📄 eddrv.c
字号:
if( fileObject->FileName.Buffer[0] != L'\\' ) {
while( relatedFileObject ) {
*(pathOffset - 1) = '\\';
pathOffset -= relatedFileObject->FileName.Length/2 + 1;
if( pathOffset <= fullPathName ) {
break;
}
RtlUnicodeStringToAnsiString( &componentName,
&relatedFileObject->FileName, TRUE );
strncpy( pathOffset, componentName.Buffer,
componentName.Length );
RtlFreeAnsiString( &componentName );
relatedFileObject = relatedFileObject->RelatedFileObject;
}
}
if( pathLen > 3 && fullPathName[2] == '\\' && fullPathName[3] == '\\' ) {
strcpy( fullPathName + 2, fullPathName + 3 );
}
} else {
fileNameInfo = (PFILE_NAME_INFORMATION) ExAllocatePool( NonPagedPool, MAXPATHLEN*2 );
if( fileNameInfo &&
EDDrvQueryFileName(hookExt->FileSystem, fileObject, fileNameInfo,
(MAXPATHLEN-3)*2 + 4 )) {
fullUniName.Length = (SHORT) fileNameInfo->FileNameLength;
fullUniName.Buffer = fileNameInfo->FileName;
RtlUnicodeStringToAnsiString( &componentName, &fullUniName, TRUE );
fullPathName[ componentName.Length + prefixLen ] = 0;
if( hookExt->Type == NPFS ) {
strcpy( fullPathName, NAMED_PIPE_PREFIX );
memcpy( &fullPathName[NAMED_PIPE_PREFIX_LENGTH], componentName.Buffer, componentName.Length );
} else if( hookExt->Type == MSFS ) {
strcpy( fullPathName, MAIL_SLOT_PREFIX );
memcpy( &fullPathName[MAIL_SLOT_PREFIX_LENGTH], componentName.Buffer, componentName.Length );
} else {
sprintf( fullPathName, "%C:", hookExt->LogicalDrive );
memcpy( &fullPathName[2], componentName.Buffer, componentName.Length );
}
RtlFreeAnsiString( &componentName );
} else {
if( hookExt->Type == NPFS ) {
strcpy( fullPathName, NAMED_PIPE_PREFIX "\\???" );
} else if( hookExt->Type == MSFS ) {
strcpy( fullPathName, MAIL_SLOT_PREFIX "\\???" );
} else {
sprintf( fullPathName, "%C: ???", hookExt->LogicalDrive );
}
}
ExFreePool( fileNameInfo );
pathLen = strlen( fullPathName );
}
if( pathLen > 5 && fullPathName[4] == ':' && fullPathName[5] == '\\') {
strcpy( fullPathName, fullPathName + 3 );
}
ExAcquireResourceExclusiveLite( &HashResource, TRUE );
if( FreeHashList ) {
newEntry = FreeHashList;
FreeHashList = newEntry->Next;
} else {
newEntry = ExAllocatePool( NonPagedPool, sizeof(HASH_ENTRY ));
}
if( newEntry ) {
newEntry->FileObject = fileObject;
newEntry->FullPathName = ExAllocatePool( NonPagedPool, strlen(fullPathName)+1);
if( !newEntry->FullPathName ) {
newEntry->Next = FreeHashList;
FreeHashList = newEntry;
} else {
strcpy( newEntry->FullPathName, fullPathName );
newEntry->Next = HashTable[ HASHOBJECT(fileObject) ];
HashTable[ HASHOBJECT(fileObject) ] = newEntry;
}
}
ExReleaseResourceLite( &HashResource );
}
BOOLEAN HookDrive( IN char Drive, IN PDRIVER_OBJECT DriverObject )
{
IO_STATUS_BLOCK ioStatus;
HANDLE ntFileHandle;
OBJECT_ATTRIBUTES objectAttributes;
PDEVICE_OBJECT fileSysDevice;
PDEVICE_OBJECT hookDevice;
UNICODE_STRING fileNameUnicodeString;
WCHAR filename[] = L"\\DosDevices\\A:\\";
NTSTATUS ntStatus;
ULONG i;
PFILE_OBJECT fileObject;
PHOOK_EXTENSION hookExtension;
if ( Drive >= 'a' && Drive <= 'z' ) {
Drive -= 'a';
} else {
Drive -= 'A';
}
if ( (unsigned char) Drive >= 26 ) {
return FALSE;
}
if ( LDriveDevices[Drive] == NULL ) {
filename[12] = 'A'+Drive;
RtlInitUnicodeString( &fileNameUnicodeString, filename );
InitializeObjectAttributes( &objectAttributes, &fileNameUnicodeString,
OBJ_CASE_INSENSITIVE, NULL, NULL );
ntStatus = ZwCreateFile( &ntFileHandle, SYNCHRONIZE|FILE_ANY_ACCESS,
&objectAttributes, &ioStatus, NULL, 0, FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE,
NULL, 0 );
if( !NT_SUCCESS( ntStatus ) ) {
return FALSE;
}
ntStatus = ObReferenceObjectByHandle( ntFileHandle, FILE_READ_DATA,
NULL, KernelMode, &fileObject, NULL );
