驱动对文件的操作

文件属性结构体

复制代码
typedef struct _OBJECT_ATTRIBUTES {
  ULONG  Length;            //结构体的长度
  HANDLE  RootDirectory;       //判断是否是根目录
  PUNICODE_STRING  ObjectName;   //对象的名称
  ULONG  Attributes;         //属性
  PVOID  SecurityDescriptor;    //安全属性
  PVOID  SecurityQualityOfService; //
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
typedef CONST OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES;
复制代码

 

删除文件

复制代码
 1 INT MyDelFile(WCHAR DelFileName[])
 2 {
 3     NTSTATUS status;   
 4     UNICODE_STRING usFileName;
 5     OBJECT_ATTRIBUTES oa;
 6 
 7 //文件名转成unicode字符串
 8     RtlInitUnicodeString(&usFileName,DelFileName);  
 9 
10 //初始化文件属性结构体
11 InitializeObjectAttributes(&oa,&usFileName,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,NULL,NULL);
12     
13 //删除文件
14     status = ZwDeleteFile(&oa); 
15     return NT_SUCCESS(status);
16 }
复制代码

 

复制文件

复制代码
VOID MyCopyFile(WCHAR SrcFileName[],WCHAR DestFileName[])
{
    UNICODE_STRING usSrcFileName;
    UNICODE_STRING usDestFileName;

    NTSTATUS status;
    OBJECT_ATTRIBUTES oa;   //文件属性结构体定义

    IO_STATUS_BLOCK IoStauts;
    

    HANDLE hFile;

    PCHAR Buffer = NULL;

    //定义一个文件信息的结构体
    FILE_STANDARD_INFORMATION fsi = {0};


    RtlInitUnicodeString(&usSrcFileName,SrcFileName);
    RtlInitUnicodeString(&usDestFileName,DestFileName);


     //初始化文件属性结构体InitializeObjectAttributes(&oa,&usSrcFileName,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,NULL,NULL);

    //打开文件
    status = ZwCreateFile(&hFile,
                        GENERIC_ALL,
                        &oa,
                        &IoStauts,
                        NULL,
                        FILE_ATTRIBUTE_NORMAL,
                        FILE_SHARE_READ|FILE_SHARE_WRITE,
                        FILE_OPEN,
                        FILE_SYNCHRONOUS_IO_NONALERT,
                        NULL,
                        0);

    if (!NT_SUCCESS(status))
    {
        KdPrint(("文件打开失败!"));
    }

//获取文件信息
    status = ZwQueryInformationFile(hFile,&IoStauts,&fsi,sizeof(fsi),FileStandardInformation);
    if (!NT_SUCCESS(status))
    {
        KdPrint(("获取文件信息失败!"));
        ZwClose(hFile);
        return;
    }

    if (fsi.EndOfFile.LowPart > 0)
    {
        Buffer =  (PCHAR)ExAllocatePool(PagedPool,fsi.EndOfFile.LowPart);
    }

    if (Buffer != NULL)
    {
//读取文件类型
        status = ZwReadFile(hFile,NULL,NULL,NULL,&IoStauts,Buffer,fsi.EndOfFile.LowPart,NULL,NULL);
        if (!NT_SUCCESS(status))
        {
            KdPrint(("读取文件失败!"));
            ZwClose(hFile);
            return;
        }
    }

    //关闭文件
    ZwClose(hFile);

    //给oa清零
    RtlZeroMemory(&oa,sizeof(oa));

    //初始化文件属性结构体InitializeObjectAttributes(&oa,&usDestFileName,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,NULL,NULL); 

    status = ZwCreateFile(&hFile,
        GENERIC_ALL,
        &oa,
        &IoStauts,
        NULL,
        FILE_ATTRIBUTE_NORMAL,
        FILE_SHARE_READ|FILE_SHARE_WRITE,
        FILE_OVERWRITE_IF,
        FILE_SYNCHRONOUS_IO_NONALERT,
        NULL,
        0);

    if (!NT_SUCCESS(status))
    {
        return;
    }

//向文件中写入数据
    status = ZwWriteFile(hFile,NULL,NULL,NULL,&IoStauts,Buffer,fsi.EndOfFile.LowPart,NULL,NULL);
    if (!NT_SUCCESS(status))
    {
        KdPrint(("写入失败!"));
        ZwClose(hFile);
        return;
    }

    ZwClose(hFile);
    if (Buffer !=NULL)
    {
        ExFreePool(Buffer);
    }

}
复制代码

 

文件名结构体

typedef struct _FILE_RENAME_INFORMATION {
    BOOLEAN ReplaceIfExists;   //是否被替换(为TRUE替换)
    HANDLE RootDirectory;      //判断是否是根目录
    ULONG FileNameLength;     //文件名的长度
    WCHAR FileName[1];       //文件名
} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;

 

文件名的更改

复制代码
VOID MyRenameFile(WCHAR SrcFileName[],WCHAR  DestFileName[])
{
    UNICODE_STRING usDestFileName;
    UNICODE_STRING usSrcFileName;
    PFILE_RENAME_INFORMATION pfri;   //定义一个文件名信息结构体类型
    HANDLE hFile;
    OBJECT_ATTRIBUTES oa;
    NTSTATUS status;
    IO_STATUS_BLOCK IoStauts;
    ULONG BufferLen;

    RtlInitUnicodeString(&usDestFileName,DestFileName);
    RtlInitUnicodeString(&usSrcFileName,SrcFileName);

//初始化属性结构体
    InitializeObjectAttributes(&oa,&usSrcFileName,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,NULL,NULL);

    status = ZwCreateFile(&hFile,
        GENERIC_ALL,
        &oa,
        &IoStauts,
        NULL,
        FILE_ATTRIBUTE_NORMAL,
        FILE_SHARE_READ|FILE_SHARE_WRITE,
        FILE_OPEN,
        FILE_SYNCHRONOUS_IO_NONALERT,
        NULL,
        0);

    if (!NT_SUCCESS(status))
    {
        KdPrint(("文件打开失败!"));
        return ;
    }

    BufferLen = sizeof(FILE_RENAME_INFORMATION) + wcslen(DestFileName)*sizeof(WCHAR);

    pfri = (PFILE_RENAME_INFORMATION)ExAllocatePool(PagedPool,BufferLen);
    RtlZeroMemory(pfri,BufferLen);
    RtlCopyMemory(pfri->FileName,DestFileName,wcslen(DestFileName)*sizeof(WCHAR));

    pfri->FileNameLength =wcslen(DestFileName)*sizeof(WCHAR);

    pfri->ReplaceIfExists = TRUE;
    status = ZwSetInformationFile(hFile,&IoStauts,pfri,BufferLen,FileRenameInformation);

    if (!NT_SUCCESS(status))
    {
        ZwClose(hFile);
        KdPrint(("重名失败!%x",status));
        return ;
    }
    ZwClose(hFile);

}
复制代码

 

posted @   菜鸡拾光  阅读(94)  评论(0编辑  收藏  举报
相关博文:
·  驱动优先启动(win xp)
·  代码逆向之旅1
·  驱动开发:内核文件读写系列函数
·  8.1 Windows驱动开发:内核文件读写系列函数
·  《C++黑客编程解密》04 - 内核驱动开发
阅读排行:
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 别再用vector<bool>了!Google高级工程师:这可能是STL最大的设计失误
· 单元测试从入门到精通
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 上周热点回顾(3.3-3.9)
点击右上角即可分享
微信分享提示
AI IDE Trae