📄 ntdriver.c
字号:
}
else
{
ULONG outLength;
UNICODE_STRING ntUnicodeString;
WCHAR ntName[256];
PMOUNTDEV_NAME outputBuffer = (PMOUNTDEV_NAME) Irp->AssociatedIrp.SystemBuffer;
TCGetNTNameFromNumber (ntName, Extension->nDosDriveNo);
RtlInitUnicodeString (&ntUnicodeString, ntName);
outputBuffer->NameLength = ntUnicodeString.Length;
outLength = ntUnicodeString.Length + sizeof(USHORT);
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < outLength)
{
Irp->IoStatus.Information = sizeof (MOUNTDEV_NAME);
Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW;
break;
}
RtlCopyMemory ((PCHAR)outputBuffer->Name,ntUnicodeString.Buffer, ntUnicodeString.Length);
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = outLength;
Dump ("name = %ls\n",ntName);
}
break;
case IOCTL_MOUNTDEV_QUERY_UNIQUE_ID:
if(irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (MOUNTDEV_UNIQUE_ID))
{
Irp->IoStatus.Information = sizeof (MOUNTDEV_UNIQUE_ID);
Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW;
}
else
{
ULONG outLength;
UCHAR volId[128], tmp[] = { 0,0 };
PMOUNTDEV_UNIQUE_ID outputBuffer = (PMOUNTDEV_UNIQUE_ID) Irp->AssociatedIrp.SystemBuffer;
strcpy (volId, TC_UNIQUE_ID_PREFIX);
tmp[0] = 'A' + Extension->nDosDriveNo;
strcat (volId, tmp);
outputBuffer->UniqueIdLength = (USHORT) strlen (volId);
outLength = strlen (volId) + sizeof(USHORT);
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < outLength)
{
Irp->IoStatus.Information = sizeof (MOUNTDEV_UNIQUE_ID);
Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW;
break;
}
RtlCopyMemory ((PCHAR)outputBuffer->UniqueId, volId, strlen (volId));
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = outLength;
Dump ("id = %s\n",volId);
}
break;
case IOCTL_MOUNTDEV_QUERY_SUGGESTED_LINK_NAME:
{
ULONG outLength;
UNICODE_STRING ntUnicodeString;
WCHAR ntName[256];
PMOUNTDEV_SUGGESTED_LINK_NAME outputBuffer = (PMOUNTDEV_SUGGESTED_LINK_NAME) Irp->AssociatedIrp.SystemBuffer;
if(irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (MOUNTDEV_SUGGESTED_LINK_NAME))
{
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
Irp->IoStatus.Information = 0;
break;
}
TCGetDosNameFromNumber (ntName, Extension->nDosDriveNo);
RtlInitUnicodeString (&ntUnicodeString, ntName);
outLength = FIELD_OFFSET(MOUNTDEV_SUGGESTED_LINK_NAME,Name) + ntUnicodeString.Length;
outputBuffer->UseOnlyIfThereAreNoOtherLinks = FALSE;
outputBuffer->NameLength = ntUnicodeString.Length;
if(irpSp->Parameters.DeviceIoControl.OutputBufferLength < outLength)
{
Irp->IoStatus.Information = sizeof (MOUNTDEV_SUGGESTED_LINK_NAME);
Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW;
break;
}
RtlCopyMemory ((PCHAR)outputBuffer->Name,ntUnicodeString.Buffer, ntUnicodeString.Length);
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = outLength;
Dump ("link = %ls\n",ntName);
}
break;
case IOCTL_DISK_GET_MEDIA_TYPES:
case IOCTL_DISK_GET_DRIVE_GEOMETRY:
/* Return the drive geometry for the disk. Note that we
return values which were made up to suit the disk size. */
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof (DISK_GEOMETRY))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
PDISK_GEOMETRY outputBuffer = (PDISK_GEOMETRY)
Irp->AssociatedIrp.SystemBuffer;
outputBuffer->MediaType = Extension->bRemovable ? RemovableMedia : FixedMedia;
outputBuffer->Cylinders.QuadPart = Extension->NumberOfCylinders;
outputBuffer->TracksPerCylinder = Extension->TracksPerCylinder;
outputBuffer->SectorsPerTrack = Extension->SectorsPerTrack;
outputBuffer->BytesPerSector = Extension->BytesPerSector;
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = sizeof (DISK_GEOMETRY);
}
break;
case IOCTL_DISK_GET_PARTITION_INFO:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof (PARTITION_INFORMATION))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
PPARTITION_INFORMATION outputBuffer = (PPARTITION_INFORMATION)
Irp->AssociatedIrp.SystemBuffer;
outputBuffer->PartitionType = Extension->PartitionType;
outputBuffer->BootIndicator = FALSE;
outputBuffer->RecognizedPartition = TRUE;
outputBuffer->RewritePartition = FALSE;
outputBuffer->StartingOffset.QuadPart = SECTOR_SIZE;
outputBuffer->PartitionLength.QuadPart= Extension->DiskLength;
outputBuffer->HiddenSectors = 0;
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = sizeof (PARTITION_INFORMATION);
}
break;
case IOCTL_DISK_GET_PARTITION_INFO_EX:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (PARTITION_INFORMATION_EX))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
PPARTITION_INFORMATION_EX outputBuffer = (PPARTITION_INFORMATION_EX) Irp->AssociatedIrp.SystemBuffer;
outputBuffer->PartitionStyle = PARTITION_STYLE_MBR;
outputBuffer->RewritePartition = FALSE;
outputBuffer->StartingOffset.QuadPart = SECTOR_SIZE;
outputBuffer->PartitionLength.QuadPart= Extension->DiskLength;
outputBuffer->Mbr.PartitionType = Extension->PartitionType;
outputBuffer->Mbr.BootIndicator = FALSE;
outputBuffer->Mbr.RecognizedPartition = TRUE;
outputBuffer->Mbr.HiddenSectors = 0;
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = sizeof (PARTITION_INFORMATION_EX);
}
break;
case IOCTL_DISK_GET_DRIVE_LAYOUT:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof (DRIVE_LAYOUT_INFORMATION))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
PDRIVE_LAYOUT_INFORMATION outputBuffer = (PDRIVE_LAYOUT_INFORMATION)
Irp->AssociatedIrp.SystemBuffer;
outputBuffer->PartitionCount = 1;
outputBuffer->Signature = 0;
outputBuffer->PartitionEntry->PartitionType = Extension->PartitionType;
outputBuffer->PartitionEntry->BootIndicator = FALSE;
outputBuffer->PartitionEntry->RecognizedPartition = TRUE;
outputBuffer->PartitionEntry->RewritePartition = FALSE;
outputBuffer->PartitionEntry->StartingOffset.QuadPart = SECTOR_SIZE;
outputBuffer->PartitionEntry->PartitionLength.QuadPart = Extension->DiskLength;
outputBuffer->PartitionEntry->HiddenSectors = 0;
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = sizeof (PARTITION_INFORMATION);
}
break;
case IOCTL_DISK_GET_LENGTH_INFO:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (GET_LENGTH_INFORMATION))
{
Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW;
Irp->IoStatus.Information = sizeof (GET_LENGTH_INFORMATION);
}
else
{
PGET_LENGTH_INFORMATION outputBuffer = (PGET_LENGTH_INFORMATION) Irp->AssociatedIrp.SystemBuffer;
outputBuffer->Length.QuadPart = Extension->DiskLength;
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = sizeof (GET_LENGTH_INFORMATION);
}
break;
case IOCTL_DISK_VERIFY:
if (irpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof (PVERIFY_INFORMATION))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
PVERIFY_INFORMATION pVerifyInformation;
pVerifyInformation = (PVERIFY_INFORMATION) Irp->AssociatedIrp.SystemBuffer;
if (pVerifyInformation->StartingOffset.QuadPart + pVerifyInformation->Length > Extension->DiskLength)
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
else
{
IO_STATUS_BLOCK ioStatus;
PVOID buffer = TCalloc (pVerifyInformation->Length);
if (!buffer)
{
Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
}
else
{
LARGE_INTEGER offset = pVerifyInformation->StartingOffset;
offset.QuadPart += Extension->cryptoInfo->hiddenVolume ? Extension->cryptoInfo->hiddenVolumeOffset : Extension->cryptoInfo->volDataAreaOffset;
Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, pVerifyInformation->Length, &offset, NULL);
TCfree (buffer);
if (NT_SUCCESS (Irp->IoStatus.Status) && ioStatus.Information != pVerifyInformation->Length)
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
}
}
Irp->IoStatus.Information = 0;
}
break;
case IOCTL_DISK_CHECK_VERIFY:
case IOCTL_STORAGE_CHECK_VERIFY:
{
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength >= sizeof (ULONG))
{
*((ULONG *) Irp->AssociatedIrp.SystemBuffer) = 0;
Irp->IoStatus.Information = sizeof (ULONG);
}
}
break;
case IOCTL_DISK_IS_WRITABLE:
{
if (Extension->bReadOnly)
Irp->IoStatus.Status = STATUS_MEDIA_WRITE_PROTECTED;
else
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
}
break;
case IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS:
// Vista's filesystem defragmenter fails if IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS does not succeed.
Irp->IoStatus.Status = OsMajorVersion >= 6 ? STATUS_SUCCESS : STATUS_INVALID_DEVICE_REQUEST;
// No extent data can be returned as this is not a physical drive.
Irp->IoStatus.Information = 0;
break;
default:
return TCCompleteIrp (Irp, STATUS_INVALID_DEVICE_REQUEST, 0);
}
#ifdef DEBUG
if (!NT_SUCCESS (Irp->IoStatus.Status))
{
Dump ("IOCTL error 0x%08x (0x%x %d)\n",
Irp->IoStatus.Status,
(int) (irpSp->Parameters.DeviceIoControl.IoControlCode >> 16),
(int) ((irpSp->Parameters.DeviceIoControl.IoControlCode & 0x1FFF) >> 2));
}
#endif
return TCCompleteDiskIrp (Irp, Irp->IoStatus.Status, Irp->IoStatus.Information);
}
NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension, PIRP Irp)
{
PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
NTSTATUS ntStatus;
switch (irpSp->Parameters.DeviceIoControl.IoControlCode)
{
case TC_IOCTL_GET_DRIVER_VERSION:
case TC_IOCTL_LEGACY_GET_DRIVER_VERSION:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (LONG))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
LONG tmp = VERSION_NUM;
memcpy (Irp->AssociatedIrp.SystemBuffer, &tmp, 4);
Irp->IoStatus.Information = sizeof (LONG);
Irp->IoStatus.Status = STATUS_SUCCESS;
}
break;
case TC_IOCTL_GET_DEVICE_REFCOUNT:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (int))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
*(int *) Irp->AssociatedIrp.SystemBuffer = DeviceObject->ReferenceCount;
Irp->IoStatus.Information = sizeof (int);
Irp->IoStatus.Status = STATUS_SUCCESS;
}
break;
case TC_IOCTL_WAS_REFERENCED_DEVICE_DELETED:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (int))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
*(int *) Irp->AssociatedIrp.SystemBuffer = ReferencedDeviceDeleted;
Irp->IoStatus.Information = sizeof (int);
Irp->IoStatus.Status = STATUS_SUCCESS;
}
break;
case TC_IOCTL_IS_ANY_VOLUME_MOUNTED:
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (int))
{
Irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information = 0;
}
else
{
PDEVICE_OBJECT ListDevice;
*(int *) Irp->AssociatedIrp.SystemBuffer = 0;
for (ListDevice = DeviceObject->DriverObject->DeviceObject;
ListDevice != (PDEVICE_OBJECT) NULL; ListDevice = ListDevice->NextDevice)
{
PEXTENSION ListExtension = (PEXTENSION) ListDevice->DeviceExtension;
if (!ListExtension->bRootDevice
&& ListExtension->IsVolumeDevice
&& ListExtension->lMagicNumber == 0xabfeacde)
{
*(int *) Irp->AssociatedIrp.SystemBuffer = 1;
break;
}
}
if (IsBootDriveMounted())
*(int *) Irp->AssociatedIrp.SystemBuffer = 1;
Irp->IoStatus.Information = sizeof (int);
Irp->IoStatus.Status = STATUS_SUCCESS;
}
break;
case TC_IOCTL_OPEN_TEST:
{
OPEN_TEST_STRUCT *opentest = (OPEN_TEST_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE NtFileHandle;
UNICODE_STRING FullFileName;
IO_STATUS_BLOCK IoStatus;
LARGE_INTEGER offset;
unsigned char readBuffer [SECTOR_SIZE];
NTSTATUS TCBootLoaderDetected = STATUS_NO_SUCH_DEVICE; // STATUS_NO_SUCH_DEVICE is sent when the boot loader is not found (even if the device is found)
if (irpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof (OPEN_TEST_STRUCT))
{
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
Irp->IoStatus.Information = 0;
break;
}
EnsureNullTerminatedString (opentest->wszFileName, sizeof (opentest->wszFileName));
RtlInitUnicodeString (&FullFileName, opentest->wszFileName);
InitializeObjectAttributes (&ObjectAttributes, &FullFileName, OBJ_CASE_INSENSITIVE,
NULL, NULL);
ntStatus = ZwCreateFile (&NtFileHandle,
SYNCHRONIZE | GENERIC_READ, &ObjectAttributes, &IoStatus, NULL /* alloc size = none */ ,
FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT |
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -