核心驱动文件操作 How to access file in Kernel Driver

原创 2006年05月18日 13:51:00

核心驱动的文件操作主要有以下一个函数

NTSTATUS 
  ZwCreateFile(
  OUT PHANDLE FileHandle,
  IN ACCESS_MASK DesiredAccess,
  IN POBJECT_ATTRIBUTES ObjectAttributes,
  OUT PIO_STATUS_BLOCK IoStatusBlock,
  IN PLARGE_INTEGER AllocationSize  OPTIONAL,
  IN ULONG FileAttributes,
  IN ULONG ShareAccess,
  IN ULONG CreateDisposition,
  IN ULONG CreateOptions,
  IN PVOID EaBuffer  OPTIONAL,
  IN ULONG EaLength
  );

NTSTATUS
  ZwQueryInformationFile(
  IN HANDLE  FileHandle,
  OUT PIO_STATUS_BLOCK  IoStatusBlock,
  OUT PVOID  FileInformation,
  IN ULONG  Length,
  IN FILE_INFORMATION_CLASS  FileInformationClass
  );

NTSTATUS
  ZwSetInformationFile(
  IN HANDLE  FileHandle,
  OUT PIO_STATUS_BLOCK  IoStatusBlock,
  IN PVOID  FileInformation,
  IN ULONG  Length,
  IN FILE_INFORMATION_CLASS  FileInformationClass
  );

NTSTATUS
  ZwWriteFile(
  IN HANDLE  FileHandle,
  IN HANDLE  Event  OPTIONAL,
  IN PIO_APC_ROUTINE  ApcRoutine  OPTIONAL,
  IN PVOID  ApcContext  OPTIONAL,
  OUT PIO_STATUS_BLOCK  IoStatusBlock,
  IN PVOID  Buffer,
  IN ULONG  Length,
  IN PLARGE_INTEGER  ByteOffset  OPTIONAL,
  IN PULONG  Key  OPTIONAL
  );

NTSTATUS
  ZwReadFile(
  IN HANDLE  FileHandle,
  IN HANDLE  Event  OPTIONAL,
  IN PIO_APC_ROUTINE  ApcRoutine  OPTIONAL,
  IN PVOID  ApcContext  OPTIONAL,
  OUT PIO_STATUS_BLOCK  IoStatusBlock,
  OUT PVOID  Buffer,
  IN ULONG  Length,
  IN PLARGE_INTEGER  ByteOffset  OPTIONAL,
  IN PULONG  Key  OPTIONAL
  );

打开/创建/读/写文件 的操作基本上和 SDK API 的使用差不多,但是文件指针的移动,属性的修改比 SDK API 稍复杂一些,主要使用 ZwQueryInformationFile 和 ZwSetInformationFile 这两个函数完成,下面举个例子大概说明一下这两个函数的使用。

 

         //Create the log file

         IO_STATUS_BLOCK file_status;

         OBJECT_ATTRIBUTES obj_attrib;

         CCHAR              ntNameFile[64] = "//DosDevices//c://temp.txt";

    STRING               ntNameString;

         UNICODE_STRING uFileName;

         FILE_STANDARD_INFORMATION fsi;

         FILE_POSITION_INFORMATION fpi;

 

         RtlInitAnsiString( &ntNameString, ntNameFile);

    RtlAnsiStringToUnicodeString(&uFileName, &ntNameString, TRUE );

         InitializeObjectAttributes(&obj_attrib, &uFileName, OBJ_CASE_INSENSITIVE, NULL, NULL);

         Status = ZwCreateFile(&pKeyboardDeviceExtension->hLogFile,GENERIC_WRITE,&obj_attrib,&file_status,

                                                                 NULL,FILE_ATTRIBUTE_NORMAL,FILE_SHARE_READ,FILE_OPEN_IF,FILE_SYNCHRONOUS_IO_NONALERT,NULL,0);

         RtlFreeUnicodeString(&uFileName);

 

         ZwQueryInformationFile(pKeyboardDeviceExtension->hLogFile, &file_status, &fsi, sizeof(FILE_STANDARD_INFORMATION), FileStandardInformation);

 

         fpi.CurrentByteOffset = fsi.EndOfFile;

 

         ZwSetInformationFile(pKeyboardDeviceExtension->hLogFile, &file_status, &fpi, sizeof(FILE_POSITION_INFORMATION), FilePositionInformation);

 

         if (Status != STATUS_SUCCESS)

         {

                   DbgPrint("Failed to create log file.../n");

                   DbgPrint("File Status = %x/n",file_status);

         }

         else

         {

                   DbgPrint("Successfully created log file.../n");

                   DbgPrint("File Handle = %x/n",pKeyboardDeviceExtension->hLogFile);

                   DbgPrint("Move to Eof %d/n", fsi.EndOfFile);

         }

 

 

 这段代码打开文件 C:/temp.txt 并将文件指针移动到文件末尾

在 SDK 编程中我们只需要

SetFilePointer(hAppend, 0, NULL, FILE_END);

就可以将文件指针移动到文件尾,但在 DDK 编程中我们需要使用 ZwQueryInformationFile 获得文件大小,然后使用 ZwSetInformationFile 将文件指针移动到需要的位置。

版权声明:本文为博主原创文章,未经博主允许不得转载。

相关文章推荐

How to build parport related driver upon parport module in the kernel

The following is from  Documentation/parport-lowlevel.txt.At last,  a example is given.The example i...

How to mount partition with ntfs file system and read write access

原文地址:http://linuxconfig.org/How_to_mount_partition_with_ntfs_file_system_and_read_write_access 1. I...

在64位系统下安装32位ODBC驱动问题How to install and configure a 32 bit ODBC driver on a 64 bit Operating System?

You have a 64 bit operating system, which usually comes with a more modern equipment, and specially ...

关于kernel-win32的文件操作

  • 2010-08-28 13:06
  • 265KB
  • 下载

file文件操作通用类

How to Install Nvidia Kernel Module Cuda and Pyrit in Kali Linux

Install Nvidia Kernel Module Cuda and Pyrit in Kali Linux UPDATE: 13/03/2014 – Readers should fol...

java file 文件操作例子

文件操作大全(file)

内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:深度学习:神经网络中的前向传播和反向传播算法推导
举报原因:
原因补充:

(最多只允许输入30个字)