📄 ntifs.h
字号:
#ifndef _NTIFS_//以免被重复引用
#define _NTIFS_
#if (VER_PRODUCTBUILD < 2195)
#define FILE_DEVICE_MASS_STORAGE 0x0000002d
#define IOCTL_STORAGE_CHECK_VERIFY2 CTL_CODE(IOCTL_STORAGE_BASE, 0x0200, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FILE_ATTRIBUTE_ENCRYPTED 0x00004000
//IOCTL_STORAGE_BASE在ntddstor.h中定义为FILE_DEVICE_MASS_STORAGE
//METHOD_BUFFERED在ntddk.h中定义为0
//FILE_ANY_ACCESS在ntddk.h中定义为0
#endif
#if (VER_PRODUCTBUILD < 2600)
#define IOCTL_DISK_GET_PARTITION_INFO_EX CTL_CODE(IOCTL_DISK_BASE, 0x0012, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_DISK_GET_LENGTH_INFO CTL_CODE(IOCTL_DISK_BASE, 0x0017, METHOD_BUFFERED, FILE_READ_ACCESS)
//IOCTL_DISK_BASE在ntdddisk.h中定义为FILE_DEVICE_DISK
//FILE_DEVICE_DISK在ntddk.h中定义为0x00000007
//FILE_READ_ACCESS在ntddk.h中定义为( 0x0001 )
typedef enum _PARTITION_STYLE {//分区表的选择
PARTITION_STYLE_MBR,
PARTITION_STYLE_GPT
} PARTITION_STYLE;
typedef unsigned __int64 ULONG64, *PULONG64;
typedef struct _PARTITION_INFORMATION_MBR {//对映PARTITION_STYLE_MBR
UCHAR PartitionType;
BOOLEAN BootIndicator;
BOOLEAN RecognizedPartition;
ULONG HiddenSectors;
} PARTITION_INFORMATION_MBR, *PPARTITION_INFORMATION_MBR;
typedef struct _PARTITION_INFORMATION_GPT {//对映PARTITION_STYLE_GPT
GUID PartitionType;
GUID PartitionId;
ULONG64 Attributes;
WCHAR Name[36];
} PARTITION_INFORMATION_GPT, *PPARTITION_INFORMATION_GPT;
//在FileDiskDeviceControl.c中的case IOCTL_DISK_GET_PARTITION_INFO_EX中用到
typedef struct _PARTITION_INFORMATION_EX {
PARTITION_STYLE PartitionStyle;
LARGE_INTEGER StartingOffset;
LARGE_INTEGER PartitionLength;
ULONG PartitionNumber;
BOOLEAN RewritePartition;
union {
PARTITION_INFORMATION_MBR Mbr;
PARTITION_INFORMATION_GPT Gpt;
};
} PARTITION_INFORMATION_EX, *PPARTITION_INFORMATION_EX;
//在FileDiskDeviceControl.c中的case IOCTL_DISK_GET_LENGTH_INFO中用到
typedef struct _GET_LENGTH_INFORMATION {
LARGE_INTEGER Length;
} GET_LENGTH_INFORMATION, *PGET_LENGTH_INFORMATION;
#endif // (VER_PRODUCTBUILD < 2600)
//
// We include some stuff from ntifs.h here so that
// the driver can be compiled with only the DDK.
//
#define TOKEN_SOURCE_LENGTH 8
//下面_TOKEN_SOURCE中用到
//用来定义SeTokenType的返回类型
typedef enum _TOKEN_TYPE {
TokenPrimary = 1,
TokenImpersonation
} TOKEN_TYPE;
//下面_TOKEN_CONTROL中用到
typedef struct _TOKEN_SOURCE {
CCHAR SourceName[TOKEN_SOURCE_LENGTH];
LUID SourceIdentifier;
} TOKEN_SOURCE, *PTOKEN_SOURCE;
//下面_SECURITY_CLIENT_CONTEXT中用到
typedef struct _TOKEN_CONTROL {
LUID TokenId;
LUID AuthenticationId;
LUID ModifiedId;
TOKEN_SOURCE TokenSource;
} TOKEN_CONTROL, *PTOKEN_CONTROL;
//下面_DEVICE_EXTENSION中用到
typedef struct _SECURITY_CLIENT_CONTEXT {
SECURITY_QUALITY_OF_SERVICE SecurityQos;
PACCESS_TOKEN ClientToken;
BOOLEAN DirectlyAccessClientToken;
BOOLEAN DirectAccessEffectiveOnly;
BOOLEAN ServerIsRemote;
TOKEN_CONTROL ClientTokenControl;
} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
//功能为检测输入指针是否指向NULL,如果是则返回FALSE,否则返回TRUE
#define PsDereferenceImpersonationToken(T) \
{if (ARGUMENT_PRESENT(T)) { \
(ObDereferenceObject((T))); \
} else { \
; \
} \
}
//功能为减少输入参数的参考量
#define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
//功能为将进程结构返回到初始状态
NTKERNELAPI
VOID
PsRevertToSelf (
VOID
);
//功能为引用PETHREAD类型元素Thread,PSECURITY_QUALITY_OF_SERVICE类型元素QualityOfService
//和BOOLEAN类型元素RemoteClient建立SECURITY_CLIENT_CONTEXT类型元素ClientContext
NTKERNELAPI
NTSTATUS
SeCreateClientSecurity (
IN PETHREAD Thread,
IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
IN BOOLEAN RemoteClient,
OUT PSECURITY_CLIENT_CONTEXT ClientContext
);
//功能为检测输入参数中的ClientToken是否为TokenPrimary,如果是则减少输入参数的参考量
//否则若输入参数非0则减少输入参数的参考量
#define SeDeleteClientSecurity(C) { \
if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
PsDereferencePrimaryToken( (C)->ClientToken ); \
} else { \
PsDereferenceImpersonationToken( (C)->ClientToken ); \
} \
}
//功能为引用PSECURITY_CLIENT_CONTEXT类型元素ClientContext
NTKERNELAPI
VOID
SeImpersonateClient (
IN PSECURITY_CLIENT_CONTEXT ClientContext,
IN PETHREAD ServerThread OPTIONAL
);
//功能为引用PACCESS_TOKEN类型元素Token
NTKERNELAPI
TOKEN_TYPE
SeTokenType (
IN PACCESS_TOKEN Token
);
//
// For backward compatibility with Windows NT 4.0 by Bruce Engle.
//
#ifndef MmGetSystemAddressForMdlSafe
#define MmGetSystemAddressForMdlSafe(MDL, PRIORITY) MmGetSystemAddressForMdlPrettySafe(MDL)
//功能为从内存中取得Mdl的系统地址
PVOID
MmGetSystemAddressForMdlPrettySafe (
PMDL Mdl
)
{
CSHORT MdlMappingCanFail;
PVOID MappedSystemVa;
MdlMappingCanFail = Mdl->MdlFlags & MDL_MAPPING_CAN_FAIL;
//MDL_MAPPING_CAN_FAIL在ntddk.h中定义为0x2000
Mdl->MdlFlags |= MDL_MAPPING_CAN_FAIL;
MappedSystemVa = MmGetSystemAddressForMdl(Mdl);
if (MdlMappingCanFail == 0)
{
Mdl->MdlFlags &= ~MDL_MAPPING_CAN_FAIL;
}
return MappedSystemVa;
}
#endif
#define PARAMETER_KEY L"\\Parameters"
#define NUMBEROFDEVICES_VALUE L"NumberOfDevices"
#define DEFAULT_NUMBEROFDEVICES 4
#define SECTOR_SIZE 512
#define TOC_DATA_TRACK 0x04
HANDLE dir_handle;
//定义结构体_DEVICE_EXTENSION,用来保存设备的细节以及对设备的编程方式
typedef struct _DEVICE_EXTENSION {
BOOLEAN media_in_device;
HANDLE file_handle;
ANSI_STRING file_name;
LARGE_INTEGER file_size;
BOOLEAN read_only;
PSECURITY_CLIENT_CONTEXT security_client_context;
LIST_ENTRY list_head;
KSPIN_LOCK list_lock;
KEVENT request_event;
PVOID thread_pointer;
BOOLEAN terminate_thread;
} DEVICE_EXTENSION, *PDEVICE_EXTENSION;
//定义各个分发例程
NTSTATUS
DriverEntry (
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
);
NTSTATUS
FileDiskCreateDevice (
IN PDRIVER_OBJECT DriverObject,
IN ULONG Number,
IN DEVICE_TYPE DeviceType
);
VOID
FileDiskUnload (
IN PDRIVER_OBJECT DriverObject
);
PDEVICE_OBJECT
FileDiskDeleteDevice (
IN PDEVICE_OBJECT DeviceObject
);
NTSTATUS
FileDiskCreateClose (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
NTSTATUS
FileDiskReadWrite (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
NTSTATUS
FileDiskDeviceControl (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
VOID
FileDiskThread (
IN PVOID Context
);
NTSTATUS
FileDiskOpenFile (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
NTSTATUS
FileDiskCloseFile (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
int swprintf(wchar_t *, const wchar_t *, ...);
//定义_T宏
#ifndef __T
#ifdef _NTDDK_
#define __T(x) L ## x
#else
#define __T(x) x
#endif
#endif
#ifndef _T
#define _T(x) __T(x)
#endif
#define DEVICE_BASE_NAME _T("\\FileDisk")
#define DEVICE_DIR_NAME _T("\\Device") DEVICE_BASE_NAME
#define DEVICE_NAME_PREFIX DEVICE_DIR_NAME DEVICE_BASE_NAME
#define FILE_DEVICE_FILE_DISK 0x8000
#define IOCTL_FILE_DISK_OPEN_FILE CTL_CODE(FILE_DEVICE_FILE_DISK, 0x800, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
#define IOCTL_FILE_DISK_CLOSE_FILE CTL_CODE(FILE_DEVICE_FILE_DISK, 0x801, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
#define IOCTL_FILE_DISK_QUERY_FILE CTL_CODE(FILE_DEVICE_FILE_DISK, 0x802, METHOD_BUFFERED, FILE_READ_ACCESS)
//FileDiskDeviceControl.c和FileDiskOpenFile.c中用到
typedef struct _OPEN_FILE_INFORMATION {
LARGE_INTEGER FileSize;
BOOLEAN ReadOnly;
USHORT FileNameLength;
UCHAR FileName[1];
} OPEN_FILE_INFORMATION, *POPEN_FILE_INFORMATION;
#endif
//本ntifs.h并非真正的ntifs.h。而是由ntifs.h中与本试验有关的结构等信息和本试验所需的其它需定义在头文件中的信息共同组成的ntifs.h。
//请做试验的同学注意。⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -