📄 queryinformation.cpp
字号:
/********************************************************************
created: 2003/08/10
created: 10:8:2003 9:48
filename: g:\temp\FsTPM\FsTPM\FsTPM\QUERYINFORMATION.cpp
file path: g:\temp\FsTPM\FsTPM\FsTPM
file base: QUERYINFORMATION
file ext: cpp
author: Supermi
purpose:
*********************************************************************/
#include "FsTPM.h"
NTSTATUS
FsTPMQueryInformationRoutine(
PDEVICE_OBJECT pHookDevice,
IN PIRP pIrp
)
{
//
// 获得当前堆栈,以及下一个处理IRP的堆栈
//
PIO_STACK_LOCATION pCurrentIrpStack = IoGetCurrentIrpStackLocation(pIrp);
PIO_STACK_LOCATION pNextIrpStack = IoGetNextIrpStackLocation(pIrp);
//
// 指向我定义的扩展结构,该结构中包括了我所需要的关于下层文件系统的信息
//
PHOOK_EXTENSION pHookExt=(PHOOK_EXTENSION)pHookDevice->DeviceExtension;
PFILE_OBJECT pFileObject=pCurrentIrpStack->FileObject;
PDEVICE_OBJECT pNextLowerDevice=pHookExt->Vcb.NextLowerDevice;
if (pHookExt->Type==GUIINTERFACE)
{
pIrp->IoStatus.Information = 0;
pIrp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest( pIrp, IO_NO_INCREMENT );
return STATUS_SUCCESS;
}
WCHAR USName[256];
UNICODE_STRING UniSource;
RtlInitUnicodeString(&UniSource,USName);
UniSource.MaximumLength=512;
NTSTATUS ntStatus=GetFileFullNameByQuery(&UniSource,pHookExt,pFileObject);
if (!NT_SUCCESS(ntStatus))
{
FsTPM_DbgPrint(("Get file name by Query Failed In IRP_MJ_QUERY_INFORMATION: "));
ErrorString(ntStatus);
return ntStatus;
}
UpperWordW(UniSource.Buffer);
FsTPM_DbgPrint(("IRP_QUERYINFO: %S\n",UniSource.Buffer));
IoSkipCurrentIrpStackLocation(pIrp);
ntStatus=IoCallDriver( pNextLowerDevice, pIrp );
return ntStatus;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -