📄 fstpm.h
字号:
/*++
Copyright (c) 2004 By LiGen , All right reserved
Module Name:
fstpm.h
Abstract:
head file of fstpm.cpp
Environment:
Windows XP, Compiler Ver > 13.00
Notes:
Revision History:
created: 16:7:2004
Author:
李根 13574849558@hnmcc.com
--*/
#ifndef FSTPM_H
#define FSTPM_H
extern "C"{
#include <NTDDK.h>
#include "ntifs.h"
#include <stdio.h>
}
#define TAGS 'mpt'
#define BYTE unsigned char
#define WORD unsigned short
#define BOOL LONG
// #define DBGHEAD() FsTPM_DbgPrint("FileSpy %s %s:%d -> :",__FUNCDNAME__,__FILE__,__LINE__)
#define DBGHEAD() KdPrint(("FsTPM %s:%d -> :",__FILE__ ,__LINE__ ))
#define FsTPM_DbgPrint(x) DBGHEAD();KdPrint(x)
// define our device types
typedef enum {
GUIINTERFACE,
STANDARD,
NPFS,
MSFS,
} FSTPM_DEVICE_TYPE, *PFSTPM_DEVICE_TYPE;
typedef struct _VCB{
PDEVICE_OBJECT RealDevice;
PDEVICE_OBJECT NextLowerDevice;
PVPB pVpb;
}VCB,*PVCB;
//
// A structure representing the instance information associated with
// a particular device
//
typedef struct _DEVICE_EXTENSION{
FSTPM_DEVICE_TYPE Type;
unsigned char LogicalDrive;
BOOLEAN Hooked;
VCB Vcb;
PDRIVER_OBJECT thisDriver;
} HOOK_EXTENSION, *PHOOK_EXTENSION;
#define MASK_ENCRYPT_PROTECT 0x1
#define MASK_STATIC_PROTECT 0x2
#define MASK_CHECK_PROTECT 0x4
#define IS_ENCRYPT_PROTECT(x) ((x) & MASK_ENCRYPT_PROTECT)
#define IS_STATIC_PROTECT(x) ((x) & MASK_STATIC_PROTECT)
#define IS_CHECK_PROTECT(x) ((x) & MASK_CHECK_PROTECT)
#define SET_ENCENCRYPT_PROTECT(x) ((x) | MASK_ENCRYPT_PROTECT)
#define SET_STATIC_PROTECT(x) ((x) | MASK_STATIC_PROTECT)
#define SET_CHECK_PROTECT(x) ((x) | MASK_CHECK_PROTECT)
#define CLEAR_ENCENCRYPT_PROTECT(x) ((x) & (~MASK_ENCRYPT_PROTECT))
#define CLEAR_STATIC_PROTECT(x) ((x) & (~MASK_STATIC_PROTECT))
#define CLEAR_CHECK_PROTECT(x) ((x) & (~MASK_CHECK_PROTECT))
#define HASH_LENGTH 20 // hash值的长度,以Byte为单位
typedef enum _ENCRYPTED_STATUS {
NotChecked, // 表示还没有进行过是否是加密文件的检查
Encrypted, // 表示已经进行过加密文件检查,并确认已经加过密
NotEncrypted // 表示已经进行过加密文件检查,并确认还没有进行加密
}ENCRYPTED_STATUS;
//
// Maximum path length of pathname. This is larger than Win32 maxpath
// because network drives have leading paths
//
#define MAXPATHLEN 256
//
// 受保护文件的结构
//
typedef struct _FILE_PROTECT_LIST_ITEM* PFILE_PROTECT_LIST_ITEM;
typedef struct _FILE_PROTECT_LIST_ITEM
{
WCHAR ProtectedFileName[MAXPATHLEN];
LONG ProtectedFlag; // 保存一个掩码值,表示对受保护的文件采用何种保护方法
BYTE Hash[ HASH_LENGTH ]; // 160bits Hash值
ENCRYPTED_STATUS Encrypted_Check_Status;
LONG FileRealLength; // 文件经过加密后,文件长度有可能变长,故,我们得维护真实的文件长度
}FILE_PROTECT_LIST_ITEM;
#define MAX_LIST_ITEM_NUM 100
typedef struct _TLIST
{
PFILE_PROTECT_LIST_ITEM *head;
ULONG MaxNum;
ULONG Count;
FAST_MUTEX mutex;
}TLIST, *PTLIST;
#include "List.h"
#define ENCRYPT_KEY_MAX_LENGTH 256
//
// 驱动程序控制块,标示当前驱动的保护状态
//
typedef struct _FSTPM_CONTROL_BLOCK
{
TLIST FileProtectList;
BOOL EnableEncryptProtect;
BOOL EnableStaticProtect;
BOOL EnableCheckProtect;
BYTE EncryptKey[ ENCRYPT_KEY_MAX_LENGTH ];
ULONG KeyLength;
}FSTPM_CONTROL_BLOCK, *PFSTPM_CONTROL_BLOCK;
//
// Max length of NT process name
//
#define NT_PROCNAMELEN 256
#define SYSNAME "System"
//
// define max tranfer size at a time
#define MAX_TRANSFER_SIZE (0x10000)
NTSTATUS CreateDevice (
IN PDRIVER_OBJECT pDriverObject
) ;
VOID FsTPMUnload (
IN PDRIVER_OBJECT pDriverObject
) ;
NTSTATUS
FsTPMDispatch(
IN PDEVICE_OBJECT pDeviceObject,
IN PIRP pIrp
);
VOID
ReadParamFromReg (
IN PUNICODE_STRING RegistryPath,
IN PDRIVER_OBJECT DriverObject
);
extern "C"{
NTSYSAPI
NTSTATUS
NTAPI
NtClose(
IN HANDLE Handle
);
NTKERNELAPI
NTSTATUS
SeDeleteAccessState(
IN PACCESS_STATE AccessState
);
}
#endif
extern "C"{
#include "Controlcode.h"
#include "HookDevice.h"
#include "DebugPrint.h"
#include "FASTIO.h"
#include "FSTPMString.h"
#include "Global.h"
#include "SpecialIOFunction.h"
#include "hash.h"
#include "Create.h"
#include "Setinformation.h"
#include "write.h"
#include "read.h"
#include "queryInformation.h"
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -