流沙团
[驱动开发] 磁盘文件操作
2018-11-11 流沙团


详细的操作实例



相关内核API

ZwCreateFile

ZwOpenFile

ZwSetInformationFile

ZwQueryInfomationFile

ZwReadFile

ZwWriteFile






代码实例







#include <ntddk.h>

#define TAG 'tset' //驱动在内存的标志,即test



NTSTATUS MyCreateFile()

{

	HANDLE hFile;

	UNICODE_STRING usFileName;

	OBJECT_ATTRIBUTES FileObjAttr;

	IO_STATUS_BLOCK IoStatusBlock;

	NTSTATUS Status;

	RtlInitUnicodeString(&usFileName,L"\\??\\c:\\1.txt");

	memset(&FileObjAttr,0,sizeof(OBJECT_ATTRIBUTES));

	//FileObjAttr.Attributes

	InitializeObjectAttributes(&FileObjAttr,&usFileName,OBJ_CASE_INSENSITIVE,NULL,NULL);

	Status = ZwCreateFile(&hFile,

		GENERIC_ALL,

		&FileObjAttr,

	    &IoStatusBlock,

		NULL,

		FILE_ATTRIBUTE_NORMAL,

		FILE_SHARE_READ,

		FILE_OPEN_IF,

		FILE_NON_DIRECTORY_FILE,

		NULL,

		0);



	if(!NT_SUCCESS(Status))

	{

		DbgPrint("ZwCreateFile Error");

		return Status;

	}

	DbgPrint("ZwCreateFile Success");

	//close handle;

	ZwClose(hFile); //-1

	return Status;

}



NTSTATUS MyOpenFile()

{

	HANDLE hFile;

	UNICODE_STRING usFileName;

	OBJECT_ATTRIBUTES FileObjAttr;

	IO_STATUS_BLOCK IoStatusBlock;

	NTSTATUS Status;

	

	RtlInitUnicodeString(&usFileName,L"\\??\\c:\\1.txt");

	memset(&FileObjAttr,0,sizeof(OBJECT_ATTRIBUTES));

	//FileObjAttr.Attributes

	InitializeObjectAttributes(&FileObjAttr,&usFileName,OBJ_CASE_INSENSITIVE,NULL,NULL);



	Status = ZwOpenFile(&hFile,GENERIC_ALL,&FileObjAttr,&IoStatusBlock,FILE_SHARE_READ,FILE_NON_DIRECTORY_FILE);

	

	if(!NT_SUCCESS(Status))

	{

		//#define STATUS_OBJECT_NAME_NOT_FOUND     ((NTSTATUS)0xC0000034L)

		DbgPrint("ZwOpenFile Error, 0x%X\n",Status);

		return  Status;

	}

	DbgPrint("ZwOpenFile Success\n");

	ZwClose(hFile);

	return Status;

}



NTSTATUS MyQueryInformationFile()

{

	HANDLE hFile;

	UNICODE_STRING usFileName;

	OBJECT_ATTRIBUTES FileObjAttr;

	IO_STATUS_BLOCK IoStatusBlock;

	FILE_BASIC_INFORMATION FileInfo;

	NTSTATUS Status;

	

	RtlInitUnicodeString(&usFileName,L"\\??\\c:\\2.txt");

	memset(&FileObjAttr,0,sizeof(OBJECT_ATTRIBUTES));

	//FileObjAttr.Attributes

	InitializeObjectAttributes(&FileObjAttr,&usFileName,OBJ_CASE_INSENSITIVE,NULL,NULL);

	Status = ZwCreateFile(&hFile,

		GENERIC_ALL,

		&FileObjAttr,

		&IoStatusBlock,

		NULL,

		FILE_ATTRIBUTE_NORMAL,

		FILE_SHARE_READ,

		FILE_OPEN_IF,

		FILE_NON_DIRECTORY_FILE,

		NULL,

		0);



	if(!NT_SUCCESS(Status))

	{

		DbgPrint("ZwCreateFile Error");

		return Status;

	}

	DbgPrint("ZwCreateFile Success");

	//hFile



	//ZwSetInformationFile(hFile,&IoStatusBlock,)

	Status = ZwQueryInformationFile(hFile, &IoStatusBlock, &FileInfo, sizeof(FILE_BASIC_INFORMATION), FileBasicInformation);

	if (!NT_SUCCESS(Status))

	{

		DbgPrint("ZwQueryInformationFile 0x%X",Status);

		ZwClose(hFile);

		return Status;

	}



	DbgPrint("ZwQueryInformationFile Success\n");

	DbgPrint("0x%x , 0x%x\n",FileInfo.ChangeTime.QuadPart,FileInfo.FileAttributes);

	

	//关闭句柄

	ZwClose(hFile);

	return Status;

}



NTSTATUS MySetInformationFile()

{

	HANDLE hFile;

	UNICODE_STRING usFileName;

	OBJECT_ATTRIBUTES FileObjAttr;

	IO_STATUS_BLOCK IoStatusBlock;

	FILE_BASIC_INFORMATION FileInfo;

	NTSTATUS Status;

	RtlInitUnicodeString(&usFileName,L"\\??\\c:\\3.txt");

	memset(&FileObjAttr,0,sizeof(OBJECT_ATTRIBUTES));

	//FileObjAttr.Attributes

	InitializeObjectAttributes(&FileObjAttr,&usFileName,OBJ_CASE_INSENSITIVE,NULL,NULL);

	Status = ZwCreateFile(&hFile,

		GENERIC_ALL,

		&FileObjAttr,

		&IoStatusBlock,

		NULL,

		FILE_ATTRIBUTE_NORMAL,

		FILE_SHARE_READ,

		FILE_OPEN_IF,

		FILE_NON_DIRECTORY_FILE,

		NULL,

		0);



	if(!NT_SUCCESS(Status))

	{

		DbgPrint("ZwCreateFile Error");

		return Status;

	}

	DbgPrint("ZwCreateFile Success");

	//hFile



	//ZwSetInformationFile(hFile,&IoStatusBlock,)

	//获取信息

	Status = ZwQueryInformationFile(hFile, &IoStatusBlock, &FileInfo, sizeof(FILE_BASIC_INFORMATION), FileBasicInformation);

	if (!NT_SUCCESS(Status))

	{

		DbgPrint("ZwQueryInformationFile 0x%X",Status);

		ZwClose(hFile);

		return Status;

	}



	DbgPrint("ZwQueryInformationFile Success\n");

	DbgPrint("0x%x , 0x%x\n",FileInfo.ChangeTime.QuadPart,FileInfo.FileAttributes);



	//设置信息

	FileInfo.CreationTime.QuadPart = 0;

	FileInfo.FileAttributes |= FILE_ATTRIBUTE_HIDDEN;



	Status = ZwSetInformationFile(hFile, &IoStatusBlock, &FileInfo, sizeof(FILE_BASIC_INFORMATION), FileBasicInformation);

	if (!NT_SUCCESS(Status))

	{

		DbgPrint("ZwSetInformationFile Error 0x%X",Status);

		ZwClose(hFile);

		return Status;

	}



	DbgPrint("ZwSetInformationFile Success\n");

	//关闭句柄

	ZwClose(hFile);

	return Status;

	

}





NTSTATUS MyWirteFile()

{

	HANDLE hFile;

	UNICODE_STRING usFileName;

	OBJECT_ATTRIBUTES FileObjAttr;

	IO_STATUS_BLOCK IoStatusBlock;

	FILE_BASIC_INFORMATION FileInfo;

	NTSTATUS Status;

	PVOID strBuffer;

	LARGE_INTEGER tempBuffer;



	RtlInitUnicodeString(&usFileName,L"\\??\\c:\\5.txt");

	memset(&FileObjAttr,0,sizeof(OBJECT_ATTRIBUTES));

	//FileObjAttr.Attributes

	InitializeObjectAttributes(&FileObjAttr,&usFileName,OBJ_CASE_INSENSITIVE,NULL,NULL);

	Status = ZwCreateFile(&hFile,

		GENERIC_ALL,

		&FileObjAttr,

		&IoStatusBlock,

		NULL,

		FILE_ATTRIBUTE_NORMAL,

		FILE_SHARE_READ,

		FILE_OPEN_IF,

		FILE_NON_DIRECTORY_FILE,

		NULL,

		0);



	if(!NT_SUCCESS(Status))

	{

		DbgPrint("ZwCreateFile Error");

		return Status;

	}

	DbgPrint("ZwCreateFile Success");

	//hFile



	//strBuffer = ExAllocatePool(NonPagedPool, 50);

	strBuffer = ExAllocatePoolWithTag(NonPagedPool, 50, TAG); 

	RtlCopyMemory(strBuffer, "www.gyarmy.com\n", strlen("www.gyarmy.com\n"));

	tempBuffer.QuadPart = 0;

	

	Status = ZwWriteFile(hFile, NULL, NULL, NULL, &IoStatusBlock, strBuffer, strlen("www.gyarmy.com\n"), &tempBuffer, NULL);



	KdPrint(("%s", strBuffer));

	

	if(!NT_SUCCESS(Status))

	{

		DbgPrint("ZwWriteFile Error");

		return Status;

	}

	DbgPrint("ZwWriteFile Success");



	//关闭句柄

	ZwClose(hFile);

	return Status;



}







NTSTATUS MyReadFile()

{

	HANDLE hFile;

	UNICODE_STRING usFileName;

	OBJECT_ATTRIBUTES FileObjAttr;

	IO_STATUS_BLOCK IoStatusBlock;

	FILE_BASIC_INFORMATION FileInfo;

	NTSTATUS Status;

	PVOID strBuffer;

	LARGE_INTEGER tempBuffer;



	RtlInitUnicodeString(&usFileName,L"\\??\\c:\\5.txt");

	memset(&FileObjAttr,0,sizeof(OBJECT_ATTRIBUTES));

	//FileObjAttr.Attributes

	InitializeObjectAttributes(&FileObjAttr,&usFileName,OBJ_CASE_INSENSITIVE,NULL,NULL);

	Status = ZwCreateFile(&hFile,

		GENERIC_ALL,

		&FileObjAttr,

		&IoStatusBlock,

		NULL,

		FILE_ATTRIBUTE_NORMAL,

		FILE_SHARE_READ,

		FILE_OPEN_IF,

		FILE_NON_DIRECTORY_FILE,

		NULL,

		0);



	if(!NT_SUCCESS(Status))

	{

		DbgPrint("ZwCreateFile Error");

		return Status;

	}

	DbgPrint("ZwCreateFile Success");

	

	//strBuffer = ExAllocatePool(NonPagedPool, 50);

	strBuffer = ExAllocatePoolWithTag(NonPagedPool, 50, TAG); 

	memset(strBuffer,0,50);

	//读取的起始位置

	tempBuffer.QuadPart = 0;

	//tempBuffer.QuadPart.

	Status = ZwReadFile(hFile, NULL, NULL, NULL, &IoStatusBlock, strBuffer, 50, &tempBuffer, NULL);

	if (!NT_SUCCESS(Status))

	{

		KdPrint(("错误码%x", Status));

		ZwClose(hFile);

	}

	KdPrint(("strBuffer = %s\n", strBuffer));

	DbgPrint("ZwReadFile Success\n");



	//关闭句柄

	ZwClose(hFile);

	return Status;

}





VOID MyUnloadDriver(PDRIVER_OBJECT pDriverObject)

{

	DbgPrint("Goodbye World!");

}







NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegisterPath)

{

	DbgPrint("Hello World!");

	pDriverObject->DriverUnload = MyUnloadDriver;

	

	//MyCreateFile();

	//MyOpenFile();

	//MyQueryInformationFile();

	//MySetInformationFile();



	MyWirteFile();

	//MyReadFile();





	return STATUS_SUCCESS;

}


发表评论:
昵称

邮件地址 (选填)

个人主页 (选填)

内容