setinformation.cpp

文件过滤系统

/********************************************************************
	created:	2003/08/10
	created:	10:8:2003   18:29
	filename: 	g:\temp\FsTPM\FsTPM\FsTPM\SetInformation.cpp
	file path:	g:\temp\FsTPM\FsTPM\FsTPM
	file base:	SetInformation
	file ext:	cpp
	author:		Supermi
	
	purpose:	
*********************************************************************/
#include "FsTPM.h"
NTSTATUS 
FsTPMSetInformationRoutine( 
							 PDEVICE_OBJECT pHookDevice, 
							 IN PIRP pIrp 
							 )
{
	// 
	// 获得当前堆栈，以及下一个处理IRP的堆栈
	//
	PIO_STACK_LOCATION  pCurrentIrpStack = IoGetCurrentIrpStackLocation(pIrp);
	PIO_STACK_LOCATION  pNextIrpStack    = IoGetNextIrpStackLocation(pIrp);
	//
	// 指向我定义的扩展结构，该结构中包括了我所需要的关于下层文件系统的信息
	//
	PHOOK_EXTENSION     pHookExt=(PHOOK_EXTENSION)pHookDevice->DeviceExtension;

	PFILE_OBJECT        pFileObject=pCurrentIrpStack->FileObject;

	PDEVICE_OBJECT		pNextLowerDevice=pHookExt->Vcb.NextLowerDevice;

	PFILE_PROTECT_LIST_ITEM pItem;

	WCHAR   Name[256];
	
	char ProcessName[256]={0};

	VCB Vcb;

	ULONG ResultLen;

	NTSTATUS ntStatus;
	
	PFILE_NAME_INFORMATION fileNameInfo=NULL;

	if (pHookExt->Type==GUIINTERFACE)
	{
		pIrp->IoStatus.Information = 0;
		pIrp->IoStatus.Status = STATUS_SUCCESS;

		IoCompleteRequest( pIrp, IO_NO_INCREMENT );
		return STATUS_SUCCESS;
	}

	_snwprintf(Name,256,L"A:");

	UNICODE_STRING CUSourceName;

	if (!ProtectControlBlock.EnableStaticProtect)
		goto next_stack;

	RtlInitUnicodeString(&CUSourceName,Name);
	CUSourceName.MaximumLength=512;

	Vcb=pHookExt->Vcb;


	if (0==pFileObject->FileName.Length)   // 我不知道为什么会有这样的情况
		goto next_stack;

	fileNameInfo = (PFILE_NAME_INFORMATION)ExAllocatePoolWithTag( NonPagedPool, MAXPATHLEN*sizeof(WCHAR), TAGS);

	if (NULL==fileNameInfo)
	{
		FsTPM_DbgPrint(("Memory Allocate Fail!\n"));
		return STATUS_UNSUCCESSFUL;
	}
	ntStatus=FsTPMQueryInformationFile(&Vcb,pFileObject,FileNameInformation,fileNameInfo,(MAXPATHLEN-5)*sizeof(WCHAR),&ResultLen);
	if (!NT_SUCCESS(ntStatus))
	{
		FsTPM_DbgPrint((" Query Name Information of file Fail "));
		ErrorString(ntStatus);
		goto next_stack;
	}

	fileNameInfo->FileName[fileNameInfo->FileNameLength/2]=0;

	_snwprintf(CUSourceName.Buffer+wcslen(CUSourceName.Buffer),256-wcslen(CUSourceName.Buffer),L"%s",fileNameInfo->FileName);

	CUSourceName.Buffer[0]=(WCHAR)(pHookExt->LogicalDrive);

	CUSourceName.Length=wcslen(CUSourceName.Buffer)*sizeof(WCHAR);

	UpperWordW(CUSourceName.Buffer);
	
	FsTPM_DbgPrint(("IRP_SET_INFORMATION: %S\n",CUSourceName.Buffer));

	if (!ProtectList_Is_In( &ProtectControlBlock.FileProtectList, CUSourceName.Buffer, &pItem))
		goto next_stack;

	if (ProtectControlBlock.EnableStaticProtect && 	IS_STATIC_PROTECT(pItem->ProtectedFlag) )
	{	
		if (fileNameInfo!=NULL)
			ExFreePool(fileNameInfo);

		pIrp->IoStatus.Information = 0;
		pIrp->IoStatus.Status = STATUS_ACCESS_DENIED;

		IoCompleteRequest( pIrp, IO_NO_INCREMENT );

		return STATUS_ACCESS_DENIED;
	}
next_stack:
	if (fileNameInfo!=NULL)
		ExFreePool(fileNameInfo);

	IoSkipCurrentIrpStackLocation(pIrp);

	ntStatus=IoCallDriver( pNextLowerDevice, pIrp );

	return ntStatus;

}