Refer to a file by its object name

Refer to a file by its object name

Kernel-mode device drivers refer to a file by its object name. This name is \DosDevices together with the full path of the file. For example, the object name of the C:\Windows\Example.txt file is \DosDevices\C:\Windows\Example.txt. Then the object name is encapsulated into an OBJECT_ATTRIBUTES structure by calling the InitializeObjectAttributes function.

Note If the device driver is loaded early, the \DosDevices namespace may not yet exist. Therefore, the \DosDevices namespace is inaccessible to the device driver because no drive letter is exposed. The only part of the file system that is guaranteed to be available is the \SystemRoot namespace. The \SystemRoot namespace is mapped to the folder where the operation system is installed. For example, this folder may be C:\Windows or D:\Winnt.

The following code example illustrates how to refer to a file by its object name.
    UNICODE_STRING     uniName;
    OBJECT_ATTRIBUTES  objAttr;

    RtlInitUnicodeString(&uniName, L"\\DosDevices\\C:\\WINDOWS\\example.txt");  // or L"\\SystemRoot\\example.txt"
    InitializeObjectAttributes(&objAttr, &uniName,
                               OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
                               NULL, NULL);

Obtain a file handle

To obtain a file handle, you can pass an OBJECT_ATTRIBUTES structure to the ZwCreateFile function. The DesiredAccess parameter can be set to either GENERIC_READ, GENERIC_WRITE, or GENERIC_ALL, depending on what you want to do. If you set the CreateOptions parameter to FILE_SYNCHRONOUS_IO_NONALERT or FILE_SYNCHRONOUS_IO_ALERT, the file system keeps track of the current file-position offset. Therefore, you can sequentially read or write to the file later. Additionally, you can access the file at a random location.

The following code example illustrates how to obtain a file handle.
    HANDLE   handle;
    NTSTATUS ntstatus;
    IO_STATUS_BLOCK    ioStatusBlock;

    // Do not try to perform any file operations at higher IRQL levels.
    // Instead, you may use a work item or a system worker thread to perform file operations.

    if(KeGetCurrentIrql() != PASSIVE_LEVEL)
        return STATUS_INVALID_DEVICE_STATE; 

    ntstatus = ZwCreateFile(&handle,
                            GENERIC_WRITE,
                            &objAttr, &ioStatusBlock, NULL,
                            FILE_ATTRIBUTE_NORMAL,
                            0,
                            FILE_OVERWRITE_IF, 
                            FILE_SYNCHRONOUS_IO_NONALERT,
                            NULL, 0);

Read from or write to a file

You can now call the ZwReadFile function or the ZwWriteFile function. When you have finished modifying the file, close the handle by using the ZwClose function.

The following code example illustrates how to write to a file.
    #define  BUFFER_SIZE 30
    CHAR     buffer[BUFFER_SIZE];
    size_t  cb;

    if(NT_SUCCESS(ntstatus)) {
        ntstatus = RtlStringCbPrintfA(buffer, sizeof(buffer), "This is %d test\r\n", 0x0);
    	if(NT_SUCCESS(ntstatus)) {
      	    ntstatus = RtlStringCbLengthA(buffer, sizeof(buffer), &cb);
       	    if(NT_SUCCESS(ntstatus)) {
                ntstatus = ZwWriteFile(handle, NULL, NULL, NULL, &ioStatusBlock,
	          		       buffer, cb, NULL, NULL);
       	    }
    	}
        ZwClose(handle);
    }
The following code example illustrates how to read from a file.
    LARGE_INTEGER      byteOffset;

    ntstatus = ZwCreateFile(&handle,
                            GENERIC_READ,
                            &objAttr, &ioStatusBlock,
                            NULL,
                            FILE_ATTRIBUTE_NORMAL,
                            0,
                            FILE_OPEN, 
                            FILE_SYNCHRONOUS_IO_NONALERT,
                            NULL, 0);
    if(NT_SUCCESS(ntstatus)) {
        byteOffset.LowPart = byteOffset.HighPart = 0;
        ntstatus = ZwReadFile(handle, NULL, NULL, NULL, &ioStatusBlock,
                              buffer, BUFFER_SIZE, &byteOffset, NULL);
        if(NT_SUCCESS(ntstatus)) {
            buffer[BUFFER_SIZE-1] = '\0';
            DbgPrint("%s\n", buffer);
        }
        ZwClose(handle);
    }
  • 0
    点赞
  • 0
    评论
  • 0
    收藏
  • 一键三连
    一键三连
  • 扫一扫,分享海报

©️2021 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值