DriverEntry zwCreatefile

#include"ntddk.h"   
 
VOID xiezai1(PDRIVER_OBJECT qudongduixiang)
{
    KdPrint(("驱动卸载 历程\n"));
    return;
}
 
NTSTATUS DriverEntry(PDRIVER_OBJECT qudongduixiang, PUNICODE_STRING zhucebiao1)
{
    HANDLE wenjianjubing = NULL;
    NTSTATUS zhuangtai1;
    UNICODE_STRING wenjianming;
    UNICODE_STRING wenjianming2;
    OBJECT_ATTRIBUTES duixiangshuxing;
    IO_STATUS_BLOCK zhuangtaikuai;//可拥有的控制权  
    FILE_BASIC_INFORMATION xinxi_jiben;
    LARGE_INTEGER linshi1;
 
    PVOID str1;
    RtlInitUnicodeString(&wenjianming, L"\\??\\c:\\李赛赛.txt");//初始化文件名  
    memset(&duixiangshuxing, 0, sizeof(OBJECT_ATTRIBUTES));//对象属性清空  
 
    InitializeObjectAttributes(&duixiangshuxing, &wenjianming, OBJ_CASE_INSENSITIVE, NULL, NULL);//对象属性关键是文件名字 不区分大小写  
    zhuangtai1 = ZwCreateFile(&wenjianjubing, GENERIC_ALL, &duixiangshuxing, &zhuangtaikuai, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ, FILE_OPEN_IF, FILE_NON_DIRECTORY_FILE, NULL, 0);
    //就是普通文件属性.其他常用的还有:  
    //    FILE_ATTRIBUTE_DIRECTORY 目录         FILE_SHARE_READ共享读 我们创建这个文件还对这个文件进行操作的时候 别的应用程序对这个文件进行访问的时候 只能进行读这个文件  
    //  FILE_ATTRIBUTE_ARCHIVE 存档             FILE_OPEN_IF 如果不存在创建文件 如果存在打开文件       
    //  FILE_ATTRIBUTE_READONLY 只读  
    //  FILE_ATTRIBUTE_HIDDEN 隐藏  
    //  FILE_ATTRIBUTE_SYSTEM 系统  
    if (!NT_SUCCESS(zhuangtai1))
    {
        KdPrint(("ZwCreateFile文件创建失败\n"));
    }
    else
    {
        KdPrint(("ZwCreateFile文件创建成功\n"));
    }
    ZwClose(wenjianjubing);
    //打开文件------------------------------------------------------  
    RtlInitUnicodeString(&wenjianming, L"\\??\\c:\\李赛赛.txt");//初始化文件名  
    memset(&duixiangshuxing, 0, sizeof(OBJECT_ATTRIBUTES));//对象属性清空  
    InitializeObjectAttributes(&duixiangshuxing, &wenjianming, OBJ_CASE_INSENSITIVE, NULL, NULL);//对象属性关键是文件名字 不区分大小写  
    zhuangtai1 = ZwOpenFile(&wenjianjubing, GENERIC_ALL, &duixiangshuxing, &zhuangtaikuai, FILE_SHARE_READ, FILE_NON_DIRECTORY_FILE); //FILE_NON_DIRECTORY_FILE  FILE_SYNCHRONOUS_IO_NONALERT  
    if (!NT_SUCCESS(zhuangtai1))
    {
        KdPrint(("ZwOpenFile打开文件失败\n"));
    }
    else
    {
        KdPrint(("ZwOpenFile打开文件成功\n"));
    }
    zhuangtai1 = ZwQueryInformationFile(wenjianjubing, &zhuangtaikuai, &xinxi_jiben, sizeof(FILE_BASIC_INFORMATION), FileBasicInformation);
    if (!NT_SUCCESS(zhuangtai1))
    {
        ZwClose(wenjianjubing);
    }
    KdPrint(("%x %x", xinxi_jiben.ChangeTime.QuadPart, xinxi_jiben.FileAttributes));
    xinxi_jiben.CreationTime.QuadPart = 0;
    xinxi_jiben.FileAttributes |= FILE_ATTRIBUTE_HIDDEN;
    zhuangtai1 = ZwSetInformationFile(wenjianjubing, &zhuangtaikuai, &xinxi_jiben, sizeof(FILE_BASIC_INFORMATION), FileBasicInformation);
    if (!NT_SUCCESS(zhuangtai1))
    {
        ZwClose(wenjianjubing);
    }
    str1 = ExAllocatePool(NonPagedPool, 50);
    linshi1.QuadPart = 0;
    zhuangtai1 = ZwReadFile(wenjianjubing, NULL, NULL, NULL, &zhuangtaikuai, str1, 50, &linshi1, NULL);
    if (!NT_SUCCESS(zhuangtai1))
    {
        KdPrint(("错误码%x", zhuangtai1));
        ZwClose(wenjianjubing);
    }
    RtlCopyMemory(str1, "\n打击日本鬼子", strlen("\n打击日本鬼子"));
    linshi1.QuadPart = strlen("\n打击日本鬼子");
    zhuangtai1 = ZwWriteFile(wenjianjubing, NULL, NULL, NULL, &zhuangtaikuai, str1, 50, &linshi1, NULL);
 
    KdPrint(("%s", str1));
 
    ZwClose(wenjianjubing);
    qudongduixiang->DriverUnload = xiezai1;
    //ZwCreateFile  创建文件    
    //ZwOpenFile    打开文件     
    //ZwSetInformationFile 设置创建的名字 信息大小  
    //ZwQueryInformationFile查询文件的信息 时间 名字  很多东西  
    //ZwReadFile 读取文件  
    //ZwWriteFile  写文件  
    return STATUS_SUCCESS;
}