if( !NT_SUCCESS( ntStatus )) {
ZwClose( ntFileHandle );
return FALSE;
}
fileSysDevice = IoGetRelatedDeviceObject( fileObject );
if ( ! fileSysDevice ) {
ObDereferenceObject( fileObject );
ZwClose( ntFileHandle );
return FALSE;
}
for( i = 0; i < 26; i++ ) {
if( LDriveDevices[i] == fileSysDevice ) {
ObDereferenceObject( fileObject );
ZwClose( ntFileHandle );
LDriveMap[ Drive ] = LDriveMap[i];
LDriveDevices[ Drive ] = fileSysDevice;
return TRUE;
}
}
ntStatus = IoCreateDevice( DriverObject,
sizeof(HOOK_EXTENSION),
NULL,
fileSysDevice->DeviceType,
0,
FALSE,
&hookDevice );
if ( !NT_SUCCESS(ntStatus) ) {
ObDereferenceObject( fileObject );
ZwClose( ntFileHandle );
return FALSE;
}
hookDevice->Flags &= ~DO_DEVICE_INITIALIZING;
hookExtension = hookDevice->DeviceExtension;
hookExtension->LogicalDrive = 'A'+Drive;
hookExtension->FileSystem = fileSysDevice;
hookExtension->Type = STANDARD;
ntStatus = IoAttachDeviceByPointer( hookDevice, fileSysDevice );
if ( !NT_SUCCESS(ntStatus) ) {
ObDereferenceObject( fileObject );
ZwClose( ntFileHandle );
return FALSE;
} else {
if( !LDriveMap[ Drive ] ) {
LDriveMap[ Drive ] = ++LDriveGroup;
}
}
ObDereferenceObject( fileObject );
ZwClose( ntFileHandle );
LDriveDevices[Drive] = hookDevice;
}
return TRUE;
}
BOOLEAN UnhookDrive( IN char Drive )
{
PHOOK_EXTENSION hookExt;
if ( Drive >= 'a' && Drive <= 'z' ) {
Drive -= 'a';
} else {
Drive -= 'A';
}
if ( LDriveDevices[Drive] ) {
hookExt = LDriveDevices[Drive]->DeviceExtension;
IoDetachDevice( hookExt->FileSystem );
IoDeleteDevice( LDriveDevices[Drive] );
LDriveDevices[Drive] = NULL;
}
return TRUE;
}
ULONG HookDriveSet( IN ULONG DriveSet, IN PDRIVER_OBJECT DriverObject )
{
ULONG drive, i;
ULONG bit;
for ( drive = 0; drive < 26; ++drive ) {
bit = 1 << drive;
if ( bit & DriveSet ) {
if ( ! HookDrive( (char)('A'+drive), DriverObject ) ) {
DriveSet &= ~bit;
} else {
for( i = 0; i < 26; i++ ) {
if( LDriveMap[i] == LDriveMap[ drive ] &&
!LDriveDevices[i] ) {
DriveSet |= ( 1<<i );
LDriveDevices[i] = LDriveDevices[drive];
}
}
}
} else {
if ( ! UnhookDrive( (char)('A'+drive) ) ) {
DriveSet |= bit;
} else {
for( i = 0; i< 26; i++ ) {
if( LDriveMap[i] == LDriveMap[ drive ] &&
LDriveDevices[i] ) {
DriveSet &= ~(1 << i);
LDriveDevices[i] = NULL;
}
}
}
}
}
return DriveSet;
}
BOOLEAN EDDrvFastIoCheckifPossible( IN PFILE_OBJECT FileObject, IN PLARGE_INTEGER FileOffset,
IN ULONG Length, IN BOOLEAN Wait, IN ULONG LockKey, IN BOOLEAN CheckForReadOperation,
OUT PIO_STATUS_BLOCK IoStatus, IN PDEVICE_OBJECT DeviceObject ) {
BOOLEAN retval = FALSE;
PHOOK_EXTENSION hookExt;
CHAR *fullPathName, name[PROCNAMELEN], errorBuf[ERRORLEN];
LARGE_INTEGER timeStampStart, timeStampComplete, timeResult;
if( !DeviceObject ) return FALSE;
hookExt = DeviceObject->DeviceExtension;
if( FASTIOPRESENT( hookExt, FastIoCheckIfPossible ) ) {
fullPathName = ExAllocatePool( NonPagedPool, MAXPATHLEN );
if( fullPathName ) {
EDDrvGetFullPath( FALSE, FileObject, hookExt, fullPathName );
}
retval = hookExt->FileSystem->DriverObject->FastIoDispatch->FastIoCheckIfPossible(
FileObject, FileOffset, Length,
Wait, LockKey, CheckForReadOperation, IoStatus, hookExt->FileSystem );
if ( fullPathName ) ExFreePool( fullPathName );
}
return retval;
}
BOOLEAN EDDrvFastIoRead( IN PFILE_OBJECT FileObject, IN PLARGE_INTEGER FileOffset,
IN ULONG Length, IN BOOLEAN Wait, IN ULONG LockKey, OUT PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus, IN PDEVICE_OBJECT DeviceObject ) {
BOOLEAN retval = FALSE;
PHOOK_EXTENSION hookExt;
CHAR *fullPathName, name[PROCNAMELEN], errorBuf[ERRORLEN];
LARGE_INTEGER timeStampStart, timeStampComplete, timeResult;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -