📄 ntdriver.c
字号:
}
else
{
MOUNT_LIST_STRUCT *list = (MOUNT_LIST_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
PDEVICE_OBJECT ListDevice;
DriverMutexWait ();
list->ulMountedDrives = 0;
for (ListDevice = DeviceObject->DriverObject->DeviceObject;
ListDevice != (PDEVICE_OBJECT) NULL; ListDevice = ListDevice->NextDevice)
{
PEXTENSION ListExtension = (PEXTENSION) ListDevice->DeviceExtension;
if (!ListExtension->bRootDevice
&& !ListExtension->IsDriveFilterDevice
&& !ListExtension->bShuttingDown
&& ListExtension->lMagicNumber == 0xabfeacde)
{
list->ulMountedDrives |= (1 << ListExtension->nDosDriveNo);
wcscpy (list->wszVolume[ListExtension->nDosDriveNo], ListExtension->wszVolume);
list->diskLength[ListExtension->nDosDriveNo] = ListExtension->DiskLength;
list->ea[ListExtension->nDosDriveNo] = ListExtension->cryptoInfo->ea;
if (ListExtension->cryptoInfo->hiddenVolume)
list->volumeType[ListExtension->nDosDriveNo] = PROP_VOL_TYPE_HIDDEN; // Hidden volume
else if (ListExtension->cryptoInfo->bHiddenVolProtectionAction)
list->volumeType[ListExtension->nDosDriveNo] = PROP_VOL_TYPE_OUTER_VOL_WRITE_PREVENTED; // Normal/outer volume (hidden volume protected AND write already prevented)
else if (ListExtension->cryptoInfo->bProtectHiddenVolume)
list->volumeType[ListExtension->nDosDriveNo] = PROP_VOL_TYPE_OUTER; // Normal/outer volume (hidden volume protected)
else
list->volumeType[ListExtension->nDosDriveNo] = PROP_VOL_TYPE_NORMAL; // Normal volume
}
}
DriverMutexRelease ();
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = sizeof (MOUNT_LIST_STRUCT);
}
break;
case TC_IOCTL_LEGACY_GET_MOUNTED_VOLUMES:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (uint32))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
// Prevent the user from downgrading to versions lower than 5.0 by faking mounted volumes.
// The user could render the system unbootable by downgrading when boot encryption
// is active or being set up.
*(uint32 *) Irp->AssociatedIrp.SystemBuffer = 0xffffFFFF;
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = irpSp->Parameters.DeviceIoControl.OutputBufferLength;
}
break;
case TC_IOCTL_GET_VOLUME_PROPERTIES:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (VOLUME_PROPERTIES_STRUCT)
|| !DeviceObject || !DeviceObject->DriverObject)
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
VOLUME_PROPERTIES_STRUCT *prop = (VOLUME_PROPERTIES_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
PDEVICE_OBJECT ListDevice;
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
Irp->IoStatus.Information = 0;
DriverMutexWait ();
for (ListDevice = DeviceObject->DriverObject->DeviceObject;
ListDevice != (PDEVICE_OBJECT) NULL; ListDevice = ListDevice->NextDevice)
{
PEXTENSION ListExtension = (PEXTENSION) ListDevice->DeviceExtension;
if (!ListExtension->bRootDevice
&& !ListExtension->IsDriveFilterDevice
&& !ListExtension->bShuttingDown
&& ListExtension->nDosDriveNo == prop->driveNo)
{
prop->uniqueId = ListExtension->UniqueVolumeId;
wcscpy (prop->wszVolume, ListExtension->wszVolume);
prop->diskLength = ListExtension->DiskLength;
prop->ea = ListExtension->cryptoInfo->ea;
prop->mode = ListExtension->cryptoInfo->mode;
prop->pkcs5 = ListExtension->cryptoInfo->pkcs5;
prop->pkcs5Iterations = ListExtension->cryptoInfo->noIterations;
prop->volumeCreationTime = ListExtension->cryptoInfo->volume_creation_time;
prop->headerCreationTime = ListExtension->cryptoInfo->header_creation_time;
prop->readOnly = ListExtension->bReadOnly;
prop->hiddenVolume = ListExtension->cryptoInfo->hiddenVolume;
if (ListExtension->cryptoInfo->bProtectHiddenVolume)
prop->hiddenVolProtection = ListExtension->cryptoInfo->bHiddenVolProtectionAction ? HIDVOL_PROT_STATUS_ACTION_TAKEN : HIDVOL_PROT_STATUS_ACTIVE;
else
prop->hiddenVolProtection = HIDVOL_PROT_STATUS_NONE;
prop->totalBytesRead = ListExtension->Queue.TotalBytesRead;
prop->totalBytesWritten = ListExtension->Queue.TotalBytesWritten;
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = sizeof (VOLUME_PROPERTIES_STRUCT);
break;
}
}
DriverMutexRelease ();
}
break;
case TC_IOCTL_GET_RESOLVED_SYMLINK:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (RESOLVE_SYMLINK_STRUCT))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
RESOLVE_SYMLINK_STRUCT *resolve = (RESOLVE_SYMLINK_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
{
NTSTATUS ntStatus;
ntStatus = SymbolicLinkToTarget (resolve->symLinkName,
resolve->targetName,
sizeof (resolve->targetName));
Irp->IoStatus.Information = sizeof (RESOLVE_SYMLINK_STRUCT);
Irp->IoStatus.Status = ntStatus;
}
}
break;
case TC_IOCTL_GET_DRIVE_PARTITION_INFO:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (DISK_PARTITION_INFO_STRUCT))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
DISK_PARTITION_INFO_STRUCT *info = (DISK_PARTITION_INFO_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
{
PARTITION_INFORMATION_EX pi;
NTSTATUS ntStatus;
ntStatus = TCDeviceIoControl (info->deviceName, IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &pi, sizeof (pi));
if (NT_SUCCESS(ntStatus))
{
memset (&info->partInfo, 0, sizeof (info->partInfo));
info->partInfo.PartitionLength = pi.PartitionLength;
info->partInfo.PartitionNumber = pi.PartitionNumber;
info->partInfo.StartingOffset = pi.StartingOffset;
if (pi.PartitionStyle == PARTITION_STYLE_MBR)
info->partInfo.PartitionType = pi.Mbr.PartitionType;
info->IsGPT = pi.PartitionStyle == PARTITION_STYLE_GPT;
}
else
{
// Windows 2000 does not support IOCTL_DISK_GET_PARTITION_INFO_EX
ntStatus = TCDeviceIoControl (info->deviceName, IOCTL_DISK_GET_PARTITION_INFO, NULL, 0, &info->partInfo, sizeof (info->partInfo));
info->IsGPT = FALSE;
}
Irp->IoStatus.Information = sizeof (DISK_PARTITION_INFO_STRUCT);
Irp->IoStatus.Status = ntStatus;
}
}
break;
case TC_IOCTL_GET_DRIVE_GEOMETRY:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (DISK_GEOMETRY_STRUCT))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
DISK_GEOMETRY_STRUCT *g = (DISK_GEOMETRY_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
{
NTSTATUS ntStatus;
ntStatus = TCDeviceIoControl (g->deviceName,
IOCTL_DISK_GET_DRIVE_GEOMETRY,
NULL, 0, &g->diskGeometry, sizeof (g->diskGeometry));
Irp->IoStatus.Information = sizeof (DISK_GEOMETRY_STRUCT);
Irp->IoStatus.Status = ntStatus;
}
}
break;
case TC_IOCTL_PROBE_REAL_DRIVE_SIZE:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (ProbeRealDriveSizeRequest))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
ProbeRealDriveSizeRequest *request = (ProbeRealDriveSizeRequest *) Irp->AssociatedIrp.SystemBuffer;
NTSTATUS status;
UNICODE_STRING name;
PFILE_OBJECT fileObject;
PDEVICE_OBJECT deviceObject;
RtlInitUnicodeString (&name, request->DeviceName);
status = IoGetDeviceObjectPointer (&name, FILE_READ_ATTRIBUTES, &fileObject, &deviceObject);
if (!NT_SUCCESS (status))
{
Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = status;
break;
}
status = ProbeRealDriveSize (deviceObject, &request->RealDriveSize);
ObDereferenceObject (fileObject);
if (status == STATUS_TIMEOUT)
{
request->TimeOut = TRUE;
Irp->IoStatus.Information = sizeof (ProbeRealDriveSizeRequest);
Irp->IoStatus.Status = STATUS_SUCCESS;
}
else if (!NT_SUCCESS (status))
{
Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = status;
}
else
{
request->TimeOut = FALSE;
Irp->IoStatus.Information = sizeof (ProbeRealDriveSizeRequest);
Irp->IoStatus.Status = status;
}
}
break;
case TC_IOCTL_MOUNT_VOLUME:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (MOUNT_STRUCT))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
MOUNT_STRUCT *mount = (MOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
DriverMutexWait ();
Irp->IoStatus.Information = sizeof (MOUNT_STRUCT);
Irp->IoStatus.Status = MountDevice (DeviceObject, mount);
DriverMutexRelease ();
burn (&mount->VolumePassword, sizeof (mount->VolumePassword));
burn (&mount->ProtectedHidVolPassword, sizeof (mount->ProtectedHidVolPassword));
}
break;
case TC_IOCTL_DISMOUNT_VOLUME:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (UNMOUNT_STRUCT)
|| !DeviceObject || !DeviceObject->DriverObject)
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
UNMOUNT_STRUCT *unmount = (UNMOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
PDEVICE_OBJECT ListDevice;
unmount->nReturnCode = ERR_DRIVE_NOT_FOUND;
for (ListDevice = DeviceObject->DriverObject->DeviceObject;
ListDevice != (PDEVICE_OBJECT) NULL;
ListDevice = ListDevice->NextDevice)
{
PEXTENSION ListExtension = (PEXTENSION) ListDevice->DeviceExtension;
if (!ListExtension->bRootDevice
&& !ListExtension->IsDriveFilterDevice
&& !ListExtension->bShuttingDown
&& unmount->nDosDriveNo == ListExtension->nDosDriveNo)
{
DriverMutexWait ();
unmount->nReturnCode = UnmountDevice (ListDevice, unmount->ignoreOpenFiles);
DriverMutexRelease ();
break;
}
}
Irp->IoStatus.Information = sizeof (UNMOUNT_STRUCT);
Irp->IoStatus.Status = STATUS_SUCCESS;
}
break;
case TC_IOCTL_DISMOUNT_ALL_VOLUMES:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (UNMOUNT_STRUCT))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
UNMOUNT_STRUCT *unmount = (UNMOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
unmount->nReturnCode = UnmountAllDevices (DeviceObject, unmount->ignoreOpenFiles);
Irp->IoStatus.Information = sizeof (UNMOUNT_STRUCT);
Irp->IoStatus.Status = STATUS_SUCCESS;
}
break;
case TC_IOCTL_BOOT_ENCRYPTION_SETUP:
DriverMutexWait ();
Irp->IoStatus.Status = StartBootEncryptionSetup (DeviceObject, Irp, irpSp);
Irp->IoStatus.Information = 0;
DriverMutexRelease ();
break;
case TC_IOCTL_ABORT_BOOT_ENCRYPTION_SETUP:
DriverMutexWait ();
Irp->IoStatus.Status = AbortBootEncryptionSetup();
Irp->IoStatus.Information = 0;
DriverMutexRelease ();
break;
case TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS:
DriverMutexWait ();
GetBootEncryptionStatus (Irp, irpSp);
DriverMutexRelease ();
break;
case TC_IOCTL_GET_BOOT_ENCRYPTION_SETUP_RESULT:
Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = GetSetupResult();
break;
case TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES:
DriverMutexWait ();
GetBootDriveVolumeProperties (Irp, irpSp);
DriverMutexRelease ();
break;
case TC_IOCTL_GET_BOOT_LOADER_VERSION:
DriverMutexWait ();
GetBootLoaderVersion (Irp, irpSp);
DriverMutexRelease ();
break;
case TC_IOCTL_REOPEN_BOOT_VOLUME_HEADER:
DriverMutexWait ();
ReopenBootVolumeHeader (Irp, irpSp);
DriverMutexRelease ();
break;
case TC_IOCTL_GET_BOOT_ENCRYPTION_ALGORITHM_NAME:
DriverMutexWait ();
GetBootEncryptionAlgorithmName (Irp, irpSp);
DriverMutexRelease ();
break;
default:
return TCCompleteIrp (Irp, STATUS_INVALID_DEVICE_REQUEST, 0);
}
#ifdef DEBUG
if (!NT_SUCCESS (Irp->IoStatus.Status))
{
switch (irpSp->Parameters.DeviceIoControl.IoControlCode)
{
case TC_IOCTL_GET_MOUNTED_VOLUMES:
case TC_IOCTL_GET_PASSWORD_CACHE_STATUS:
case TC_IOCTL_GET_TRAVELER_MODE_STATUS:
case TC_IOCTL_SET_TRAVELER_MODE_STATUS:
case TC_IOCTL_OPEN_TEST:
case TC_IOCTL_GET_RESOLVED_SYMLINK:
case TC_IOCTL_GET_DRIVE_PARTITION_INFO:
case TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES:
case TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS:
break;
default:
Dump ("IOCTL error 0x%08x\n", Irp->IoStatus.Status);
}
}
#endif
return TCCompleteIrp (Irp, Irp->IoStatus.Status, Irp->IoStatus.Information);
}
NTSTATUS TCStartThread (PKSTART_ROUTINE threadProc, PVOID threadArg, PKTHREAD *kThread)
{
return TCStartThreadInProcess (threadProc, threadArg, kThread, NULL);
}
NTSTATUS TCStartThreadInProcess (PKSTART_ROUTINE threadProc, PVOID threadArg, PKTHREAD *kThread, PEPROCESS process)
{
NTSTATUS status;
HANDLE threadHandle;
HANDLE processHandle = NULL;
OBJECT_ATTRIBUTES threadObjAttributes;
if (process)
{
status = ObOpenObjectByPointer (process, OBJ_KERNEL_HANDLE, NULL, 0, NULL, KernelMode, &processHandle);
if (!NT_SUCCESS (status))
return status;
}
InitializeObjectAttributes (&threadObjAttributes, NULL, OBJ_KERNEL_HANDLE, NULL, NULL);
status = PsCreateSystemThread (&threadHandle, THREAD_ALL_ACCESS, &threadObjAttributes, processHandle, NULL, threadProc, threadArg);
if (!NT_SUCCESS (status))
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -