📄 cfsd.c
字号:
/*
* Clandestine File System Driver
* Copyright (C) 2005 Jason Todd
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*
* Entry point for the driver, minifilter configuration, instance attachment validation
*
*
* REFERENCE for this code :
* swapbuffers.c - DDK
* OSR ListServer Discussion Groups - http://www.osronline.com/page.cfm?name=search
*
*/
#include "cfsd.h"
#include "base.h"
#include "IRP_MJ_directory.h"
#include "IRP_MJ_create.h"
#include "IRP_MJ_setinformation.h"
#include "registry.h"
#include "..\inc\crossover.h"
/* #################################################################################
DDK : "...Structure is used to register operation callback routines"
*/
CONST FLT_OPERATION_REGISTRATION cfsd_Callbacks[] = {
#if FILTER_IRP_MJ_DIRECTORY_CONTROL
{ IRP_MJ_DIRECTORY_CONTROL,
0,
NULL,//PreDirectoryControl
PostDirectoryControl },
#endif
#if FILTER_IRP_MJ_CREATE
{ IRP_MJ_CREATE,
0,
NULL,//PreCreate,
PostCreate},
#endif
#if FILTER_IRP_MJ_SET_INFORMATION
{ IRP_MJ_SET_INFORMATION,
0,
NULL,//PreSetInformation,
PostSetInformation},
#endif
{ IRP_MJ_OPERATION_END }
};
/* #################################################################################
DDK : "...Structure is passed as a parameter to FltRegisterFilter()."
*/
CONST FLT_REGISTRATION cfsd_FilterRegistration = {
sizeof( FLT_REGISTRATION ), // Size
FLT_REGISTRATION_VERSION, // Version
0,//FLTFL_REGISTRATION_DO_NOT_SUPPORT_SERVICE_STOP, // Flags
/* If FLTFL_REGISTRATION_DO_NOT_SUPPORT_SERVICE_STOP is set you cannot use 'net stop cfsd' to
stop the driver, but fltmc unload cfsd will still be possible. To make the driver unloadable
you must set the above flag and uncomment return STATUS_FLT_DO_NOT_DETACH; in cfsd_Unload()
*/
NULL, // ContextRegistration
cfsd_Callbacks, // OperationRegistration
cfsd_Unload, // FilterUnloadCallback
cfsd_InstanceSetup, // InstanceSetupCallback
NULL, // InstanceQueryTeardownCallback
NULL, // InstanceTeardownStartCallback
cfsd_InstanceTeardownComplete, // InstanceTeardownCompleteCallback
NULL, // GenerateFileNameCallback
NULL, // NormalizeNameComponentCallback
NULL // NormalizeContextCleanupCallback
};
/* ################################################################################# */
#if ENABLE_USER_INTERFACE
USER_MODE_CONNECTION gUserModeConnection;
#endif
PFLT_FILTER gFilterPointer;
// kludge var
UNICODE_STRING uFName;
/*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*
*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*/
NTSTATUS
DriverEntry( IN PDRIVER_OBJECT theDriverObject,
IN PUNICODE_STRING theRegistryPath )
{
NTSTATUS Status;
PSECURITY_DESCRIPTOR SecurityDescriptor;
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING uPortName;
// Open the registry and read in all the setting we will use in kernel mode
EnumerateRegistryValues( theRegistryPath );
// DDK : "...Add itself to the global list of registered minifilters and to provide
// the Filter Manager with a list of callback functions and other information
// about the minifilter."
Status = FltRegisterFilter( theDriverObject,
&cfsd_FilterRegistration,
&gFilterPointer );
if ( NT_SUCCESS( Status ) )
{
#if ENABLE_USER_INTERFACE
Status = FltBuildDefaultSecurityDescriptor( &SecurityDescriptor,
FLT_PORT_ALL_ACCESS );
if ( NT_SUCCESS( Status ) )
{
RtlInitUnicodeString( &uPortName, USER_COMMUNICATION_PORT_NAME );
InitializeObjectAttributes( &ObjectAttributes,
&uPortName,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
SecurityDescriptor );
Status = FltCreateCommunicationPort( gFilterPointer, // Filter
&gUserModeConnection.ServerPort,// *ServerPort
&ObjectAttributes, // ObjectAttributes
NULL, // ServerPortCookie
cfsd_UserModeConnect, // ConnectNotifyCallback
cfsd_UserModeDisconnect, // DisconnectNotifyCallback
cfsd_UserModeCommunication, // MessageNotifyCallback
1 ); // MaxConnections
FltFreeSecurityDescriptor( SecurityDescriptor );
// If we failed to create a communications port then we are going to fail the driver
if ( !NT_SUCCESS( Status ) )
{
KdPrint( (PRINT_TAG "Failed FltCreateCommunicationPort() with NTSTATUS 0x%x\n",Status ) );
// Release our hidden data memory
ExFreePoolWithTag( gFileData, 'parC' );
return Status;
}
DBG_PRINT( DbgOutput, DBG_USERMODE, (PRINT_TAG_USERMODE "Created communication server port 0x%X for usermode access\n", gUserModeConnection.ServerPort ));
}
#endif // End #if ENABLE_USER_INTERFACE
// DDK : "...Notifies the Filter Manager that the minifilter is ready to
// begin attaching to volumes and filtering I/O requests"
Status = FltStartFiltering( gFilterPointer );
if ( !NT_SUCCESS( Status ))
{
#if ENABLE_USER_INTERFACE
FltCloseCommunicationPort( gUserModeConnection.ServerPort );
#endif // End #if ENABLE_USER_INTERFACE
// If we failed FltStartFiltering() then we unregister ourself with the Filter Manager
// so that we no longer recieve calls to process I/O operations.
FltUnregisterFilter( gFilterPointer );
// Release our hidden data memory
ExFreePoolWithTag( gFileData, 'parC' );
}
}
return Status;
}
/*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*
*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*/
NTSTATUS
cfsd_Unload( FLT_FILTER_UNLOAD_FLAGS theFlags )
{
UNREFERENCED_PARAMETER( theFlags );
// *** ENABLE THIS IS YOU DO NOT WANT THE DRIVER TO EVER BE UNLOADED and
// SET FLTFL_REGISTRATION_DO_NOT_SUPPORT_SERVICE_STOP in FLT_REGISTRATION ALSO ***
//return STATUS_FLT_DO_NOT_DETACH;
#if ENABLE_USER_INTERFACE
DBG_PRINT( DbgOutput, DBG_USERMODE, (PRINT_TAG_USERMODE "Closing ServerPort 0x%X\n",gUserModeConnection.ServerPort ) );
FltCloseCommunicationPort( gUserModeConnection.ServerPort );
#endif // End #if ENABLE_USER_INTERFACE
// DDK : "...Unregister itself so that the Filter Manager no longer calls it to
// process I/O operations. "
FltUnregisterFilter( gFilterPointer );
// Release our hidden data memory
ExFreePoolWithTag( gFileData, 'parC' );
#if FILTER_IRP_MJ_CREATE
// Release our attach method data memory
ExFreePoolWithTag( gProtectedData, 'parC' );
#endif
// Release our attach method data memory
ExFreePoolWithTag( gAttachRequirements, 'parC' );
return STATUS_SUCCESS;
}
/*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*
*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*/
NTSTATUS
cfsd_InstanceSetup( IN PCFLT_RELATED_OBJECTS FltObjects,
IN FLT_INSTANCE_SETUP_FLAGS Flags,
IN DEVICE_TYPE VolumeDeviceType,
IN FLT_FILESYSTEM_TYPE VolumeFilesystemType )
{
#if DBG
UCHAR VPBuffer[sizeof(FLT_VOLUME_PROPERTIES)+512];
PFLT_VOLUME_PROPERTIES VolumeProperties = (PFLT_VOLUME_PROPERTIES)VPBuffer;
PDEVICE_OBJECT theDeviceObject = NULL;
ULONG ReturnedLength;
NTSTATUS Status;
UNICODE_STRING DosName;
Status = FltGetVolumeProperties( FltObjects->Volume,
VolumeProperties,
sizeof( VPBuffer ),
&ReturnedLength );
if ( !NT_SUCCESS( Status ) )
{
}
// Zero it so we can show a NULL if no DOS name is found
RtlZeroMemory( &DosName, sizeof( UNICODE_STRING ) );
Status = FltGetDiskDeviceObject( FltObjects->Volume, &theDeviceObject );
if ( NT_SUCCESS( Status ) )
{
Status = IoVolumeDeviceToDosName( theDeviceObject, &DosName );
}
else
{
}
#endif // End #if DBG
UNREFERENCED_PARAMETER( FltObjects );
// *************************************************************************************
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "** [ ATTACHMENT REQUEST 0x%X ] **", Flags ) );
// Handle our instance setup under different situations and decide if we want
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -