Win7对目标文件夹进行访问控制

最新推荐文章于 2025-05-17 17:05:04 发布
原创 最新推荐文章于 2025-05-17 17:05:04 发布 · 1.4k 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

在minifilter框架下,对目标文件夹进行访问控制。

/*++

Copyright (c) 1999 - 2002  Microsoft Corporation

Module Name:

passThrough.c

Abstract:

This is the main module of the passThrough miniFilter driver.
This filter hooks all IO operations for both pre and post operation
callbacks.  The filter passes through the operations.

Environment:

Kernel mode

--*/

#include <fltKernel.h>
#include <dontuse.h>
#include <suppress.h>
#include <ntddscsi.h>		
#pragma prefast(disable:__WARNING_ENCODE_MEMBER_FUNCTION_POINTER, "Not valid for kernel mode drivers")


PFLT_FILTER gFilterHandle;
ULONG_PTR OperationStatusCtx = 1;

#define PTDBG_TRACE_ROUTINES            0x00000001
#define PTDBG_TRACE_OPERATION_STATUS    0x00000002

ULONG gTraceFlags = 0;

#define PT_DBG_PRINT( _dbgLevel, _string )          \
	(FlagOn(gTraceFlags,(_dbgLevel)) ?              \
	DbgPrint _string :                          \
	((int)0))

/*************************************************************************
Prototypes
*************************************************************************/

DRIVER_INITIALIZE DriverEntry;
NTSTATUS
	DriverEntry (
	__in PDRIVER_OBJECT DriverObject,
	__in PUNICODE_STRING RegistryPath
	);

NTSTATUS
	PtInstanceSetup (
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__in FLT_INSTANCE_SETUP_FLAGS Flags,
	__in DEVICE_TYPE VolumeDeviceType,
	__in FLT_FILESYSTEM_TYPE VolumeFilesystemType
	);

VOID
	PtInstanceTeardownStart (
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__in FLT_INSTANCE_TEARDOWN_FLAGS Flags
	);

VOID
	PtInstanceTeardownComplete (
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__in FLT_INSTANCE_TEARDOWN_FLAGS Flags
	);

NTSTATUS
	PtUnload (
	__in FLT_FILTER_UNLOAD_FLAGS Flags
	);

NTSTATUS
	PtInstanceQueryTeardown (
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__in FLT_INSTANCE_QUERY_TEARDOWN_FLAGS Flags
	);

FLT_PREOP_CALLBACK_STATUS
	PtPreOperationPassThrough (
	__inout PFLT_CALLBACK_DATA Data,
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__deref_out_opt PVOID *CompletionContext
	);

VOID
	PtOperationStatusCallback (
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__in PFLT_IO_PARAMETER_BLOCK ParameterSnapshot,
	__in NTSTATUS OperationStatus,
	__in PVOID RequesterContext
	);

FLT_POSTOP_CALLBACK_STATUS
	PtPostOperationPassThrough (
	__inout PFLT_CALLBACK_DATA Data,
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__in_opt PVOID CompletionContext,
	__in FLT_POST_OPERATION_FLAGS Flags
	);

FLT_PREOP_CALLBACK_STATUS
	PtPreOperationNoPostOperationPassThrough (
	__inout PFLT_CALLBACK_DATA Data,
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__deref_out_opt PVOID *CompletionContext
	);

BOOLEAN
	PtDoRequestOperationStatus(
	__in PFLT_CALLBACK_DATA Data
	);

//IRP_MJ_CREATE control function
FLT_PREOP_CALLBACK_STATUS
	PtPreOperationCreateControl (
	__inout PFLT_CALLBACK_DATA Data,
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__deref_out_opt PVOID *CompletionContext
	);
FLT_POSTOP_CALLBACK_STATUS
	PtPostOperationCreateControl (
	__inout PFLT_CALLBACK_DATA Data,
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__in_opt PVOID CompletionContext,
	__in FLT_POST_OPERATION_FLAGS Flags
	);
//
//  Assign text sections for each routine.
//

#ifdef ALLOC_PRAGMA
#pragma alloc_text(INIT, DriverEntry)
#pragma alloc_text(PAGE, PtUnload)
#pragma alloc_text(PAGE, PtInstanceQueryTeardown)
#pragma alloc_text(PAGE, PtInstanceSetup)
#pragma alloc_text(PAGE, PtInstanceTeardownStart)
#pragma alloc_text(PAGE, PtInstanceTeardownComplete)
#endif

//
//  operation registration
//

CONST FLT_OPERATION_REGISTRATION Callbacks[] = {
	{ IRP_MJ_CREATE,
	0,
	PtPreOperationCreateControl,
	PtPostOperationCreateControl },
	{ IRP_MJ_OPERATION_END }
};

//
//  This defines what we want to filter with FltMgr
//

CONST FLT_REGISTRATION FilterRegistration = {

	sizeof( FLT_REGISTRATION ),         //  Size
	FLT_REGISTRATION_VERSION,           //  Version
	0,                                  //  Flags

	NULL,                               //  Context
	Callbacks,                          //  Operation callbacks

	PtUnload,                           //  MiniFilterUnload

	PtInstanceSetup,                    //  InstanceSetup
	PtInstanceQueryTeardown,            //  InstanceQueryTeardown
	PtInstanceTeardownStart,            //  InstanceTeardownStart
	PtInstanceTeardownComplete,         //  InstanceTeardownComplete

	NULL,                               //  GenerateFileName
	NULL,                               //  GenerateDestinationFileName
	NULL                                //  NormalizeNameComponent

};

PWCHAR prefixName = L"invisible";
ULONG prefixLength = 9;

NTSTATUS
	PtInstanceSetup (
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__in FLT_INSTANCE_SETUP_FLAGS Flags,
	__in DEVICE_TYPE VolumeDeviceType,
	__in FLT_FILESYSTEM_TYPE VolumeFilesystemType
	)
	/*++

	Routine Description:

	This routine is called whenever a new instance is created on a volume. This
	gives us a chance to decide if we need to attach to this volume or not.

	If this routine is not defined in the registration structure, automatic
	instances are alwasys created.

	Arguments:

	FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
	opaque handles to this filter, instance and its associated volume.

	Flags - Flags describing the reason for this attach request.

	Return Value:

	STATUS_SUCCESS - attach
	STATUS_FLT_DO_NOT_ATTACH - do not attach

	--*/
{
	UNREFERENCED_PARAMETER( FltObjects );
	UNREFERENCED_PARAMETER( Flags );
	UNREFERENCED_PARAMETER( VolumeDeviceType );
	UNREFERENCED_PARAMETER( VolumeFilesystemType );

	PAGED_CODE();

	PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
		("PassThrough!PtInstanceSetup: Entered\n") );

	return STATUS_SUCCESS;
}


NTSTATUS
	PtInstanceQueryTeardown (
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__in FLT_INSTANCE_QUERY_TEARDOWN_FLAGS Flags
	)
	/*++

	Routine Description:

	This is called when an instance is being manually deleted by a
	call to FltDetachVolume or FilterDetach thereby giving us a
	chance to fail that detach request.

	If this routine is not defined in the registration structure, explicit
	detach requests via FltDetachVolume or FilterDetach will always be
	failed.

	Arguments:

	FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
	opaque handles to this filter, instance and its associated volume.

	Flags - Indicating where this detach request came from.

	Return Value:

	Returns the status of this operation.

	--*/
{
	UNREFERENCED_PARAMETER( FltObjects );
	UNREFERENCED_PARAMETER( Flags );

	PAGED_CODE();

	PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
		("PassThrough!PtInstanceQueryTeardown: Entered\n") );

	return STATUS_SUCCESS;
}


VOID
	PtInstanceTeardownStart (
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__in FLT_INSTANCE_TEARDOWN_FLAGS Flags
	)
	/*++

	Routine Description:

	This routine is called at the start of instance teardown.

	Arguments:

	FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
	opaque handles to this filter, instance and its associated volume.

	Flags - Reason why this instance is been deleted.

	Return Value:

	None.

	--*/
{
	UNREFERENCED_PARAMETER( FltObjects );
	UNREFERENCED_PARAMETER( Flags );

	PAGED_CODE();

	PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
		("PassThrough!PtInstanceTeardownStart: Entered\n") );
}


VOID
	PtInstanceTeardownComplete (
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__in FLT_INSTANCE_TEARDOWN_FLAGS Flags
	)
	/*++

	Routine Description:

	This routine is called at the end of instance teardown.

	Arguments:

	FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
	opaque handles to this filter, instance and its associated volume.

	Flags - Reason why this instance is been deleted.

	Return Value:

	None.

	--*/
{
	UNREFERENCED_PARAMETER( FltObjects );
	UNREFERENCED_PARAMETER( Flags );

	PAGED_CODE();

	PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
		("PassThrough!PtInstanceTeardownComplete: Entered\n") );
}


/*************************************************************************
MiniFilter initialization and unload routines.
*************************************************************************/

NTSTATUS
	DriverEntry (
	__in PDRIVER_OBJECT DriverObject,
	__in PUNICODE_STRING RegistryPath
	)
	/*++

	Routine Description:

	This is the initialization routine for this miniFilter driver.  This
	registers with FltMgr and initializes all global data structures.

	Arguments:

	DriverObject - Pointer to driver object created by the system to
	represent this driver.

	RegistryPath - Unicode string identifying where the parameters for this
	driver are located in the registry.

	Return Value:

	Returns STATUS_SUCCESS.

	--*/
{
	NTSTATUS status;

	UNREFERENCED_PARAMETER( RegistryPath );

	PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
		("PassThrough!DriverEntry: Entered\n") );

	//
	//  Register with FltMgr to tell it our callback routines
	//

	status = FltRegisterFilter( DriverObject,
		&FilterRegistration,
		&gFilterHandle );

	ASSERT( NT_SUCCESS( status ) );

	if (NT_SUCCESS( status )) {

		//
		//  Start filtering i/o
		//

		status = FltStartFiltering( gFilterHandle );

		if (!NT_SUCCESS( status )) {

			FltUnregisterFilter( gFilterHandle );
		}
	}
	KdPrint(("hello driver!"));
	return status;
}

NTSTATUS
	PtUnload (
	__in FLT_FILTER_UNLOAD_FLAGS Flags
	)
	/*++

	Routine Description:

	This is the unload routine for this miniFilter driver. This is called
	when the minifilter is about to be unloaded. We can fail this unload
	request if this is not a mandatory unloaded indicated by the Flags
	parameter.

	Arguments:

	Flags - Indicating if this is a mandatory unload.

	Return Value:

	Returns the final status of this operation.

	--*/
{
	UNREFERENCED_PARAMETER( Flags );

	PAGED_CODE();
	KdPrint(("hello drive1r! unload "));
	PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
		("PassThrough!PtUnload: Entered\n") );

	FltUnregisterFilter( gFilterHandle );

	return STATUS_SUCCESS;
}


/*************************************************************************
MiniFilter callback routines.
*************************************************************************/
FLT_PREOP_CALLBACK_STATUS
	PtPreOperationPassThrough (
	__inout PFLT_CALLBACK_DATA Data,
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__deref_out_opt PVOID *CompletionContext
	)
	/*++

	Routine Description:

	This routine is the main pre-operation dispatch routine for this
	miniFilter. Since this is just a simple passThrough miniFilter it
	does not do anything with the callbackData but rather return
	FLT_PREOP_SUCCESS_WITH_CALLBACK thereby passing it down to the next
	miniFilter in the chain.

	This is non-pageable because it could be called on the paging path

	Arguments:

	Data - Pointer to the filter callbackData that is passed to us.

	FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
	opaque handles to this filter, instance, its associated volume and
	file object.

	CompletionContext - The context for the completion routine for this
	operation.

	Return Value:

	The return value is the status of the operation.

	--*/
{
	NTSTATUS status;

	UNREFERENCED_PARAMETER( FltObjects );
	UNREFERENCED_PARAMETER( CompletionContext );

	PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
		("PassThrough!PtPreOperationPassThrough: Entered\n") );
	KdPrint(("hello pre!"));
	//
	//  See if this is an operation we would like the operation status
	//  for.  If so request it.
	//
	//  NOTE: most filters do NOT need to do this.  You only need to make
	//        this call if, for example, you need to know if the oplock was
	//        actually granted.
	//

	if (PtDoRequestOperationStatus( Data )) {

		status = FltRequestOperationStatusCallback( Data,
			PtOperationStatusCallback,
			(PVOID)(++OperationStatusCtx) );
		if (!NT_SUCCESS(status)) {

			PT_DBG_PRINT( PTDBG_TRACE_OPERATION_STATUS,
				("PassThrough!PtPreOperationPassThrough: FltRequestOperationStatusCallback Failed, status=%08x\n",
				status) );
		}
	}

	return FLT_PREOP_SUCCESS_WITH_CALLBACK;
}



VOID
	PtOperationStatusCallback (
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__in PFLT_IO_PARAMETER_BLOCK ParameterSnapshot,
	__in NTSTATUS OperationStatus,
	__in PVOID RequesterContext
	)
	/*++

	Routine Description:

	This routine is called when the given operation returns from the call
	to IoCallDriver.  This is useful for operations where STATUS_PENDING
	means the operation was successfully queued.  This is useful for OpLocks
	and directory change notification operations.

	This callback is called in the context of the originating thread and will
	never be called at DPC level.  The file object has been correctly
	referenced so that you can access it.  It will be automatically
	dereferenced upon return.

	This is non-pageable because it could be called on the paging path

	Arguments:

	FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
	opaque handles to this filter, instance, its associated volume and
	file object.

	RequesterContext - The context for the completion routine for this
	operation.

	OperationStatus -

	Return Value:

	The return value is the status of the operation.

	--*/
{
	UNREFERENCED_PARAMETER( FltObjects );

	PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
		("PassThrough!PtOperationStatusCallback: Entered\n") );
	KdPrint(("hello driver callbacks!"));
	PT_DBG_PRINT( PTDBG_TRACE_OPERATION_STATUS,
		("PassThrough!PtOperationStatusCallback: Status=%08x ctx=%p IrpMj=%02x.%02x \"%s\"\n",
		OperationStatus,
		RequesterContext,
		ParameterSnapshot->MajorFunction,
		ParameterSnapshot->MinorFunction,
		FltGetIrpName(ParameterSnapshot->MajorFunction)) );
}


FLT_PREOP_CALLBACK_STATUS
	PtPreOperationNoPostOperationPassThrough (
	__inout PFLT_CALLBACK_DATA Data,
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__deref_out_opt PVOID *CompletionContext
	)
	/*++

	Routine Description:

	This routine is the main pre-operation dispatch routine for this
	miniFilter. Since this is just a simple passThrough miniFilter it
	does not do anything with the callbackData but rather return
	FLT_PREOP_SUCCESS_WITH_CALLBACK thereby passing it down to the next
	miniFilter in the chain.

	This is non-pageable because it could be called on the paging path

	Arguments:

	Data - Pointer to the filter callbackData that is passed to us.

	FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
	opaque handles to this filter, instance, its associated volume and
	file object.

	CompletionContext - The context for the completion routine for this
	operation.

	Return Value:

	The return value is the status of the operation.

	--*/
{
	UNREFERENCED_PARAMETER( Data );
	UNREFERENCED_PARAMETER( FltObjects );
	UNREFERENCED_PARAMETER( CompletionContext );

	PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
		("PassThrough!PtPreOperationNoPostOperationPassThrough: Entered\n") );
	KdPrint(("hello d2234river!"));
	return FLT_PREOP_SUCCESS_NO_CALLBACK;
}


BOOLEAN
	PtDoRequestOperationStatus(
	__in PFLT_CALLBACK_DATA Data
	)
	/*++

	Routine Description:

	This identifies those operations we want the operation status for.  These
	are typically operations that return STATUS_PENDING as a normal completion
	status.

	Arguments:

	Return Value:

	TRUE - If we want the operation status
	FALSE - If we don't

	--*/
{
	PFLT_IO_PARAMETER_BLOCK iopb = Data->Iopb;

	//
	//  return boolean state based on which operations we are interested in
	//

	return (BOOLEAN)

		//
		//  Check for oplock operations
		//

		(((iopb->MajorFunction == IRP_MJ_FILE_SYSTEM_CONTROL) &&
		((iopb->Parameters.FileSystemControl.Common.FsControlCode == FSCTL_REQUEST_FILTER_OPLOCK)  ||
		(iopb->Parameters.FileSystemControl.Common.FsControlCode == FSCTL_REQUEST_BATCH_OPLOCK)   ||
		(iopb->Parameters.FileSystemControl.Common.FsControlCode == FSCTL_REQUEST_OPLOCK_LEVEL_1) ||
		(iopb->Parameters.FileSystemControl.Common.FsControlCode == FSCTL_REQUEST_OPLOCK_LEVEL_2)))

		||

		//
		//    Check for directy change notification
		//

		((iopb->MajorFunction == IRP_MJ_DIRECTORY_CONTROL) &&
		(iopb->MinorFunction == IRP_MN_NOTIFY_CHANGE_DIRECTORY))
		);
}
BOOLEAN NPUnicodeStringToChar(PUNICODE_STRING UniName, char Name[])
{
	ANSI_STRING	AnsiName;			
	NTSTATUS	ntstatus;
	char*		nameptr;			

	__try {	    		   		    		
		ntstatus = RtlUnicodeStringToAnsiString(&AnsiName, UniName, TRUE);		

		if (AnsiName.Length < 260) {
			nameptr = (PCHAR)AnsiName.Buffer;
			//Convert into upper case and copy to buffer
			strcpy(Name, _strupr(nameptr));						    	    
			//DbgPrint("NPUnicodeStringToChar : %s\n", Name);	
		}		  	
		RtlFreeAnsiString(&AnsiName);		 
	} 
	__except(EXCEPTION_EXECUTE_HANDLER) {
		DbgPrint("NPUnicodeStringToChar EXCEPTION_EXECUTE_HANDLER\n");	
		return FALSE;
	}
	return TRUE;
}     

FLT_PREOP_CALLBACK_STATUS
	PtPreOperationCreateControl (
	__inout PFLT_CALLBACK_DATA Data,
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__deref_out_opt PVOID *CompletionContext
	)
{
	char FileName[1024]={"X:"};
	NTSTATUS status;
	PFLT_FILE_NAME_INFORMATION nameinfo;


	UNREFERENCED_PARAMETER( Data );
	UNREFERENCED_PARAMETER( FltObjects );
	UNREFERENCED_PARAMETER( CompletionContext);
	PAGED_CODE();

	//KdPrint(("ok"));
	_try
	{
		status = FltGetFileNameInformation(Data,FLT_FILE_NAME_NORMALIZED|FLT_FILE_NAME_QUERY_DEFAULT,&nameinfo);
		if (NT_SUCCESS(status))
		{
			FltParseFileNameInformation(nameinfo);
			if(NPUnicodeStringToChar(&nameinfo->Name, FileName))
			{
				if(strstr(FileName,"WQ"))
				{
					DbgPrint("filename %s",FileName);
					Data->IoStatus.Status = STATUS_ACCESS_DENIED;
					//Data->IoStatus.Information = 0;
					FltReleaseFileNameInformation( nameinfo );
					return FLT_PREOP_COMPLETE;	
				}
			}
		}
		FltReleaseFileNameInformation( nameinfo );      

	}
	_except(EXCEPTION_EXECUTE_HANDLER)
	{
		KdPrint(("Create Control Exception"));
	}
	return FLT_PREOP_SUCCESS_WITH_CALLBACK;
}


FLT_POSTOP_CALLBACK_STATUS
	PtPostOperationCreateControl (
	__inout PFLT_CALLBACK_DATA Data,
	__in PCFLT_RELATED_OBJECTS FltObjects,
	__in_opt PVOID CompletionContext,
	__in FLT_POST_OPERATION_FLAGS Flags
	)
{
	return FLT_POSTOP_FINISHED_PROCESSING;
}

编译环境为Windows win7  X86 checked build environment

编译source、makefile 安装inf与上一篇中相同。

此驱动不是特别稳定,有时候会抛出异常,利用dbgview可以看到,后续再改进。

飞鸟Mu
关注
windows内核访问控制机制
Returns' Station
06-27 3477
主要看了下面两部分:     1.进程对系统进行特权操作需要有一个权限(Privilege),所以进程有特权集表示进程拥有的权限,内核会在执行这些权限时检查进程是否有权执行此操作。      2.进程对于每个内核对象的操作权限不同,内核对象有一个访问控制列表(ACL)来标示某个用户启动的进程有如何的访问权。进程对对象执行操作时,会检查相应的权限是否符合。 一、SID:用来表示系统
Win64 驱动内核编程-17. MINIFILTER(文件保护)
墨鱼菜鸡
12-18 531
MINIFILTER(文件保护) 使用HOOK来监控文件操作的方法有很多,可以在SSDT上HOOK一堆和FILE有关的函数,也可以对FSD进行IRPHOOK,不过这些方法既不方便,也不安全。微软推荐的文件操作过滤方法是使用过滤驱动,在VISTA之后,推荐使用MINI...
[内核驱动]Minifilter实现文件拒绝访问
C0ldstudy的博客
06-04 5315
基于Minifilter的小小拓展
windows文件夹访问控制列表
weixin_51042028的博客
07-13 846
访问控制列表(组或用户名)中添加用户本身(我的是king),后在用户权限中即访问控制项修改权限即可。
windows7文件夹权限添加,解决目标文件夹访问被拒绝
11-08 6312
随着windows7操作系统的普及推广,现在已经有很多人的电脑都在只用这个系统了。使用比较多或者细心的人应该会发现在win7的操作系统中,在文件夹下的c:\windows\winsxs的文件和文件夹受到保护无法删除或创建文件夹。现在拿文件夹c:\windows\winsxs\msil_accessibility_b03f5f7f11d50a3a_6.1.7600.16385_none_223229
解决Win7访问远程共享文件夹提示未知的用户名或密码错误.docx
09-27
- 用户账户是否被添加到了远程服务器的共享文件夹访问者列表中。 - 用户账户是否具备足够的权限以访问所需的文件或文件夹。 ##### 确认远程服务器配置 - **服务器端身份验证设置**:确保远程服务器上的身份验证配置...
Win10共享文件夹访问权限问题终极解决方案
最新发布
mmoo_python的博客
05-17 5843
Win10共享权限问题需要从网络协议、服务配置、权限体系三个维度进行系统排查。建议优先采用SMB3.x协议栈,在安全与便利间取得平衡。对于复杂网络环境,建议部署专业的文件服务器(如Windows Server+DFS-R),配合组策略实现标准化管理。技术人员应建立完整的故障排查清单,通过系统日志、网络抓包、进程监控等手段定位具体瓶颈。
win7把桌面文件夹锁定到任务栏
01-02
标题中的“win7把桌面文件夹锁定到任务栏”指的是在Windows 7操作系统中,用户希望将桌面上的特定文件夹快捷方式固定到任务栏,以便于快速访问。通常,Windows 7的任务栏主要是用于固定应用程序快捷方式或者系统功能...
解决Win7系统打开文件夹假死的方法.docx
09-27
本文将详细介绍四种解决Win7系统文件夹假死问题的方法。 第一种方法是重启Windows资源管理器。当文件夹假死时,可以按下Ctrl+Alt+Delete组合键打开任务管理器,找到名为explorer的进程并将其结束。此时,桌面只剩...
win7文件夹加密
12-01
### Win7文件夹加密详解 在Windows 7操作系统中,用户可以通过系统内置的功能来加密文件或文件夹,以此保护敏感信息不被未授权访问。这一功能对于存储在NTFS(New Technology File System)分区卷上的文件和文件夹...
11、目标文件夹访问被拒绝
一利糖果的博客
04-04 3303
解:(1)鼠标右键该文件夹,点击属性/安全/编辑(E)...,在组或用户名里分别选中Authenticated Users和Users,并在其下方的完全控制权限后的允许复选框里打“✓”,最后点击确定或应用即可。(2)鼠标右键该文件夹,点击属性/安全/高级(V)/更改权限,在权限条目里分别选中Users和Authenticated Users,点击编辑,在基本权限下的完全控制复选框里打“✓”,最后点击确定即可。目标文件夹访问被拒绝。
win10目标文件夹访问被拒绝怎么办
热门推荐
lyc0424的博客
08-13 3万+
方法一: 文件夹右键-属性-安全-添加-高级bai-立即查找-选择du"everyone"-确定-确定-完全控制打勾 以上操作意思是该文件夹添加"everyone"用户所有控制权dao~everyone的意思就是所有人~当然你也可以添加你自己计算机的管理员权限为完全控制~(亲测有用) 方法二: 这是Win10正式版系统为了保护系统文件的安全所给出的警告提示,如果想访问对应的文件夹,就必须提升自己的访问权限才行。下面就是具体的提升访问文件夹权限的方法。 1、右键点击提示我们需要权限的文件夹,然后点击【
Windows 7如何限制运行特定的应用程序(转载)
weixin_30344795的博客
06-12 428
AppLocker即“应用程序控制策略”,是Windows 7系统中新增加的一项安全功能。 步骤/方法 1单击“开始”菜单,单击“控制面板”步骤阅读 2在控制面板中单击打开“管理工具”,弹出的窗口再双击“本地安全策略”步骤阅读 3在左侧控制台树展开“应用程序控制策略”——“AppLocker”步骤阅读 4右击“可执行规则”,打开的下拉菜单点击“创建新规则”命令步骤阅读 5进入“创建AppLocke...
监控进程创建,全部阻止的demo(使用MiniFilter)
kernweak的博客
06-04 2615
使用wdk7600例子passthrough改写,监控IRPIRP_MJ_ACQUIRE_FOR_SECTION_SYNCHRONIZATION在 Data->Iopb->Parameters.AcquireForSectionSynchronization.PageProtection == PAGE_EXECUTE(等于这个就是创建进程) 在x64可以用这个监控进程 ,不会触发pa...
MiniFilter中如何取得IoCallDriver()状态,并继续处理?
weixin_33724046的博客
01-07 341
在MiniFilter开发中,常会根据IoCallDriver的返回状态确定是否进行下一步处理. 那个状态如何获呢? FltRequestOperationStatusCallback() 这个函数可以解决我们的问题. 它只能在PreOperation中调用,设置一个回调函数, 当IoCallDriver调用完成后会调用它所设置的回调函数. 1. ...
一个简单的windows filesystem mini filter 驱动例子
pureman_mega的博客
01-10 1987
代码网上都有,就讲一下解决安装问题: 1,mini filter 的安装,一开始还是项普通的 legacy driver一样,通过命令函 "sc create servicenam binPath type=kernel"发现一直报错:找不到文件;然后调整"sc create servicename binPath type=filesys";驱动可以起来,然后FltRegisterFilter失败,报错找不到对象(0xc0000034).原来mini filter driver 安装需要通过inf 文件
windows内核驱动开发】文件系统微过滤驱动Minifilter——绑定指定的卷(磁盘分区)
zcr214的博客
11-28 4325
【我的】文件系统微过滤驱动Minifilter——绑定指定的卷(磁盘分区) 作者:zcr214 时间:2016/4/21   在编写文件系统微过滤驱动minifilter的时候,很有可能我们只对某一个特定的磁盘分区感兴趣,而其他的如系统盘的很多IRP对于我们要编写的驱动可能是不关注的,所以有必要使得我们的驱动只绑定指定的这个卷,从而减少其他的IRP带来的干扰,节省很多处理流程,比如系统盘的很
win7 隐藏驱动编译于安装
飞鸟
10-25 1498
为了实现Win7下面,对目标文件夹隐藏,经过调试,一下代码可以实现相关的功能。 /*++ Copyright (c) 1999 - 2002 Microsoft Corporation Module Name: passThrough.c Abstract: This is the main module of the passThrough miniFilter
驱动开发:文件微过滤驱动入门
2301_78287784的博客
06-19 794
这里简单介绍一下如何摘除微过滤驱动回调函数,其实摘除回调的方法有多种,常用的第一种通过向过滤驱动中写出一个返回命令让其不被执行从而实现绕过,另一种是找到回调函数并替换为我们自己的回调,而在自己的回调中什么也不做,这里以第二种方法为例,实现替换的代码可以写成如下案例;传统过滤驱动而言的,传统文件过滤驱动相对来说较为复杂,且接口不清晰并不符合快速开发的需求,为了解决复杂的开发问题,微过滤驱动就此诞生,微过滤驱动在编写时更简单,多数。所接管,因为有了兼容层,所以在开发中不需要考虑底层。
Win7环境下用户文件夹安全转移解决方案
3. 用户选择需要转移的用户文件夹,然后指定目标文件夹的位置。 4. 软件执行转移操作,将所选的用户文件夹从系统分区转移到目标分区。 5. 软件可能会提供一些额外的配置选项,比如是否在系统启动时更改默认的文件夹...
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值