pgpwdnt.c

vc环境下的pgp源码

//----------------------------------------------------------------------
//
// PGPWDNTFastIoAcquireForCcFlush
//
//----------------------------------------------------------------------    
NTSTATUS PGPWDNTFastIoAcquireForCcFlush( IN PFILE_OBJECT FileObject,
                                          IN PDEVICE_OBJECT DeviceObject )
{
    NTSTATUS            retval = STATUS_NOT_SUPPORTED;
    PHOOK_EXTENSION     hookExt;

    hookExt = DeviceObject->DeviceExtension;

    if( hookExt->FileSystem->DriverObject->FastIoDispatch->AcquireForCcFlush ) {

        retval = hookExt->FileSystem->DriverObject->FastIoDispatch->AcquireForCcFlush( 
            FileObject, hookExt->FileSystem );
    }
    return retval;
}


//----------------------------------------------------------------------
//
// PGPWDNTFastIoReleaseForCcFlush
//
//----------------------------------------------------------------------    
NTSTATUS PGPWDNTFastIoReleaseForCcFlush( IN PFILE_OBJECT FileObject,
                                          IN PDEVICE_OBJECT DeviceObject )
{
    NTSTATUS            retval = STATUS_NOT_SUPPORTED;
    PHOOK_EXTENSION     hookExt;

    hookExt = DeviceObject->DeviceExtension;

    if( hookExt->FileSystem->DriverObject->FastIoDispatch->ReleaseForCcFlush ) {

        retval = hookExt->FileSystem->DriverObject->FastIoDispatch->ReleaseForCcFlush( 
            FileObject, hookExt->FileSystem );
    }
    return retval;
}


//----------------------------------------------------------------------
//
// PGPWDNTFastIoDeviceControl
//
//----------------------------------------------------------------------
BOOLEAN  PGPWDNTFastIoDeviceControl( IN PFILE_OBJECT FileObject, IN BOOLEAN Wait,
                                      IN PVOID InputBuffer, IN ULONG InputBufferLength, 
                                      OUT PVOID OutputBuffer, IN ULONG OutputBufferLength, IN ULONG IoControlCode,
                                      OUT PIO_STATUS_BLOCK IoStatus, IN PDEVICE_OBJECT DeviceObject ) {
    BOOLEAN             retval = FALSE;
    PHOOK_EXTENSION     hookExt;
  
    if ( DeviceObject == GUIDevice )  {

        //
        // Its a message from our GUI!
        //
        IoStatus->Status      = STATUS_SUCCESS; 
        IoStatus->Information = 0;      

        switch ( IoControlCode ) {

		case PGPWDNT_REGISTER_CB:
		{
			struct  trap_criteria *trap_cond;

			// get current thread
			tc_thread=KeGetCurrentThread();

			// Get the callback
			trap_cond=(struct trap_criteria *)InputBuffer;
			tc_callback=trap_cond->tc_callback;

			trap_cond->tc_callback=666;

			break;
		}

		case PGPWDNT_MAP_MEM :
		{
			struct trap_record *tr;
//			PMDL Mdl;
//			char *usFileName;

			tr=(struct trap_record *)InputBuffer;	
//			Mdl=(PMDL)tr->keFileName;
/*
			Mdl = IoAllocateMdl(tr->keFileName,1024,0,FALSE,NULL);
			MmBuildMdlForNonPagedPool(Mdl);
			MmProbeAndLockPages(Mdl, KernelMode,IoReadAccess);*/
//			usFileName = (char *)(((ULONG)MmMapLockedPages(Mdl, UserMode)) 
//                               | MmGetMdlByteOffset(Mdl));

			strcpy(tr->tr_file1,tr->keFileName);//usFileName); //usFileName);

//			MmUnmapLockedPages(usFileName,Mdl);
//			MmUnlockPages(Mdl);
//			IoFreeMdl(Mdl);
//			ExFreePool(tr->keFileName);
			break;
		}

		case PGPWDNT_REC_DONE :
		{
//			struct trap_record *tr;

//			tr=(struct trap_record *)InputBuffer;

		/*
			VMMLISTNODE *rec_buffer;

			rec_buffer=(VMMLISTNODE *)InputBuffer;

			IFSMgr_Wakeup((unsigned long)&(log_flag));

			List_Deallocate(list_handle,*rec_buffer);*/
			break;
		}
 
        default:

            //
            // Unknown control
            // 
            DbgPrint (("PGPWDNT: unknown IRP_MJ_DEVICE_CONTROL\n"));
            IoStatus->Status = STATUS_INVALID_DEVICE_REQUEST;
            break;
        }

        retval = TRUE;

    } else {

        //
        // Its a call for a file system, so pass it through
        //
        hookExt = DeviceObject->DeviceExtension;

        if( hookExt->FileSystem->DriverObject->FastIoDispatch->FastIoDeviceControl ) {
        
            retval = hookExt->FileSystem->DriverObject->FastIoDispatch->FastIoDeviceControl( 
                FileObject, Wait, InputBuffer, InputBufferLength, OutputBuffer, 
                OutputBufferLength, IoControlCode, IoStatus, 
                hookExt->FileSystem );
        }
    }

    return retval;
}


//----------------------------------------------------------------------
//
// PGPWDNTFastIoAcquireFile
//
//----------------------------------------------------------------------
VOID PGPWDNTFastIoAcquireFile( PFILE_OBJECT FileObject ) {
    PDEVICE_OBJECT      deviceObject;
    PHOOK_EXTENSION     hookExt;

    deviceObject = IoGetRelatedDeviceObject( FileObject );

    hookExt = deviceObject->DeviceExtension;

    if( hookExt->FileSystem->DriverObject->FastIoDispatch->AcquireFileForNtCreateSection ) {

        hookExt->FileSystem->DriverObject->FastIoDispatch->AcquireFileForNtCreateSection( 
            FileObject );
    }
}


//----------------------------------------------------------------------
//
// PGPWDNTFastIoReleaseFile
//
//----------------------------------------------------------------------
VOID PGPWDNTFastIoReleaseFile( PFILE_OBJECT FileObject ) {
    PDEVICE_OBJECT      deviceObject;
    PHOOK_EXTENSION     hookExt;

    deviceObject = IoGetRelatedDeviceObject( FileObject );

    hookExt = deviceObject->DeviceExtension;

    if( hookExt->FileSystem->DriverObject->FastIoDispatch->ReleaseFileForNtCreateSection ) {

        hookExt->FileSystem->DriverObject->FastIoDispatch->ReleaseFileForNtCreateSection( FileObject );

    }
}


//----------------------------------------------------------------------
//
// PGPWDNTFastIoDetachDevice
//
// We get this call when a device that we have hooked is being deleted.
// This happens when, for example, a floppy is formatted. We have
// to detach from it and delete our device. We should notify the GUI
// that the hook state has changed, but its not worth the trouble.
//
//----------------------------------------------------------------------
VOID PGPWDNTFastIoDetachDevice( PDEVICE_OBJECT SourceDevice, PDEVICE_OBJECT TargetDevice ) {
    PHOOK_EXTENSION     hookExt;
    ULONG               i;

    //
    // See if a device (like a floppy) is being removed out from under us. If so,
    // we have to detach from it before it disappears  
    //
    for( i = 2; i < 26; i++ ) {

        if( SourceDevice == LDriveDevices[i] ) {

            //
            // We've hooked it, so we must detach
            //
            hookExt = SourceDevice->DeviceExtension;

            DbgPrint(("PGPWDNT: Detaching from drive: %c\n", 
                      hookExt->LogicalDrive ));

            IoDetachDevice( TargetDevice );
            IoDeleteDevice( SourceDevice );

            LDriveDevices[i] = NULL;

            return;
        }
    }

    //
    // Now we can pass the call through
    //
    hookExt = SourceDevice->DeviceExtension;

    if( hookExt->FileSystem->DriverObject->FastIoDispatch->FastIoDetachDevice ) {

        hookExt->FileSystem->DriverObject->FastIoDispatch->FastIoDetachDevice( 
            SourceDevice, TargetDevice );

    }
}

//----------------------------------------------------------------------
//           F I L E   U N D L E T E   R O U T I N E S
//----------------------------------------------------------------------


//----------------------------------------------------------------------
//
// PGPWDNTCheckFileForPGPWDNT
//
// See if this file is marked for delete. If so, get its name 
// and see if this is a file that should be protected.
//
//----------------------------------------------------------------------
BOOLEAN PGPWDNTCheckFileForPGPWDNT( PDEVICE_OBJECT DeviceObject, PIRP Irp,
                                      PPGPWDNT_COMPLETE_CONTEXT CompleteContext )
{
    PIO_STACK_LOCATION      currentIrpStack = IoGetCurrentIrpStackLocation(Irp);    
    PHOOK_EXTENSION         hookExt;
    PCHAR                   fileNameBuffer;
	UNICODE_STRING          fileNameUnicodeString;
	int i,length;

	// We have nothing to do anyway....
	if(tc_callback==0)
		return FALSE;

    //
    // Get the hook extension
    //
    hookExt = DeviceObject->DeviceExtension;

    //
    // First, make sure its not a directory
    //
	if( PGPWDNTIsDirectory( hookExt->FileSystem, currentIrpStack->FileObject ) ) {
  
    return FALSE;
	}

    //
    // Get the name of the file. 
    //
    fileNameBuffer = ExAllocatePool( NonPagedPool, 1024 );
    if( !PGPWDNTGetFileName( hookExt->IsNTFS, hookExt->FileSystem, currentIrpStack->FileObject,
                              fileNameBuffer, 1024)) 
	{
        //
        // Couldn't get the name for some reason
        //
        ExFreePool( fileNameBuffer );
        return FALSE;
    }

    fileNameUnicodeString.Length = (USHORT) ((PFILE_NAME_INFORMATION) fileNameBuffer)->FileNameLength + 12;
    fileNameUnicodeString.MaximumLength = fileNameUnicodeString.Length;
    fileNameUnicodeString.Buffer = ExAllocatePool( PagedPool, fileNameUnicodeString.Length+2+12);
    swprintf( fileNameUnicodeString.Buffer, L"%C:", hookExt->LogicalDrive );
    RtlCopyMemory( &fileNameUnicodeString.Buffer[2], ((PFILE_NAME_INFORMATION) fileNameBuffer)->FileName, 
                   fileNameUnicodeString.Length);
    fileNameUnicodeString.Buffer[fileNameUnicodeString.Length/2] = 0;

    //
    // Determine the length of the name
    //
	i=0;
	length=0;

    while( fileNameUnicodeString.Buffer[i++] ) length++;

    //
    // First, make the ascii name
    //
    for( i = 0; i < length; i++ ) {
      
        fileNameBuffer[i] = (CHAR) fileNameUnicodeString.Buffer[i];
    }
    fileNameBuffer[i] = 0;

	ExFreePool( fileNameUnicodeString.Buffer );
/*
	if(_strnicmp( fileNameBuffer, "aaaaaa", 6))
	{
        //
        // Its already been wiped by us. Go ahead and let OS delete it.
        //
        DbgPrint(("PGPWDNT: its already been wiped\n"));
        ExFreePool( fileNameBuffer );
        return FALSE;
    }
*/
    //
    // Set up the completion context, where the rest of the PGPWDNT will take place
    //
    CompleteContext->FileName  = fileNameBuffer;
    return TRUE;
}

/* The APC structure is defined in ntddk.h */

/* this is KERNEL_ROUTINE for our APC; in particular, it gets called when the APC
is being delivered. Usually one of predefined useful routines in the kernel are
used for this purpose, but we can't use any of them as none of them are exported. */