queryinformation.cpp

来自「一个过滤层文件系统驱动的完整代码,实现了文件的加密,操作截获等」· C++ 代码 · 共 72 行

/********************************************************************
	created:	2003/08/10
	created:	10:8:2003   9:48
	filename: 	g:\temp\FsTPM\FsTPM\FsTPM\QUERYINFORMATION.cpp
	file path:	g:\temp\FsTPM\FsTPM\FsTPM
	file base:	QUERYINFORMATION
	file ext:	cpp
	author:		Supermi
	
	purpose:	
*********************************************************************/
#include "FsTPM.h"

NTSTATUS 
FsTPMQueryInformationRoutine( 
					PDEVICE_OBJECT pHookDevice, 
					IN PIRP pIrp 
					)
{
	// 
	// 获得当前堆栈，以及下一个处理IRP的堆栈
	//
	PIO_STACK_LOCATION  pCurrentIrpStack = IoGetCurrentIrpStackLocation(pIrp);
	PIO_STACK_LOCATION  pNextIrpStack    = IoGetNextIrpStackLocation(pIrp);
	//
	// 指向我定义的扩展结构，该结构中包括了我所需要的关于下层文件系统的信息
	//
	PHOOK_EXTENSION     pHookExt=(PHOOK_EXTENSION)pHookDevice->DeviceExtension;

	PFILE_OBJECT        pFileObject=pCurrentIrpStack->FileObject;

	PDEVICE_OBJECT		pNextLowerDevice=pHookExt->Vcb.NextLowerDevice;


	if (pHookExt->Type==GUIINTERFACE)
	{
		pIrp->IoStatus.Information = 0;
		pIrp->IoStatus.Status = STATUS_SUCCESS;

		IoCompleteRequest( pIrp, IO_NO_INCREMENT );
		return STATUS_SUCCESS;
	}


	WCHAR   USName[256];

	UNICODE_STRING UniSource;

	RtlInitUnicodeString(&UniSource,USName);
	
	UniSource.MaximumLength=512;

	NTSTATUS ntStatus=GetFileFullNameByQuery(&UniSource,pHookExt,pFileObject);
	if (!NT_SUCCESS(ntStatus))
	{
		FsTPM_DbgPrint(("Get file name by Query Failed In IRP_MJ_QUERY_INFORMATION: "));
		ErrorString(ntStatus);
		return ntStatus;
	}
	UpperWordW(UniSource.Buffer);
	
	FsTPM_DbgPrint(("IRP_QUERYINFO: %S\n",UniSource.Buffer));

	IoSkipCurrentIrpStackLocation(pIrp);

	ntStatus=IoCallDriver( pNextLowerDevice, pIrp );

	return ntStatus;

}