(hFile); //-1
	return Status;
}

NTSTATUS MyOpenFile()
{
	HANDLE hFile;
	UNICODE_STRING usFileName;
	OBJECT_ATTRIBUTES FileObjAttr;
	IO_STATUS_BLOCK IoStatusBlock;
	NTSTATUS Status;
	
	RtlInitUnicodeString(&usFileName,L"\\??\\c:\\1.txt");
	memset(&FileObjAttr,0,sizeof(OBJECT_ATTRIBUTES));
	//FileObjAttr.Attributes
	InitializeObjectAttributes(&FileObjAttr,&usFileName,OBJ_CASE_INSENSITIVE,NULL,NULL);

	Status = ZwOpenFile(&hFile,GENERIC_ALL,&FileObjAttr,&IoStatusBlock,FILE_SHARE_READ,FILE_NON_DIRECTORY_FILE);
	
	if(!NT_SUCCESS(Status))
	{
		//#define STATUS_OBJECT_NAME_NOT_FOUND     ((NTSTATUS)0xC0000034L)
		DbgPrint("ZwOpenFile Error, 0x%X\n",Status);
		return  Status;
	}
	DbgPrint("ZwOpenFile Success\n");
	ZwClose(hFile);
	return Status;
}

NTSTATUS MyQueryInformationFile()
{
	HANDLE hFile;
	UNICODE_STRING usFileName;
	OBJECT_ATTRIBUTES FileObjAttr;
	IO_STATUS_BLOCK IoStatusBlock;
	FILE_BASIC_INFORMATION FileInfo;
	NTSTATUS Status;
	
	RtlInitUnicodeString(&usFileName,L"\\??\\c:\\2.txt");
	memset(&FileObjAttr,0,sizeof(OBJECT_ATTRIBUTES));
	//FileObjAttr.Attributes
	InitializeObjectAttributes(&FileObjAttr,&usFileName,OBJ_CASE_INSENSITIVE,NULL,NULL);
	Status = ZwCreateFile(&hFile,
		GENERIC_ALL,
		&FileObjAttr,
		&IoStatusBlock,
		NULL,
		FILE_ATTRIBUTE_NORMAL,
		FILE_SHARE_READ,
		FILE_OPEN_IF,
		FILE_NON_DIRECTORY_FILE,
		NULL,
		0);

	if(!NT_SUCCESS(Status))
	{
		DbgPrint("ZwCreateFile Error");
		return Status;
	}
	DbgPrint("ZwCreateFile Success");
	//hFile

	//ZwSetInformationFile(hFile,&IoStatusBlock,)
	Status = ZwQueryInformationFile(hFile, &IoStatusBlock, &FileInfo, sizeof(FILE_BASIC_INFORMATION), FileBasicInformation);
	if (!NT_SUCCESS(Status))
	{
		DbgPrint("ZwQueryInformationFile 0x%X",Status);
		ZwClose(hFile);
		return Status;
	}

	DbgPrint("ZwQueryInformationFile Success\n");
	DbgPrint("0x%x , 0x%x\n",FileInfo.ChangeTime.QuadPart,FileInfo.FileAttributes);
	
	//关闭句柄
	ZwClose(hFile);
	return Status;
}

NTSTATUS MySetInformationFile()
{
	HANDLE hFile;
	UNICODE_STRING usFileName;
	OBJECT_ATTRIBUTES FileObjAttr;
	IO_STATUS_BLOCK IoStatusBlock;
	FILE_BASIC_INFORMATION FileInfo;
	NTSTATUS Status;
	RtlInitUnicodeString(&usFileName,L"\\??\\c:\\3.txt");
	memset(&FileObjAttr,0,sizeof(OBJECT_ATTRIBUTES));
	//FileObjAttr.Attributes
	InitializeObjectAttributes(&FileObjAttr,&usFileName,OBJ_CASE_INSENSITIVE,NULL,NULL);
	Status = ZwCreateFile(&hFile,
		GENERIC_ALL,
		&FileObjAttr,
		&IoStatusBlock,
		NULL,
		FILE_ATTRIBUTE_NORMAL,
		FILE_SHARE_READ,
		FILE_OPEN_IF,
		FILE_NON_DIRECTORY_FILE,
		NULL,
		0);

	if(!NT_SUCCESS(Status))
	{
		DbgPrint("ZwCreateFile Error");
		return Status;
	}
	DbgPrint("ZwCreateFile Success");
	//hFile

	//ZwSetInformationFile(hFile,&IoStatusBlock,)
	//获取信息
	Status = ZwQueryInformationFile(hFile, &IoStatusBlock, &FileInfo, sizeof(FILE_BASIC_INFORMATION), FileBasicInformation);
	if (!NT_SUCCESS(Status))
	{
		DbgPrint("ZwQueryInformationFile 0x%X",Status);
		ZwClose(hFile);
		return Status;
	}

	DbgPrint("ZwQueryInformationFile Success\n");
	DbgPrint("0x%x , 0x%x\n",FileInfo.ChangeTime.QuadPart,FileInfo.FileAttributes);

	//设置信息
	FileInfo.CreationTime.QuadPart = 0;
	FileInfo.FileAttributes |= FILE_ATTRIBUTE_HIDDEN;

	Status = ZwSetInformationFile(hFile, &IoStatusBlock, &FileInfo, sizeof(FILE_BASIC_INFORMATION), FileBasicInformation);
	if (!NT_SUCCESS(Status))
	{
		DbgPrint("ZwSetInformationFile Error 0x%X",Status);
		ZwClose(hFile);
		return Status;
	}

	DbgPrint("ZwSetInformationFile Success\n");
	//关闭句柄
	ZwClose(hFile);
	return Status;
	
}


NTSTATUS MyWirteFile()
{
	HANDLE hFile;
	UNICODE_STRING usFileName;
	OBJECT_ATTRIBUTES FileObjAttr;
	IO_STATUS_BLOCK IoStatusBlock;
	FILE_BASIC_INFORMATION FileInfo;
	NTSTATUS Status;
	PVOID strBuffer;
	LARGE_INTEGER tempBuffer;

	RtlInitUnicodeString(&usFileName,L"\\??\\c:\\5.txt");
	memset(&FileObjAttr,0,sizeof(OBJECT_ATTRIBUTES));
	//FileObjAttr.Attributes
	InitializeObjectAttributes(&FileObjAttr,&usFileName,OBJ_CASE_INSENSITIVE,NULL,NULL);
	Status = ZwCreateFile(&hFile,
		GENERIC_ALL,
		&FileObjAttr,
		&IoStatusBlock,
		NULL,
		FILE_ATTRIBUTE_NORMAL,
		FILE_SHARE_READ,
		FILE_OPEN_IF,
		FILE_NON_DIRECTORY_FILE,
		NULL,
		0);

	if(!NT_SUCCESS(Status))
	{
		DbgPrint("ZwCreateFile Error");
		return Status;
	}
	DbgPrint("ZwCreateFile Success");
	//hFile

	//strBuffer = ExAllocatePool(NonPagedPool, 50);
	strBuffer = ExAllocatePoolWithTag(NonPagedPool, 50, TAG); 
	RtlCopyMemory(strBuffer, "www.gyarmy.com\n", strlen("www.gyarmy.com\n"));
	tempBuffer.QuadPart = 0;
	
	Status = ZwWriteFile(hFile, NULL, NULL, NULL, &IoStatusBlock, strBuffer, strlen("www.gyarmy.com\n"), &tempBuffer, NULL);

	KdPrint(("%s", strBuffer));
	
	if(!NT_SUCCESS(Status))
	{
		DbgPrint("ZwWriteFile Error");
		return Status;
	}
	DbgPrint("ZwWriteFile Success");

	//关闭句柄
	ZwClose(hFile);
	return Status;

}



NTSTATUS MyReadFile()
{
	HANDLE hFile;
	UNICODE_STRING usFileName;
	OBJECT_ATTRIBUTES FileObjAttr;
	IO_STATUS_BLOCK IoStatusBlock;
	FILE_BASIC_INFORMATION FileInfo;
	NTSTATUS Status;
	PVOID strBuffer;
	LARGE_INTEGER tempBuffer;

	RtlInitUnicodeString(&usFileName,L"\\??\\c:\\5.txt");
	memset(&FileObjAttr,0,sizeof(OBJECT_ATTRIBUTES));
	//FileObjAttr.Attributes
	InitializeObjectAttributes(&FileObjAttr,&usFileName,OBJ_CASE_INSENSITIVE,NULL,NULL);
	Status = ZwCreateFile(&hFile,
		GENERIC_ALL,
		&FileObjAttr,
		&IoStatusBlock,
		NULL,
		FILE_ATTRIBUTE_NORMAL,
		FILE_SHARE_READ,
		FILE_OPEN_IF,
		FILE_NON_DIRECTORY_FILE,
		NULL,
		0);

	if(!NT_SUCCESS(Status))
	{
		DbgPrint("ZwCreateFile Error");
		return Status;
	}
	DbgPrint("ZwCreateFile Success");
	
	//strBuffer = ExAllocatePool(NonPagedPool, 50);
	strBuffer = ExAllocatePoolWithTag(NonPagedPool, 50, TAG); 
	memset(strBuffer,0,50);
	//读取的起始位置
	tempBuffer.QuadPart = 0;
	//tempBuffer.QuadPart.
	Status = ZwReadFile(hFile, NULL, NULL, NULL, &IoStatusBlock, strBuffer, 50, &tempBuffer, NULL);
	if (!NT_SUCCESS(Status))
	{
		KdPrint(("错误码%x", Status));
		ZwClose(hFile);
	}
	KdPrint(("strBuffer = %s\n", strBuffer));
	DbgPrint("ZwReadFile Success\n");

	//关闭句柄
	ZwClose(hFile);
	return Status;
}


VOID MyUnloadDriver(PDRIVER_OBJECT pDriverObject)
{
	DbgPrint("Goodbye World!");
}



NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegisterPath)
{
	DbgPrint("Hello World!");
	pDriverObject->DriverUnload = MyUnloadDriver;
	
	//MyCreateFile();
	//MyOpenFile();
	//MyQueryInformationFile();
	//MySetInformationFile();

	MyWirteFile();
	//MyReadFile();


	return STATUS_SUCCESS;
}

原文链接: [驱动开发] 磁盘文件操作 版权所有,转载时请注明出处,违者必究。
注明出处格式:流沙团 ( https://gyarmy.com/post-485.html )

发表评论

0则评论给“[驱动开发] 磁盘文件操作”