📄 pgpwipedeletent.c
字号:
return TRUE;
} else {
return FALSE;
}
}
//----------------------------------------------------------------------
//
// PGPWDNTGetFileName
//
// This function retrieves the "standard" information for the
// underlying file system, asking for the filename in particular.
//
//----------------------------------------------------------------------
BOOLEAN PGPWDNTGetFileName(BOOLEAN IsNTFS,
PDEVICE_OBJECT DeviceObject,
PFILE_OBJECT FileObject,
PUCHAR FileName, ULONG FileNameLength )
{
PIRP irp;
KEVENT event;
IO_STATUS_BLOCK IoStatusBlock;
PIO_STACK_LOCATION ioStackLocation;
PVOID fsContext2;
PGPdbgVerbosePrint(("Getting file name for %x\n", FileObject));
//
// Initialize the event
//
KeInitializeEvent(&event, SynchronizationEvent, FALSE);
//
// Allocate an irp for this request. This could also come from a
// private pool, for instance.
//
irp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
if (!irp) {
//
// Failure!
//
return FALSE;
}
//
// Zap Fscontext2 (the CCB) so that NTFS will give us the long name
//
if( IsNTFS ) {
fsContext2 = FileObject->FsContext2;
FileObject->FsContext2 = NULL;
}
irp->AssociatedIrp.SystemBuffer = FileName;
irp->UserEvent = &event;
irp->UserIosb = &IoStatusBlock;
irp->Tail.Overlay.Thread = PsGetCurrentThread();
irp->Tail.Overlay.OriginalFileObject = FileObject;
irp->RequestorMode = KernelMode;
irp->Flags = 0;
//
// Set up the I/O stack location.
//
ioStackLocation = IoGetNextIrpStackLocation(irp);
ioStackLocation->MajorFunction = IRP_MJ_QUERY_INFORMATION;
ioStackLocation->DeviceObject = DeviceObject;
ioStackLocation->FileObject = FileObject;
ioStackLocation->Parameters.QueryFile.Length = FileNameLength;
ioStackLocation->Parameters.QueryFile.FileInformationClass =
FileNameInformation;
//
// Set the completion routine.
//
IoSetCompletionRoutine(irp, PGPWDNTIoComplete, 0, TRUE, TRUE, TRUE);
//
// Send it to the FSD
//
(void) IoCallDriver(DeviceObject, irp);
//
// Wait for the I/O
//
KeWaitForSingleObject(&event, Executive, KernelMode, TRUE, 0);
//
// Restore the fscontext
//
if( IsNTFS ) {
FileObject->FsContext2 = fsContext2;
}
//
// Done!
//
return( NT_SUCCESS( irp->IoStatus.Status ));
}
//----------------------------------------------------------------------
//
// PGPWDNTIsHiddenFile
//
// Returns TRUE if the file has the HIDDEN attribute, FALSE if not
//
//----------------------------------------------------------------------
BOOLEAN PGPWDNTIsHiddenFile(PDEVICE_OBJECT DeviceObject,
PFILE_OBJECT FileObject )
{
PIRP irp;
KEVENT event;
IO_STATUS_BLOCK IoStatusBlock;
PIO_STACK_LOCATION ioStackLocation;
FILE_BASIC_INFORMATION fileInfo;
//
// First, start by initializing the event
//
KeInitializeEvent(&event, SynchronizationEvent, FALSE);
//
// Allocate an irp for this request. This could also come from a
// private pool, for instance.
//
irp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
if (!irp) {
//
// Failure!
//
return FALSE;
}
irp->AssociatedIrp.SystemBuffer = &fileInfo;
irp->UserEvent = &event;
irp->UserIosb = &IoStatusBlock;
irp->Tail.Overlay.Thread = PsGetCurrentThread();
irp->Tail.Overlay.OriginalFileObject = FileObject;
irp->RequestorMode = KernelMode;
irp->Flags = 0;
//
// Set up the I/O stack location.
//
ioStackLocation = IoGetNextIrpStackLocation(irp);
ioStackLocation->MajorFunction = IRP_MJ_QUERY_INFORMATION;
ioStackLocation->DeviceObject = DeviceObject;
ioStackLocation->FileObject = FileObject;
ioStackLocation->Parameters.QueryFile.Length =
sizeof(FILE_BASIC_INFORMATION);
ioStackLocation->Parameters.QueryFile.FileInformationClass =
FileBasicInformation;
//
// Set the completion routine.
//
IoSetCompletionRoutine(irp, PGPWDNTIoComplete, 0, TRUE, TRUE, TRUE);
//
// Send the request to the lower layer driver.
//
(void) IoCallDriver(DeviceObject, irp);
//
// Wait for the I/O
//
KeWaitForSingleObject(&event, Executive, KernelMode, TRUE, 0);
//
// Return whether the file is hidden or not
//
if( !NT_SUCCESS( irp->IoStatus.Status ) ||
!(fileInfo.FileAttributes && FILE_ATTRIBUTE_HIDDEN)) {
return FALSE;
} else {
return TRUE;
}
}
//----------------------------------------------------------------------
//
// PGPWDNTSetDispositionFile
//
// Changes the delete status on a file
//
//----------------------------------------------------------------------
BOOLEAN PGPWDNTSetDispositionFile(PDEVICE_OBJECT DeviceObject,
PFILE_OBJECT FileObject, BOOLEAN Delete )
{
PIRP irp;
KEVENT event;
IO_STATUS_BLOCK IoStatusBlock;
PIO_STACK_LOCATION ioStackLocation;
FILE_DISPOSITION_INFORMATION disposition;
//
// Change the delete status
//
disposition.DeleteFile = Delete;
//
// Initialize the event
//
KeInitializeEvent(&event, SynchronizationEvent, FALSE);
//
// Allocate an irp for this request. This could also come from a
// private pool, for instance.
//
irp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
if (!irp) {
//
// Failure!
//
return FALSE;
}
irp->AssociatedIrp.SystemBuffer = &disposition;
irp->UserEvent = &event;
irp->UserIosb = &IoStatusBlock;
irp->Tail.Overlay.Thread = PsGetCurrentThread();
irp->Tail.Overlay.OriginalFileObject = FileObject;
irp->RequestorMode = KernelMode;
irp->Flags = 0;
//
// Set up the I/O stack location.
//
ioStackLocation = IoGetNextIrpStackLocation(irp);
ioStackLocation->MajorFunction = IRP_MJ_SET_INFORMATION;
ioStackLocation->DeviceObject = DeviceObject;
ioStackLocation->FileObject = FileObject;
ioStackLocation->Parameters.SetFile.FileInformationClass =
FileDispositionInformation;
//
// Set the completion routine.
//
IoSetCompletionRoutine(irp, PGPWDNTIoComplete, 0, TRUE, TRUE, TRUE);
//
// Send it to the FSD
//
(void) IoCallDriver(DeviceObject, irp);
//
// Wait for the I/O
//
KeWaitForSingleObject(&event, Executive, KernelMode, TRUE, 0);
//
// Done!
//
return TRUE;
}
//----------------------------------------------------------------------
// F A S T I O R O U T I N E S
//----------------------------------------------------------------------
//----------------------------------------------------------------------
//
// PGPWDNTFastIoCheckIfPossible
//
//----------------------------------------------------------------------
BOOLEAN
PGPWDNTFastIoCheckifPossible(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN BOOLEAN CheckForReadOperation,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject )
{
BOOLEAN retval = FALSE;
PDEVEXTENSION pdeve;
pdeve = DeviceObject->DeviceExtension;
// if not intended for us, force OS to create IRP
if (pdeve->ulDeviceType != WIPE_DELETE_DEV)
return FALSE;
if( pdeve->pdevoNext->DriverObject->
FastIoDispatch->FastIoCheckIfPossible )
{
retval = pdeve->pdevoNext->DriverObject->
FastIoDispatch->FastIoCheckIfPossible(
FileObject, FileOffset, Length,
Wait, LockKey, CheckForReadOperation,
IoStatus, pdeve->pdevoNext );
}
return retval;
}
//----------------------------------------------------------------------
//
// PGPWDNTFastIoRead
//
//----------------------------------------------------------------------
BOOLEAN
PGPWDNTFastIoRead(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
OUT PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject )
{
BOOLEAN retval = FALSE;
PDEVEXTENSION pdeve;
pdeve = DeviceObject->DeviceExtension;
// if not intended for us, force OS to create IRP
if (pdeve->ulDeviceType != WIPE_DELETE_DEV)
return FALSE;
if( pdeve->pdevoNext->DriverObject->FastIoDispatch->FastIoRead )
{
retval = pdeve->pdevoNext->DriverObject->FastIoDispatch->FastIoRead(
FileObject, FileOffset, Length,
Wait, LockKey, Buffer, IoStatus, pdeve->pdevoNext );
}
return retval;
}
//----------------------------------------------------------------------
//
// PGPWDNTFastIoWrite
//
//----------------------------------------------------------------------
BOOLEAN
PGPWDNTFastIoWrite(
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER FileOffset,
IN ULONG Length,
IN BOOLEAN Wait,
IN ULONG LockKey,
IN PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject )
{
BOOLEAN retval = FALSE;
PDEVEXTENSION pdeve;
pdeve = DeviceObject->DeviceExtension;
// if not intended for us, force OS to create IRP
if (pdeve->ulDeviceType != WIPE_DELETE_DEV)
return FALSE;
if( pdeve->pdevoNext->DriverObject->FastIoDispatch->FastIoWrite )
{
retval = pdeve->pdevoNext->
DriverObject->FastIoDispatch->FastIoWrite(
FileObject, FileOffset, Length, Wait, LockKey,
Buffer, IoStatus, pdeve->pdevoNext );
}
return retval;
}
//----------------------------------------------------------------------
//
// PGPWDNTFastIoQueryBasicinfo
//
//----------------------------------------------------------------------
BOOLEAN
PGPWDNTFastIoQueryBasicInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_BASIC_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject )
{
BOOLEAN retval = FALSE;
PDEVEXTENSION pdeve;
pdeve = DeviceObject->DeviceExtension;
// if not intended for us, force OS to create IRP
if (pdeve->ulDeviceType != WIPE_DELETE_DEV)
return FALSE;
if( pdeve->pdevoNext->DriverObject->
FastIoDispatch->FastIoQueryBasicInfo )
{
retval = pdeve->pdevoNext->DriverObject->
FastIoDispatch->FastIoQueryBasicInfo(
FileObject, Wait, Buffer,
IoStatus, pdeve->pdevoNext );
}
return retval;
}
//----------------------------------------------------------------------
//
// PGPWDNTFastIoQueryStandardInfo
//
//----------------------------------------------------------------------
BOOLEAN
PGPWDNTFastIoQueryStandardInfo(
IN PFILE_OBJECT FileObject,
IN BOOLEAN Wait,
OUT PFILE_STANDARD_INFORMATION Buffer,
OUT PIO_STATUS_BLOCK IoStatus,
IN PDEVICE_OBJECT DeviceObject )
{
BOOLEAN retval = FALSE;
PDEVEXTENSION pdeve;
pdeve = DeviceObject->DeviceExtension;
// if not intended for us, force OS to create IRP
if (pdeve->ulDeviceType != WIPE_DELETE_DEV)
return FALSE;
if( pdeve->pdevoNext->DriverObject->
FastIoDispatch->FastIoQueryStandardInfo )
{
retval = pdeve->pdevoNext->DriverObject->
FastIoDispatch->FastIoQueryStandardInfo(
FileObject, Wait, Buffer,
IoStatus, pdeve->pdevoNext );
}
return retval;
}
//----------------------------------------------------------------------
//
// PGPWDNTFastIoLock
//
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -