首先 当编译驱动时发生错误:
LINK : warning LNK4044: unrecognized option '/pdbtype:sept'; ignored
Creating browse info file...
BSCMAKE: error BK1510 : corrupt .SBR file '.\sys\DriverMemory.sbr'
解决方法:
勾掉工程or项目(各版本翻译不一样)-> 设置or属性(仍然是翻译不一样)-> C/C++ -> 产生浏览信息,编译没有错误了
文件创建:
#pragma INITCODE
VOID MyCreaFile()
{
OBJECT_ATTRIBUTES obj_attr;
UNICODE_STRING Obj_Attr_Name;
IO_STATUS_BLOCK iostatus;
HANDLE hFile;
RtlInitUnicodeString(&Obj_Attr_Name,L"\\??\\C:\\1.log");//或者写成 \\Device\\HarddiskVolume1\\1.log
InitializeObjectAttributes(&obj_attr,&Obj_Attr_Name,OBJ_CASE_INSENSITIVE,NULL,NULL);
NTSTATUS status = ZwCreateFile(&hFile,
GENERIC_WRITE,
&obj_attr,
&iostatus,
0,FILE_ATTRIBUTE_NORMAL
,FILE_SHARE_READ
,FILE_OPEN_IF,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,0);
if (!NT_SUCCESS(status))
{
KdPrint(("创建文件失败!\n"));
}
else
{
KdPrint(("创建文件成功!\n"));
}
//文件操作
ZwClose(hFile);
}
文件打开 两个方式:
#pragma INITCODE
VOID MyOpenFile()
{
OBJECT_ATTRIBUTES obj_attr1,obj_attr2;
UNICODE_STRING obj_attr_name1,obj_attr_name2;
HANDLE hFile1,hFile2;
IO_STATUS_BLOCK iostatus1,iostatus2;
RtlInitUnicodeString(&obj_attr_name1,L"\\??\\C:\\1.log");
RtlInitUnicodeString(&obj_attr_name2,L"\\??\\C:\\2.log");//不能同时打开同一文件
InitializeObjectAttributes(&obj_attr1,
&obj_attr_name1,
OBJ_CASE_INSENSITIVE,
NULL,NULL);
InitializeObjectAttributes(&obj_attr2,
&obj_attr_name2,
OBJ_CASE_INSENSITIVE,
NULL,NULL);
//方式1
NTSTATUS status1 = ZwCreateFile(&hFile1,
FILE_GENERIC_READ,
&obj_attr1,
&iostatus1,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OPEN,//打开文件,不存在 反悔错误
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,0);
//方式2
NTSTATUS status2 = ZwOpenFile(&hFile2,
GENERIC_ALL,
&obj_attr2,
&iostatus2,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_NONALERT);
if (!NT_SUCCESS(status1))
{
KdPrint(("方式1:打开文件失败"));
}
else
{
KdPrint(("方式1:打开文件成功"));
}
if (!NT_SUCCESS(status2))
{
KdPrint(("方式2:打开文件失败"));
}
else
{
KdPrint(("方式2:打开文件成功"));
}
ZwClose(hFile1);
ZwClose(hFile2);
}
实验 修改文件属性:
#pragma INITCODE
VOID MyQueryInformationFile()
{
HANDLE hFile;
OBJECT_ATTRIBUTES obj_attr;
UNICODE_STRING obj_attr_name;
IO_STATUS_BLOCK io_status;
RtlInitUnicodeString(&obj_attr_name,L"\\??\\C:\\my.log");
InitializeObjectAttributes(&obj_attr,
&obj_attr_name,
OBJ_CASE_INSENSITIVE,
NULL,NULL);
NTSTATUS status = ZwCreateFile(&hFile,
GENERIC_READ,
&obj_attr,
&io_status,
0,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OPEN,//文件不存在 报错
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,0
);
if (!NT_SUCCESS(status))
{
KdPrint(("文件创建失败\n"));
}
else
KdPrint(("文件创建成功\n"));
//获取文件信息
FILE_STANDARD_INFORMATION fsi;
status = ZwQueryInformationFile(hFile,
&io_status,
&fsi,
sizeof(FILE_STANDARD_INFORMATION),
FileStandardInformation);
if (!NT_SUCCESS(status))
{
KdPrint(("文件获取信息失败\n"));
}
else
KdPrint(("文件获取信息成功\n"));
KdPrint(("file length: %u \n\n",fsi.EndOfFile));
///修改文件指针
KdPrint(("修改文件指针\n"));
FILE_POSITION_INFORMATION fpi;
fpi.CurrentByteOffset.QuadPart = 100i64;
status = ZwSetInformationFile(hFile,
&io_status,
&fpi,
sizeof(FILE_POSITION_INFORMATION),
FilePositionInformation);
if (!NT_SUCCESS(status))
{
KdPrint(("文件设置信息失败\n"));
}
else
KdPrint(("文件设置信息成功\n"));
KdPrint(("file pointer: %u \n\n",fpi.CurrentByteOffset.QuadPart));
//LONGLONGSHI 64位长整型整数
//LARGE_INTEGER 是数据结构
///修改文件基础信息
FILE_BASIC_INFORMATION fbi;
status = ZwQueryInformationFile(hFile,&io_status,
&fbi,
sizeof(FILE_BASIC_INFORMATION),
FileBasicInformation);
if (!NT_SUCCESS(status))
{
KdPrint(("获取文件基本信息失败\n"));
}
else
{
KdPrint(("获取文件基本信息成功\n"));
KdPrint(("文件创建时间:%u\n",fbi.CreationTime));
KdPrint(("最后访问时间:%u\n",fbi.LastAccessTime));
KdPrint(("文件写时间:%u\n",fbi.LastWriteTime));
KdPrint(("最后修改时间:%u\n",fbi.ChangeTime));
KdPrint(("文件属性:%u\n",fbi.FileAttributes));
}
KdPrint(("修改信息:\n\n"));
fbi.ChangeTime.QuadPart = 100i64;
fbi.CreationTime.QuadPart = 100i64;
fbi.LastAccessTime.QuadPart = 100i64;
fbi.LastWriteTime.QuadPart = 100i64;
status = ZwSetInformationFile(hFile,&io_status,
&fbi,
sizeof(FILE_BASIC_INFORMATION),
FileBasicInformation);
if (!NT_SUCCESS(status))
{
KdPrint(("修改信息失败\n"));
}
else
{
KdPrint(("修改信息成功\n"));
KdPrint(("获取文件基本信息成功\n"));
KdPrint(("文件创建时间:%u\n",fbi.CreationTime.QuadPart));
KdPrint(("最后访问时间:%u\n",fbi.LastAccessTime.QuadPart));
KdPrint(("文件写时间:%u\n",fbi.LastWriteTime.QuadPart));
KdPrint(("最后修改时间:%u\n",fbi.ChangeTime.QuadPart));
KdPrint(("文件属性:%u\n",fbi.FileAttributes));
}
ZwClose(hFile);
}
碉堡了·········································································
下面是写入文本内容:
VOID MyFileStudy()//文本 写入 追加学习
{
HANDLE hFile;
OBJECT_ATTRIBUTES obj_attr;
UNICODE_STRING obj_attr_name;
IO_STATUS_BLOCK io_status;
RtlInitUnicodeString(&obj_attr_name,L"\\??\\c:\\FileStudy.log");
InitializeObjectAttributes(&obj_attr,&obj_attr_name,OBJ_CASE_INSENSITIVE,
NULL,NULL);
NTSTATUS status = ZwCreateFile(&hFile,GENERIC_WRITE ,&obj_attr,&io_status,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_WRITE,FILE_OPEN_IF,FILE_SYNCHRONOUS_IO_NONALERT,NULL,0
);//FILE_OPEN_IF不存在 也创建文件
if (!NT_SUCCESS(status))
{
KdPrint(("文件创建失败\n"));
return;
}
else
KdPrint(("文件创建成功\n"));
//写入文件内容///
PUCHAR pWritetofile = (PUCHAR)ExAllocatePool(PagedPool,1024);
RtlFillMemory(pWritetofile,1024,0xAA);
KdPrint(("write to the buffer %d bytes\n",1024));
KdPrint(("buffer内容: %s\n\n",pWritetofile));
ZwWriteFile(hFile,NULL,NULL,NULL,&io_status,pWritetofile,1024,NULL,NULL);
KdPrint(("write to the file %d bytes\n",io_status.Information));
RtlFillMemory(pWritetofile,1024,0xbb);
KdPrint(("the program will append %d bytes \n",1024));
LARGE_INTEGER number;
number.QuadPart = 1024i64;
status = ZwWriteFile(hFile,NULL,NULL,NULL,&io_status,pWritetofile,1024,&number,NULL);
KdPrint(("the program really appended %d bytes\n",io_status.Information));
KdPrint(("buffer内容: %s\n\n",pWritetofile));
//查询文件内容//
FILE_STANDARD_INFORMATION fsi;
status = ZwQueryInformationFile(hFile,
&io_status,
&fsi,
sizeof(FILE_STANDARD_INFORMATION),
FileStandardInformation);
if (NT_SUCCESS(status))
{
KdPrint(("现在文件大小为:%u bytes\n\n\n",fsi.EndOfFile.QuadPart));
}
ZwClose(hFile);
ExFreePool(pWritetofile);
}