几个函数,留着查看:
1、ObReferenceObjectByHandle:
用来获得一个File Handle对应的FileObject。
FILE_OBJECT fileob;
stat=ObReferenceObjectByHandle(handle,GENERIC_READ,*IoFileObjectType,KernelMode,(PVOID*)&fileob,0);
用在ZwSetInformationFile(IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass )
2、IoVolumeDeviceToDosName:
The IoVolumeDeviceToDosName routine returns the MS-DOS path for a specified device object that represents
a file system volume
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
