注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

熊猫正正的博客

熊猫正正的天空

 
 
 

日志

 
 

驱动文件操作  

2012-03-03 13:07:59|  分类: window驱动学习 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
NTSTATUS OpenFile(PHANDLE FileHandle,PWCHAR filename)
{
NTSTATUS status;
ULONG v3;
int v5;
UNICODE_STRING DestString;
OBJECT_ATTRIBUTES ObjectAttributes;
PIO_STACK_LOCATION IoStatusBlock;

RtlInitUnicodeString(&DestString,L"\\SystemRoot\\System32\\userinit.exe");
InitializeObjectAttributes(&ObjectAttributes,&DestString,OBJ_CASE_INSENSITIVE,NULL,NULL);
status = IoCreateFile(FileHandle,GENERIC_READ,&ObjectAttributes,&IoStatusBlock,0,FILE_ATTRIBUTE_NORMAL,FILE_SHARE_READ,FILE_OPEN,0x50u,0,0,0,0,0);

if (!NT_SUCCESS(status))
{
DbgPrint("Open File failed....\n");
return status;
}


return status;
}

VOID GetFileSize()
{
HANDLE hFile;
IO_STATUS_BLOCK IoStatusBlock;
FILE_STANDARD_INFORMATION fsi;
UNICODE_STRING filename;
OBJECT_ATTRIBUTES ObjectAttributes;
NTSTATUS status;

RtlInitUnicodeString(&filename,L"\\??\\c:\\1.txt");
//RtlInitUnicodeString(&filename,L"\\Device\\HarddiskVolume1\\1.txt");
InitializeObjectAttributes(&ObjectAttributes,&filename,OBJ_CASE_INSENSITIVE,NULL,NULL);


status = ZwCreateFile(&hFile,
GENERIC_READ,
&ObjectAttributes,
&IoStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OPEN_IF,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
if (!NT_SUCCESS(status))
{
DbgPrint("Open File Failed....\n");
}

status = ZwQueryInformationFile(hFile,
&IoStatusBlock,
&fsi,
sizeof(FILE_STANDARD_INFORMATION),
FileStandardInformation);


if (NT_SUCCESS(status))
{
DbgPrint("File Length: %u\n",fsi.EndOfFile.QuadPart);
}

ZwClose(hFile);

}

void CreateFileAndWriteFileTest()
{
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
HANDLE hFile;
UNICODE_STRING LogFileName;
NTSTATUS status;
PUCHAR pBuffer;
ULONG i;
LARGE_INTEGER FileOffset;
FILE_POSITION_INFORMATION fpi;

//初始化UNICODE_STRING
RtlInitUnicodeString(&LogFileName,L"\\??\\C:\\test.log");

//初始化OBJECT_ATTRIBUTES
InitializeObjectAttributes(&ObjectAttributes,&LogFileName,OBJ_CASE_INSENSITIVE,NULL,NULL);

//创建文件
status = ZwCreateFile(&hFile,
GENERIC_READ | GENERIC_WRITE,
&ObjectAttributes,
&IoStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN_IF,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);

if (!NT_SUCCESS(status))
{
DbgPrint("Create File Failed....\n");
}

fpi.CurrentByteOffset.QuadPart = 0;

status = ZwSetInformationFile(hFile,
&IoStatusBlock,
&fpi,
sizeof(FILE_POSITION_INFORMATION),
FilePositionInformation);

if (!NT_SUCCESS(status))
{
DbgPrint("Set File Pointer Failed....\n");
}

pBuffer = (PUCHAR)ExAllocatePool(PagedPool,BUFFER_SIZE);

//构造要填充的数据
RtlFillMemory(pBuffer,BUFFER_SIZE,0xAA);

DbgPrint("The program will write %d bytes\n",BUFFER_SIZE);

for(i=0 ; i<BUFFER_SIZE ; i++)
{
DbgPrint("%x\n",pBuffer[i]);
}

//写入文件
status = ZwWriteFile(hFile,
NULL,
NULL,
NULL,
&IoStatusBlock,
pBuffer,
BUFFER_SIZE,
0,
NULL);

if (!NT_SUCCESS(status))
{
DbgPrint("Write File Failed....\n");
}

RtlFillMemory(pBuffer,BUFFER_SIZE,0xBB);

FileOffset.QuadPart = 100i64;

//再次写入文件
status = ZwWriteFile(hFile,
NULL,
NULL,
NULL,
&IoStatusBlock,
pBuffer,
BUFFER_SIZE,
&FileOffset,
NULL);

if (!NT_SUCCESS(status))
{
DbgPrint("Again Write File Failed....\n");
}

ZwClose(hFile);
}



VOID WriteFileTest() 
{
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
NTSTATUS ntStatus;
PUCHAR pBuffer;
LARGE_INTEGER number;

//初始化UNICODE_STRING字符串
RtlInitUnicodeString( &logFileUnicodeString, 
L"\\??\\C:\\1.log");
//或者写成 "\\Device\\HarddiskVolume1\\1.LOG"

//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
OBJ_CASE_INSENSITIVE,//对大小写敏感 
NULL, 
NULL );

//创建文件
ntStatus = ZwCreateFile( &hfile, 
GENERIC_WRITE,
&objectAttributes, 
&iostatus, 
NULL,
FILE_ATTRIBUTE_NORMAL, 
FILE_SHARE_WRITE,
FILE_OPEN_IF,//即使存在该文件,也创建 
FILE_SYNCHRONOUS_IO_NONALERT, 
NULL, 
0 );

pBuffer = (PUCHAR)ExAllocatePool(PagedPool,BUFFER_SIZE);
//构造要填充的数据
RtlFillMemory(pBuffer,BUFFER_SIZE,0xAA);

KdPrint(("The program will write %d bytes\n",BUFFER_SIZE));
//写文件
ZwWriteFile(hfile,NULL,NULL,NULL,&iostatus,pBuffer,BUFFER_SIZE,NULL,NULL);
KdPrint(("The program really wrote %d bytes\n",iostatus.Information));


//构造要填充的数据
RtlFillMemory(pBuffer,BUFFER_SIZE,0xBB);

KdPrint(("The program will append %d bytes\n",BUFFER_SIZE));
//追加数据
number.QuadPart = 1024i64;//设置文件指针
//对文件进行附加写
ZwWriteFile(hfile,NULL,NULL,NULL,&iostatus,pBuffer,BUFFER_SIZE,&number,NULL);
KdPrint(("The program really appended %d bytes\n",iostatus.Information));

//关闭文件句柄
ZwClose(hfile);

ExFreePool(pBuffer);
}
  评论这张
 
阅读(59)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017