// 打开指定文件 HANDLE CKOpenFile( PUNICODE_STRING punFileName ) { HANDLE file_handle = NULL; NTSTATUS status; OBJECT_ATTRIBUTES object_attributes; IO_STATUS_BLOCK io_status = { 0 }; InitializeObjectAttributes( &object_attributes, punFileName, OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE, NULL, NULL); status = ZwCreateFile( &file_handle, GENERIC_READ | GENERIC_WRITE, &object_attributes, &io_status, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ, FILE_OPEN_IF, FILE_NON_DIRECTORY_FILE | FILE_RANDOM_ACCESS | FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); if( !NT_SUCCESS( status ) ) { KdPrint(( "Open file failed! /n" )); return NULL; } return file_handle; } BOOLEAN TestWriteFile() { NTSTATUS status; LARGE_INTEGER offset = { 0 }; IO_STATUS_BLOCK io_status = { 0 }; UNICODE_STRING unFileName = RTL_CONSTANT_STRING( L"//??//C://Test.txt" ); CHAR szBuff[] = { "Write this string to file!" }; HANDLE file_handle = CKOpenFile( &unFileName ); // 打开文件 if( file_handle == NULL ) return FALSE; status = ZwWriteFile( file_handle, NULL, NULL, NULL, &io_status, szBuff, strlen(szBuff), &offset, NULL); if( !NT_SUCCESS(status) ) KdPrint(( "Write file failed!/n" ) ); else offset.QuadPart += strlen(szBuff); ZwClose(file_handle); // 关闭文件 return TRUE; }