在驱动,进行一次简单的读文件的操作。
#include <ntddk.h>
#define TestFileNamePath
L"\\??\\c:\\1111\\111.txt.csx"
NTSTATUS
FileTest_Read(HANDLE hFile)
{
NTSTATUS
status = STATUS_SUCCESS;
LARGE_INTEGER
nFileLen = { 0 };
IO_STATUS_BLOCK ioState = { 0 };
PUCHAR
pBuffer = NULL;
ULONG
FileLen = 0;
FILE_STANDARD_INFORMATION StardInfo = { 0 };
if (ZwQueryInformationFile(hFile, &ioState, &StardInfo, sizeof(StardInfo), FileStandardInformation) == STATUS_SUCCESS)
{
if (StardInfo.EndOfFile.QuadPart == 0)
return status;
nFileLen.QuadPart = StardInfo.EndOfFile.QuadPart;
pBuffer = ExAllocatePool(PagedPool, (SIZE_T)nFileLen.QuadPart);
if (pBuffer == NULL)
{
status = STATUS_INSUFFICIENT_RESOURCES;
}
else
{
PUCHAR pTempBuffer = pBuffer;
FileLen = (ULONG)nFileLen.QuadPart;
nFileLen.QuadPart = 0;
if (STATUS_SUCCESS == (status = ZwReadFile(hFile, NULL, NULL, NULL, &ioState, pTempBuffer, FileLen, &nFileLen, NULL)))
{
ASSERT(FileLen == ioState.Information);
KdPrint(("[FileTest_Read] ZwReadBuf=%s!\n", pBuffer));
}
else
{
status = ioState.Status;
}
ExFreePool(pBuffer);
}
}
else
{
status = ioState.Status;
}
return status;
}
HANDLE FileTest_Open()
{
HANDLE file_handle = NULL;
NTSTATUS status;
OBJECT_ATTRIBUTES object_attributes;
UNICODE_STRING ufile_name;
IO_STATUS_BLOCK io_status;
RtlInitUnicodeString(&ufile_name, TestFileNamePath);//初始化文件名
InitializeObjectAttributes(
&object_attributes,
&ufile_name,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL);
status = ZwCreateFile(
&file_handle,
GENERIC_READ | GENERIC_WRITE,
&object_attributes,
&io_status,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OPEN_IF,
FILE_NON_DIRECTORY_FILE |
FILE_RANDOM_ACCESS |
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
if (!NT_SUCCESS(status))
{
KdPrint(("[FileTest_Open] ZwCreateFile failed!\n"));
status = io_status.Status;
}
else
{
KdPrint(("[FileTest_Open] ZwCreateFile successful!\n"));
status = STATUS_SUCCESS;
}
return file_handle;
}
VOID
DriverUnload(
IN PDRIVER_OBJECT driverObject
)
{
UNREFERENCED_PARAMETER(driverObject);
KdPrint(("[DriverUnload] successful!\n"));
return;
}
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT driverObject,
IN PUNICODE_STRING registryPath
)
{
NTSTATUS status = STATUS_SUCCESS;
HANDLE hFile;
UNREFERENCED_PARAMETER(registryPath);
hFile = FileTest_Open();
if (hFile)
{
if (STATUS_SUCCESS != FileTest_Read(hFile) )
{
KdPrint(("[DriverEntry] FileTest_Read error!!\n"));
}
ZwClose(hFile);
}
driverObject->DriverUnload = DriverUnload;
KdPrint(("[DriverEntry] successful!\n"));
return status;
}