read.cpp

一个过滤层文件系统驱动的完整代码,实现了文件的加密,操作截获等

/********************************************************************
	created:	2003/08/09
	created:	9:8:2003   5:33
	filename: 	g:\temp\FsTPM\FsTPM\FsTPM\Read.cpp
	file path:	g:\temp\FsTPM\FsTPM\FsTPM
	file base:	Read
	file ext:	cpp
	author:		Supermi
	
	purpose:	
*********************************************************************/
#include "FsTPM.h"

NTSTATUS FsTPMReadCompleted(IN PDEVICE_OBJECT pHookDevice, IN PIRP pIrp, IN PVOID Context)
{
		PIO_STACK_LOCATION  pCurrentIrpStack = IoGetCurrentIrpStackLocation(pIrp);

		FsTPM_DbgPrint(("FsTPMReadCompleted\n"));

		char *pBuffer;

		if( pIrp->Flags & IRP_NOCACHE ||
			pIrp->Flags & IRP_PAGING_IO || 
			pIrp->Flags & IRP_SYNCHRONOUS_PAGING_IO )
		{
			DbgPrint("****************=================****************\n");
		}

		if (pHookDevice->Flags & DO_BUFFERED_IO)
		{
			DbgPrint("*************Read complete in BUFFER_IO\n");
			pBuffer=(char *)pIrp->AssociatedIrp.SystemBuffer;
		}
		else
		{
			if (pIrp->MdlAddress!=NULL)
			{
				DbgPrint("*************Read complete in Mdl\n");
				pBuffer = (char *)MmGetSystemAddressForMdl (pIrp->MdlAddress);
			}
			else
			{
				if (pIrp->UserBuffer!=NULL)
				{
					DbgPrint("*************Read complete in USERBUFFER\n");
					pBuffer=(char*)pIrp->UserBuffer;
				}
			}
		}
		
		if (!NT_SUCCESS(pIrp->IoStatus.Status))
			return STATUS_SUCCESS;

		int i, Len = pIrp->IoStatus.Information;
		DbgPrint("data in buffer readed  but not decrypt is:\n");
		for (i=0; i<Len; i++)
		{
			if(pBuffer[i] == 'c') pBuffer[i] = 'd';
		}
		
		if (pIrp->PendingReturned)
		{
			IoMarkIrpPending(pIrp);
		}

		return STATUS_SUCCESS; 
}

NTSTATUS 
FsTPMReadRoutine( 
					PDEVICE_OBJECT pHookDevice, 
					IN PIRP pIrp 
					)
{
	// 
	// 获得当前堆栈，以及下一个处理IRP的堆栈
	//
	PIO_STACK_LOCATION  pCurrentIrpStack = IoGetCurrentIrpStackLocation(pIrp);
	PIO_STACK_LOCATION  pNextIrpStack    = IoGetNextIrpStackLocation(pIrp);
	//
	// 指向我定义的扩展结构，该结构中包括了我所需要的关于下层文件系统的信息
	//
	PHOOK_EXTENSION     pHookExt=(PHOOK_EXTENSION)pHookDevice->DeviceExtension;

	PFILE_OBJECT        pFileObject=pCurrentIrpStack->FileObject;

	PDEVICE_OBJECT		pNextLowerDevice=pHookExt->Vcb.NextLowerDevice;

	NTSTATUS ntStatus;
	
	PFILE_PROTECT_LIST_ITEM pItem;
	
	WCHAR   USName[256]={ 0 };

	UNICODE_STRING CUSourceName;

	if (pHookExt->Type==GUIINTERFACE)
	{
		pIrp->IoStatus.Information = 0;
		pIrp->IoStatus.Status = STATUS_SUCCESS;

		IoCompleteRequest( pIrp, IO_NO_INCREMENT );
		return STATUS_SUCCESS;
	}


	_snwprintf(USName,256,L"A:");


	RtlInitUnicodeString(&CUSourceName,USName);

	CUSourceName.MaximumLength=512;

	ntStatus=GetFileFullNameByQuery(&CUSourceName,pHookExt,pFileObject);

	UpperWordW(CUSourceName.Buffer);

	FsTPM_DbgPrint(("IRP_READ: %S\n",CUSourceName.Buffer));

	if (IsSomeSpecialFile(CUSourceName.Buffer, pFileObject, pCurrentIrpStack))
		goto next_stack;

	if (!ProtectList_Is_In( &ProtectControlBlock.FileProtectList, CUSourceName.Buffer, &pItem))
		goto next_stack;


	if (ProtectControlBlock.EnableEncryptProtect && IS_ENCRYPT_PROTECT(pItem->ProtectedFlag))
	{
		/*
		IO_STATUS_BLOCK IoStatus;

        if (!NT_SUCCESS(IoStatus.Status))
		{
			pIrp->IoStatus = IoStatus;
			return IoStatus.Status;
		}
		*/
		
		IoCopyCurrentIrpStackLocationToNext(pIrp);

		IoSetCompletionRoutine(pIrp, FsTPMReadCompleted, pItem,TRUE,TRUE,TRUE);
		//MmUnlockPages(pIrp->MdlAddress);
		

		ntStatus=IoCallDriver( pNextLowerDevice, pIrp );
		return ntStatus;
	}

next_stack:

	IoSkipCurrentIrpStackLocation(pIrp);

	ntStatus=IoCallDriver( pNextLowerDevice, pIrp );

	return ntStatus;

}