📄 cfsd.c
字号:
break;
}
case FLT_FSTYPE_MS_NETWARE:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_MS_NETWARE) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_MS_NETWARE [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_MS_NETWARE [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_NETWARE:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_NETWARE ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_NETWARE [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_NETWARE [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_BSUDF:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_BSUDF ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_BSUDF [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_BSUDF [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_MUP:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_MUP ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_MUP [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_MUP [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_RSFX:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_RSFX) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_RSFX [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_RSFX [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_ROXIO_UDF1:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_ROXIO_UDF1) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_ROXIO_UDF1 [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_ROXIO_UDF1 [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_ROXIO_UDF2:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_ROXIO_UDF2 ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_ROXIO_UDF2 [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_ROXIO_UDF2 [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_ROXIO_UDF3:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_ROXIO_UDF3 ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_ROXIO_UDF3 [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_ROXIO_UDF3 [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
default :
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to NONSUPPORTED Volume File System type : 0x%x\n",VolumeFilesystemType ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
} // End switch ( VolumeFilesystemType )
// *************************************************************************************
return STATUS_SUCCESS;
}
/*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*
*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*/
VOID
cfsd_InstanceTeardownComplete( IN PCFLT_RELATED_OBJECTS FltObjects,
IN FLT_INSTANCE_TEARDOWN_FLAGS Reason )
{
#if DBG
UCHAR VPBuffer[sizeof(FLT_VOLUME_PROPERTIES)+512];
PFLT_VOLUME_PROPERTIES VolumeProperties = (PFLT_VOLUME_PROPERTIES)VPBuffer;
ULONG ReturnedLength;
NTSTATUS Status;
DBG_PRINT( DbgOutput, DBG_DETACH_INSTANCE, (PRINT_TAG_DETACH "## [ DETACHMENT REQUEST 0x%X ] ##", Reason ) );
Status = FltGetVolumeProperties( FltObjects->Volume,
VolumeProperties,
sizeof( VPBuffer ),
&ReturnedLength );
if ( !NT_SUCCESS( Status ) )
{
}
switch ( Reason )
{
case FLTFL_INSTANCE_TEARDOWN_FILTER_UNLOAD:
{
DBG_PRINT( DbgOutput, DBG_DETACH_INSTANCE, (PRINT_TAG_DETACH "DETACHED - FLTFL_INSTANCE_TEARDOWN_FILTER_UNLOAD\n") );
break;
}
case FLTFL_INSTANCE_TEARDOWN_INTERNAL_ERROR:
{
DBG_PRINT( DbgOutput, DBG_DETACH_INSTANCE, (PRINT_TAG_DETACH "DETACHED - FLTFL_INSTANCE_TEARDOWN_INTERNAL_ERROR\n") );
break;
}
case FLTFL_INSTANCE_TEARDOWN_MANDATORY_FILTER_UNLOAD:
{
DBG_PRINT( DbgOutput, DBG_DETACH_INSTANCE, (PRINT_TAG_DETACH "DETACHED - FLTFL_INSTANCE_TEARDOWN_MANDATORY_FILTER_UNLOAD\n") );
break;
}
case FLTFL_INSTANCE_TEARDOWN_MANUAL:
{
DBG_PRINT( DbgOutput, DBG_DETACH_INSTANCE, (PRINT_TAG_DETACH "DETACHED - FLTFL_INSTANCE_TEARDOWN_MANUAL\n") );
break;
}
case FLTFL_INSTANCE_TEARDOWN_VOLUME_DISMOUNT:
{
DBG_PRINT( DbgOutput, DBG_DETACH_INSTANCE, (PRINT_TAG_DETACH "DETACHED - FLTFL_INSTANCE_TEARDOWN_VOLUME_DISMOUNT\n") );
break;
}
default : // security
{
break;
}
} // End switch ( Reason )
DBG_PRINT( DbgOutput, DBG_DETACH_INSTANCE, (PRINT_TAG_DETACH "Detaching [%wZ] (%wZ) %wZ\n", &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName, &VolumeProperties->FileSystemDriverName ) );
#endif // End #if DBG
}
/*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*
*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*/
#if ENABLE_USER_INTERFACE
NTSTATUS
cfsd_UserModeConnect( IN PFLT_PORT ClientPort,
IN PVOID ServerPortCookie,
IN PVOID ConnectionContext,
IN ULONG SizeOfContext,
OUT PVOID *ConnectionCookie )
{
UNREFERENCED_PARAMETER( ServerPortCookie );
UNREFERENCED_PARAMETER( ConnectionContext );
UNREFERENCED_PARAMETER( SizeOfContext);
UNREFERENCED_PARAMETER( ConnectionCookie );
gUserModeConnection.UserProcess = PsGetCurrentProcess();
gUserModeConnection.ClientPort = ClientPort;
DBG_PRINT( DbgOutput, DBG_USERMODE, (PRINT_TAG_USERMODE "Created ClientPort 0x%X in Process 0x%X\n", gUserModeConnection.ClientPort, gUserModeConnection.UserProcess ) );
return STATUS_SUCCESS;
}
/*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*
*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*/
VOID
cfsd_UserModeDisconnect( IN PVOID ConnectionCookie )
{
UNREFERENCED_PARAMETER( ConnectionCookie );
DBG_PRINT( DbgOutput, DBG_USERMODE, (PRINT_TAG_USERMODE "Closed ClientPort 0x%X in Process 0x%X\n", gUserModeConnection.ClientPort, gUserModeConnection.UserProcess ) );
// Close our handle to the connection
FltCloseClientPort( gFilterPointer, &gUserModeConnection.ClientPort );
// Reset our UserProcess field
gUserModeConnection.UserProcess = NULL;
}
/*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*
*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*/
NTSTATUS
cfsd_UserModeCommunication( IN PVOID ConnectionCookie,
IN PVOID InputBuffer OPTIONAL,
IN ULONG InputBufferSize,
OUT PVOID OutputBuffer OPTIONAL,
IN ULONG OutputBufferSize,
OUT PULONG ReturnOutputBufferLength )
{
STRING FNameString;
#if FILTER_BY_NAME
DBG_PRINT( DbgOutput, DBG_USERMODE, (PRINT_TAG_USERMODE "File Name from USER MODE to hide (%s) [%d]\n", InputBuffer, InputBufferSize ) );
/*
!!!!!!!!!!!!!!!
ALL TEMP CODE SO YOU CAN TEST THE DRIVER FROM USER MODE WITHOUT HAVING TO RECOMPILE TO CHANGE A FILE NAME
!!!!!!!!!!!!!!
*/
try
{
RtlInitAnsiString( &FNameString, InputBuffer );
RtlAnsiStringToUnicodeString( &uFName, &FNameString, TRUE );
RtlUpcaseUnicodeString( &uFName, &uFName, FALSE );
gFileData->NameInfo.Name = uFName;
// By not calling this we are going to leak memory everytime user mode makes a file name change. This is just a kludge
// to let user mode experiement with file names
// RtlFreeUnicodeString(&uFName);
}
except( EXCEPTION_EXECUTE_HANDLER )
{
return GetExceptionCode();
}
#endif // End #if FILTER_BY_NAME
return STATUS_SUCCESS;
}
#endif // End #if ENABLE_USER_INTERFACE
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -