irpfile.h

Shadow SDT的应用

///////////////////////////////////////////////////////////////////////////////
//
//  FileName    :   IrpFile.h
//  Version     :   0.10
//  Author      :   embedlinux(E-mai:hqulyc@126.com QQ:5054-3533)
//  Date        :   2008-08-04
//  Comment     :  
//
///////////////////////////////////////////////////////////////////////////////

#ifndef __IRPFILE_H__
#define __IRPFILE_H__

#include <ntddk.h>

typedef struct _AUX_ACCESS_DATA {
   PPRIVILEGE_SET PrivilegesUsed;
   GENERIC_MAPPING GenericMapping;
   ACCESS_MASK AccessesToAudit;
   ULONG Reserve;                            //unknow...
} AUX_ACCESS_DATA, *PAUX_ACCESS_DATA;

typedef struct _QUERY_HANDLE_INFO {
	 ULONG Pid;
	 ULONG Handle;
	 ULONG Object;
} QUERY_HANDLE_INFO, *PQUERY_HANDLE_INFO;

typedef struct _FILE_REQUEST_CREATE {
	 HANDLE FileHandle;
	 ULONG ShareAccess;
	 ULONG DesiredAccess;
	 ULONG CreateDisposition;
	 CHAR FileName[];
} FILE_REQUEST_CREATE, *PFILE_REQUEST_CREATE;

typedef struct _FILE_REQUEST_CLOSE {
	 HANDLE File;
} FILE_REQUEST_CLOSE, *PFILE_REQUEST_CLOSE;

typedef struct _FILE_REQUEST_READ {
	 HANDLE FileHandle;
   ULONG Length;
	 ULONG ReadLength;
	 UCHAR Buffer[];
} FILE_REQUEST_READ, *PFILE_REQUEST_READ;

typedef struct _FILE_REQUEST_WRITE {
	 HANDLE FileHandle;
 	 ULONG Length;
	 ULONG WriteLength;
	 UCHAR Buffer[];
} FILE_REQUEST_WRITE, *PFILE_REQUEST_WRITE;


/*
typedef struct _QUERY_DIRECTORY{
   PIO_STACK_LOCATION  pIrpStack;
   ULONG Length;
   PUNICODE_STRING FileName;
   FILE_INFORMATION_CLASS FileInformationClass;
   ULONG FileIndex;
}QUERY_DIRECTORY, PQUERY_DIRECTORY;
*/
NTSTATUS ObOpenObjectByPointer(
   IN PVOID Object,
   IN ULONG HandleAttributes,
   IN PACCESS_STATE PassedAccessState OPTIONAL,
   IN ACCESS_MASK DesiredAccess,
   IN POBJECT_TYPE ObjectType,
   IN KPROCESSOR_MODE AccessMode,
   OUT PHANDLE Handle
);

//Define the local routines used by this driver module. 
NTSTATUS
ObCreateObject (  //未公开的导出函数
     IN KPROCESSOR_MODE ProbeMode,
     IN POBJECT_TYPE ObjectType,
     IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
     IN KPROCESSOR_MODE OwnershipMode,
     IN OUT PVOID ParseContext OPTIONAL,
     IN ULONG ObjectBodySize,
     IN ULONG PagedPoolCharge,
     IN ULONG NonPagedPoolCharge,
     OUT PVOID *Object
     );

NTSTATUS
SeCreateAccessState( //未公开的导出函数
     IN PACCESS_STATE AccessState,
     IN PAUX_ACCESS_DATA AuxData,
     IN ACCESS_MASK DesiredAccess,
     IN PGENERIC_MAPPING GenericMapping OPTIONAL
     );

NTSTATUS NtClose( IN HANDLE Handle ); //未公开的导出函数

NTSTATUS  
IoSetInformation(
     OUT PFILE_OBJECT FileObject,
     IN ULONG ,
     IN ULONG Length, //
     IN PFILE_DISPOSITION_INFORMATION fdi
     );


//
// IoCompletionRoutine
//

// This routine is used to handle I/O (read OR write) completion
//
// Inputs:
// DeviceObject - not used
// Irp - the I/O operation being completed
// Context - not used
//
// Outputs:
// None.
//
// Returns:
// STATUS_MORE_PROCESSING_REQUIRED
//
// Notes:
// The purpose of this routine is to do "cleanup" on I/O operations
// so we don't constantly throw away perfectly good MDLs as part of
// completion processing.
//
NTSTATUS
IoCompletionRoutine(
     IN PDEVICE_OBJECT DeviceObject,
     IN PIRP Irp,
     IN PVOID Context
     );


//
// IrpCreateFile
//
// This routine is used as NtCreateFile but first and third parameter.
//
// Inputs:
// DesiredAccess - Specifies an ACCESS_MASK value that determines
//                     the requested access to the object. 
// FilePath - Path of file to create,as L"C:\\Windows"(Unicode).
// AllocationSize - Pointer to a LARGE_INTEGER that contains the initial allocation
//                     size, in bytes, for a file that is created or overwritten.
// FileAttributes - Specifies one or more FILE_ATTRIBUTE_XXX flags, which represent
//                     the file attributes to set if you are creating or overwriting a file.
// ShareAccess - Type of share access.
// CreateDisposition - Specifies the action to perform if the file does or does not exist.
// CreateOptions - Specifies the options to apply when creating or opening the file. 
// EaBuffer - For device and intermediate drivers, this parameter must be a NULL pointer. 
// EaLength - For device and intermediate drivers, this parameter must be zero.
//
// Ouputs:
// FileObject - Pointer to a PFILE_OBJECT variable that
//                 receives a PFILE_OBJECT to the file.
// IoStatusBlock - Pointer to an IO_STATUS_BLOCK structure that receives the final
//                 completion status and information about the requested read operation. 
//
// Returns:
// The IRP send status.
//
// Notes:
// This is equivalent to NtCreateFile,but return FILE_OBJECT not HANDLE.
//
NTSTATUS
IrpCreateFile(
     OUT PFILE_OBJECT  *FileObject,
     IN ACCESS_MASK  DesiredAccess,
     IN PUNICODE_STRING  FilePath,
     OUT PIO_STATUS_BLOCK  IoStatusBlock,
     IN PLARGE_INTEGER  AllocationSize OPTIONAL,
     IN ULONG  FileAttributes,
     IN ULONG  ShareAccess,
     IN ULONG  CreateDisposition,
     IN ULONG  CreateOptions,
     IN PVOID  EaBuffer OPTIONAL,
     IN ULONG  EaLength
     );
     
     
//
// IrpClose
//
// This routine is used as ObDereferenceObject.
//
// Inputs:
// FileObject - Pointer to a PFILE_OBJECT variable that will close
//
// Ouputs:
// IoStatusBlock - Pointer to an IO_STATUS_BLOCK structure that receives the final
//                 completion status and information about the requested read operation. 
//
// Returns:
// The IRP send status.
//
// Notes:
// This is equivalent to ObDereferenceObject
//
NTSTATUS
IrpClose(
     IN PFILE_OBJECT  FileObject
     );
     
   
     
//
// IrpQueryDirectoryFile
//
// This routine is used as NtQueryDirectoryFile.
//
// Inputs:
// FileObject - Pointer to a PFILE_OBJECT.
// Length - Size, in bytes, of the buffer pointed to by FileInformation. The caller
//            should set this parameter according to the given FileInformationClass. 
// FileInformationClass - Type of information to be returned about files in the directory. 
// FileName - Pointer to a caller-allocated Unicode string containing the name of a file
//            (or multiple files, if wildcards are used) within the directory specified by FileHandle.
//            This parameter is optional and can be NULL. 
//
// Ouputs:
// IoStatusBlock - Pointer to an IO_STATUS_BLOCK structure that receives the final
//                 completion status and information about the requested read operation. 
// FileInformation - Pointer to a buffer that receives the desired
//                          information about the file. 
//
// Returns:
// The IRP send status.
//
// Notes:
// This is equivalent to NtQueryDirectoryFile, but no ApcRoutine.
//
NTSTATUS
IrpQueryDirectoryFile(
     IN PFILE_OBJECT  FileObject,
     OUT PIO_STATUS_BLOCK  IoStatusBlock,
     OUT PVOID  FileInformation,
     IN ULONG  Length,
     IN FILE_INFORMATION_CLASS  FileInformationClass,
     IN PUNICODE_STRING  FileName  OPTIONAL
     );



//
// IrpQueryInformationFile
//
// This routine is used as NtQueryInformationFile.
//
// Inputs:
// FileObject - Pointer to a PFILE_OBJECT.
// Length - Size, in bytes, of the buffer pointed to by FileInformation. The caller
//            should set this parameter according to the given FileInformationClass. 
// FileInformationClass - Type of information to be returned about files in the directory. 
//
// Ouputs:
// IoStatusBlock - Pointer to an IO_STATUS_BLOCK structure that receives the final
//                 completion status and information about the requested read operation. 
// FileInformation - Pointer to a buffer that receives the desired
//                          information about the file. 
//
// Returns:
// The IRP send status.
//
// Notes:
// This is equivalent to NtQueryInformationFile.
//
NTSTATUS
IrpQueryInformationFile(
     IN PFILE_OBJECT  FileObject,
     OUT PIO_STATUS_BLOCK  IoStatusBlock,
     OUT PVOID  FileInformation,
     IN ULONG  Length,
     IN FILE_INFORMATION_CLASS  FileInformationClass
     );
     
   
     
//
// IrpSetInformationFile
//
// This routine is used as NtSetInformationFile.
//
// Inputs:
// FileObject - Pointer to a PFILE_OBJECT.
// FileInformation - Pointer to a buffer that contains the information to set for the file.  
// Length - Size, in bytes, of the buffer pointed to by FileInformation. The caller
//            should set this parameter according to the given FileInformationClass. 
// FileInformationClass - Type of information to be returned about files in the directory. 
// ReplaceIfExists - Set to TRUE to specify that if a file with the same name already exists,
//                     it should be replaced with the given file. Set to FALSE if the rename
//                     operation should fail if a file with the given name already exists. 
//
// Ouputs:
// IoStatusBlock - Pointer to an IO_STATUS_BLOCK structure that receives the final
//                 completion status and information about the requested read operation. 
//
// Returns:
// The IRP send status.
//
// Notes:
// This is equivalent to NtSetInformationFile.
//
NTSTATUS
IrpSetInformationFile(
     IN PFILE_OBJECT  FileObject,
     OUT PIO_STATUS_BLOCK  IoStatusBlock,
     IN PVOID  FileInformation,
     IN ULONG  Length,
     IN FILE_INFORMATION_CLASS  FileInformationClass,
     IN BOOLEAN  ReplaceIfExists
     );

//
// IrpReadFile
//
// This routine is used as NtReadFile.
//
// Inputs:
// FileObject - Pointer to a PFILE_OBJECT.
// Buffer - Pointer to a caller-allocated buffer that receives the data read from the file.
// Length - The size, in bytes, of the buffer pointed to by Buffer. 
// ByteOffset - Pointer to a variable that specifies the starting byte offset
//                 in the file where the read operation will begin. 
//
// Ouputs:
// IoStatusBlock - Pointer to an IO_STATUS_BLOCK structure that receives the final
//                completion status and information about the requested read operation. 
//
// Returns:
// The IRP send status.
//
// Notes:
// This is equivalent to NtReadFile, but no ApcRoutine.
//



NTSTATUS
IrpReadFile(
     IN PFILE_OBJECT  FileObject,
     OUT PIO_STATUS_BLOCK  IoStatusBlock,
     OUT PVOID  Buffer,
     IN ULONG  Length,
     IN PLARGE_INTEGER  ByteOffset  OPTIONAL
     );
//
// IrpReadFile
//
// This routine is used as NtReadFile.
//
// Inputs:
// FileObject - Pointer to a PFILE_OBJECT.
// Buffer - Pointer to a caller-allocated buffer that contains the data to write to the file. 
// Length - The size, in bytes, of the buffer pointed to by Buffer. 
// ByteOffset - Pointer to a variable that specifies the starting byte offset
//                 in the file for beginning the write operation.
//
// Ouputs:
// IoStatusBlock - Pointer to an IO_STATUS_BLOCK structure that receives the final
//                 completion status and information about the requested read operation. 
//
// Returns:
// The IRP send status.
//
// Notes:
// This is equivalent to NtReadFile, but no ApcRoutine.
//

NTSTATUS 
IrpWriteFile(
     IN PFILE_OBJECT  FileObject,
     OUT PIO_STATUS_BLOCK  IoStatusBlock,
     IN PVOID  Buffer,
     IN ULONG  Length,
     IN PLARGE_INTEGER  ByteOffset  OPTIONAL 
     );

NTSTATUS 
IrpDeleteFile(	
     IN HANDLE FileHandle 
     );

BOOLEAN GetDriveObject(
	   IN ULONG DriveNumber,
	   OUT PDEVICE_OBJECT *DeviceObject,
	   OUT PDEVICE_OBJECT *ReadDevice
	   );

NTSTATUS GetHiveFile();


#endif //_IRPFILE_H_