📄 getfullpath.txt
字号:
来自:bbs.driverdevelop.com, 楚狂人
以下是获取全路径的所有函数
PVOID
SpyGetFullPath(
PFILE_OBJECT fileobject
)
//----------------------------------------------------------------------
//
// SpyGetFullPath
//
// Takes a fileobject and filename and returns a canonical path,
// nicely formatted, in fullpathname.
//
//----------------------------------------------------------------------
{
NTSTATUS status= STATUS_SUCCESS;
UNICODE_STRING filename;
WCHAR namebuf[MAX_PATH];
UNICODE_STRING volname;
WCHAR volbuf[8];
PVOID path = NULL;
RtlInitEmptyUnicodeString(&filename, namebuf, MAX_NAME_SPACE);
RtlInitEmptyUnicodeString(&volname, volbuf, 8 * sizeof(WCHAR));
if( SpyGetFileName(fileobject, &filename) )
{
return NULL;
}
status = SpyGetVolumeName(fileobject, &volname);
if( !NT_SUCCESS(status) )
{
return NULL;
}
path = AllocStrWithUniStr(&volname);
if(path)
{
if(filename.Buffer[0] != L'\\')
{
AppendStrWithWideStr(path, L"\\");
}
AppendStrWithUniStr(path, &filename);
}
return path;
}
//
// Record: Add by lwf :07-07-25
// Purpose: get symbolic target unicode string
//
PVOID
SpyGetSymbolicUniStr(
PUNICODE_STRING symbolic
)
{
OBJECT_ATTRIBUTES attrib;
NTSTATUS status;
WCHAR buf[8];
WCHAR *dbuf = NULL;
UNICODE_STRING target;
PVOID targetret = NULL;
ULONG length;
HANDLE linkhandle;
InitializeObjectAttributes(
&attrib,
symbolic,
OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
NULL,NULL);
status = ZwOpenSymbolicLinkObject(
&linkhandle,
GENERIC_READ,
&attrib);
if( !NT_SUCCESS(status))
{
return NULL;
}
RtlInitEmptyUnicodeString(&target, buf, 8 * sizeof(WCHAR));
status = ZwQuerySymbolicLinkObject(
linkhandle,
&target,
&length);
if( status == STATUS_BUFFER_TOO_SMALL)
{
dbuf = ExAllocatePool(NonPagedPool, length + 2);
if( NULL == dbuf )
{
ZwClose(linkhandle);
return NULL;
}
RtlInitEmptyUnicodeString( &target, dbuf, length + 2);
status = ZwQuerySymbolicLinkObject(
linkhandle,
&target,
&length);
}
if(NT_SUCCESS(status))
{
targetret = AllocStrWithUniStr(&target);
}
if(NULL != dbuf)
{
FreeStr(dbuf);
}
ZwClose(linkhandle);
return targetret;
}
//
// Record: Add by lwf :07-07-25
// Purpose: get dos name
//
PVOID
SpyGetSymbolicTarget(
WCHAR* symbolic
)
{
PVOID sym;
PVOID ret;
if( NULL == symbolic )
{
return NULL;
}
sym = AllocStrWithWideStr(symbolic);
if( NULL == sym )
{
return NULL;
}
ret = SpyGetSymbolicUniStr(GetStrUniStr(sym));
FreeStr(sym);
return ret;
}
//
// Record: Add by lwf :07-07-24
// Purpose: get dos name
//
PVOID
SpyVolumeNameToDosName(
WCHAR* name
)
{
WCHAR volsyb[] = {L"\\DosDevices\\X:"};
UNICODE_STRING volname;
WCHAR c;
if(NULL == name)
{
return NULL;
}
RtlInitUnicodeString(&volname, name);
for( c = L'A' ; c < ('Z'+1); ++c )
{
PVOID mytarget = NULL;
volsyb[12] = c;
mytarget = SpyGetSymbolicTarget(volsyb);
if(mytarget != NULL &&
RtlCompareUnicodeString(GetStrUniStr(mytarget), &volname,TRUE) == 0)
{
FreeStr(mytarget);
break;
}
if(mytarget != NULL)
{
FreeStr(mytarget);
}
}
if(c == 'Z'+1)
{
return NULL;
}
else
{
return AllocStrWithWideStr(&volsyb[12]);
}
}
//
// Record: Add by lwf :07-07-24
// Purpose: get dos name
//
PVOID
SpyQueryObjName(
PVOID obj
)
{
NTSTATUS status;
UCHAR nibuf[512];
int len = MAX_PATH;
ULONG ret;
OBJECT_NAME_INFORMATION *name_infor =
(OBJECT_NAME_INFORMATION *)nibuf;
status = ObQueryNameString(obj, name_infor, 512, &ret);
if(NT_SUCCESS(status))
{
return AllocStrWithUniStr(&name_infor->Name);
}
else
{
return NULL;
}
}
//
// Record: Add by lwf :07-07-24
// Purpose: get dos name
//
PVOID
SpyGetDosName(
PDEVICE_OBJECT dev
)
{
PVOID volname = SpyQueryObjName(dev);
PVOID ret = NULL;
if( NULL == volname)
{
return NULL;
}
ret = SpyVolumeNameToDosName(GetStrBuf(volname));
FreeStr(volname);
return ret;
}
//
// Record: Add by lwf :07-07-24
// Purpose: get volume name
//
NTSTATUS
SpyGetVolumeName(
PFILE_OBJECT fileobject,
PUNICODE_STRING volname
)
{
NTSTATUS status = STATUS_SUCCESS;
PVOID pdosname = NULL;
pdosname = SpyGetDosName(fileobject->DeviceObject);
if(NULL == pdosname)
{
return STATUS_UNSUCCESSFUL;
}
RtlCopyUnicodeString(volname,GetStrUniStr(pdosname) );
FreeStr(pdosname);
return status;
}
//
// Record: Add by lwf :07-07-23
// Purpose: get object name
//
VOID
SpyGetObjectName(
PVOID obj,
PUNICODE_STRING name
)
{
NTSTATUS status;
char nibuf[512];
OBJECT_NAME_INFORMATION *name_infor = (OBJECT_NAME_INFORMATION*)nibuf;
ULONG ret;
status = ObQueryNameString(obj, name_infor, 512, &ret);
if(NT_SUCCESS(status))
{
RtlCopyUnicodeString(name, &name_infor->Name);
}
else
{
name->Length = 0;
}
}
//
// Record: add by lwf : 07-07-23
// Purpose: get file name
//
NTSTATUS
SpyGetFileName(
IN PFILE_OBJECT fileobject,
PUNICODE_STRING name
)
{
WCHAR *p = NULL;
WCHAR buf[MAX_PATH];
UNICODE_STRING temp;
int len;
RtlInitEmptyUnicodeString(&temp, buf, MAX_NAME_SPACE);
SpyGetObjectName((PVOID)fileobject, &temp);
KdPrint(("QueryFileName: [%wZ]\r\n", &temp));
if(temp.Length == 0)
{
return FALSE;
}
len = temp.Length / sizeof(WCHAR);
p = temp.Buffer;
p = wcschr( (const WCHAR*)(((UNICODE_STRING*)(&temp))->Buffer), L'\\');
if( p == NULL || ++p >= ((UNICODE_STRING*)(&temp))->Buffer + len)
{
return FALSE;
}
p = wcschr( p, L'\\');
if( p == NULL || ++p >= ((UNICODE_STRING*)(&temp))->Buffer + len)
{
return FALSE;
}
p = wcschr( p, L'\\');
if( p == NULL || (p+1) >= ((UNICODE_STRING*)(&temp))->Buffer + len)
{
return FALSE;
}
if(name->MaximumLength <= wcslen( p )*sizeof(WCHAR))
{
return FALSE;
}
name->Length = wcslen( p ) * sizeof(WCHAR);
wcscpy( name->Buffer , p);
return TRUE;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -