文件操作-Malloc笔记

最新推荐文章于 2023-11-24 23:35:05 发布
原创 最新推荐文章于 2023-11-24 23:35:05 发布 · 1k 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#文件操作 #内核 #管理

本文详细介绍了使用Windows内核API进行文件操作的方法,包括创建、读取、写入、复制、移动及删除文件等基本操作,并提供了具体示例代码。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

创建文件/文件夹
读/写
拷贝
移动
删除
属性访问与设置


应用层:”c:\\hi.txt”
内核:L”\\??\\c:\\hi.txt”
R3:
设备名:L”\\\\.\\xxxDrv”
R0
设备名:”\\device\\xxxDrv”
符号连接名:”\\dosdevices\\xxxDrv”




常用API
ZwCreateFile //集创建文件 文件夹 打开 
ZwWriteFile 
ZwReadFile
ZwQueryInformationFile  //查询文件信息
ZwQueryFullAttributesFile //查询文件属性 比如是不是文件 文件夹
ZwSetInformationFile //设置文件
ZwClose
ZwQueryDirectoryFile //枚举文件


ZwCreateFile(
		&hFile, 
		GENERIC_WRITE,
	        &objAttrib, 
		&io_status, 
		NULL, 
		FILE_ATTRIBUTE_NORMAL,
	        FILE_SHARE_READ | FILE_SHARE_WRITE | 		FILE_SHARE_DELETE, 
		FILE_OPEN_IF,
	        FILE_SYNCHRONOUS_IO_NONALERT | 			FILE_NON_DIRECTORY_FILE, 
		NULL, 
		0);


ZwReadFile (                                             
           hSrcFile, 
                NULL,
NULL,
NULL,                    
&io_status,
buffer, 
PAGE_SIZE,
&offset,
NULL
);


ZwWriteFile(
           hDstFile,
	NULL,
	NULL,
	NULL,
	&io_status,
	buffer,
	length,
	&offset,
	NULL
	);





ZwQueryInformationFile

ZwSetInformationFile



ZwQueryInformationFile(
		handle, 
		&iosb,
		&basicInfo,
		sizeof(basicInfo),
		FileBasicInformation
		);


ZwSetInformationFile(
	handle, 
	&iosb,                    	&basicInfo, 	sizeof(basicInfo), 	FileBasicInformation
	);



FileBasicInformation
FileStandardInformation
FileDispositionInformation
FilePositionInformation
FileRenameInformation


typedef struct _FILE_BASIC_INFORMATION {
    LARGE_INTEGER CreationTime;
    LARGE_INTEGER LastAccessTime;
    LARGE_INTEGER LastWriteTime;
    LARGE_INTEGER ChangeTime;
    ULONG FileAttributes;
} FILE_BASIC_INFORMATION, 
*PFILE_BASIC_INFORMATION;


typedef struct 
_FILE_STANDARD_INFORMATION {
    LARGE_INTEGER AllocationSize;
    LARGE_INTEGER EndOfFile;
    ULONG NumberOfLinks;
    BOOLEAN DeletePending;
    BOOLEAN Directory;
} FILE_STANDARD_INFORMATION, 
*PFILE_STANDARD_INFORMATION;


typedef struct _FILE_POSITION_INFORMATION {
    LARGE_INTEGER CurrentByteOffset;
} FILE_POSITION_INFORMATION, 
*PFILE_POSITION_INFORMATION;


typedef struct _FILE_RENAME_INFORMATION {   
	BOOLEAN ReplaceIfExists;    
	HANDLE RootDirectory;    
	ULONG FileNameLength;    
	WCHAR FileName[1];
}FILE_RENAME_INFORMATION, 
*PFILE_RENAME_INFORMATION;


typedef struct _FILE_NETWORK_OPEN_INFORMATION {
    LARGE_INTEGER CreationTime;
    LARGE_INTEGER LastAccessTime;
    LARGE_INTEGER LastWriteTime;
    LARGE_INTEGER ChangeTime;
    LARGE_INTEGER AllocationSize;
    LARGE_INTEGER EndOfFile;
    ULONG FileAttributes;
} FILE_NETWORK_OPEN_INFORMATION, 
*PFILE_NETWORK_OPEN_INFORMATION;


typedef struct _FILE_DISPOSITION_INFORMATION {
    BOOLEAN DeleteFile;
} FILE_DISPOSITION_INFORMATION, 
*PFILE_DISPOSITION_INFORMATION;


删除文件


普通的删除
NTSTATUS ntDeleteFile1(const WCHAR * filename)
{
		NTSTATUS				ntStatus	= 0;
		OBJECT_ATTRIBUTES		objAttr		= {0};
		UNICODE_STRING			uName		= {0};


		RtlInitUnicodeString(&uName, filename);
		InitializeObjectAttributes(
			&objAttr,
			&uName,
			OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
			NULL,
			NULL
			);
		ntStatus = ZwDeleteFile(&objAttr);
		
		return ntStatus;
}



暴力一点的删除 (设置属性)
ZwCreateFile with DELETE




成功?   ----->  NO    ----->  ZwCreateFile with FILE_READ_ATTRIBUTES  FILE_WRITE_ATTRIBUTES 




YES   <----------------------------------   FILE_ATTRIBUTE_NORMAL


ZwSetInformationFile


以 SYNCHRONIZE | FILE_WRITE_DATA | DELETE 打开文件
status = ZwCreateFile(
		&handle, 
		SYNCHRONIZE | FILE_WRITE_DATA | DELETE,
        &objAttributes, 
		&iosb, 
		NULL, 
		FILE_ATTRIBUTE_NORMAL,
        FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
		FILE_OPEN,
        FILE_SYNCHRONOUS_IO_NONALERT | FILE_DELETE_ON_CLOSE, 
		NULL, 
		0);


如果失败则以SYNCHRONIZE | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES打开
status = ZwCreateFile(
				&handle, 
				SYNCHRONIZE | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES,//这个改变
                &objAttributes, 
				&iosb, 
				NULL, 
				FILE_ATTRIBUTE_NORMAL,
                FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
				FILE_OPEN,
                FILE_SYNCHRONOUS_IO_NONALERT, //这个改变
				NULL, 
				0);

如果打开了 则设置FileAttributes = FILE_ATTRIBUTE_NORMAL
然然后再次以DELETE打开(第一种)
如果还失败了就返回了
如果成功了 则设置FILE_DISPOSITION_INFORMATION 结构的DeleteFile = TRUE;
并应用到文件上即可 失败就返回


代码:

NTSTATUS ntDeleteFile2(const WCHAR *fileName)
{
    OBJECT_ATTRIBUTES                	objAttributes	= {0};
    IO_STATUS_BLOCK                    	iosb			= {0};
    HANDLE                           	handle			= NULL;
    FILE_DISPOSITION_INFORMATION    	disInfo			= {0};
	UNICODE_STRING						uFileName		= {0};
    NTSTATUS                        	status			= 0;
	
	RtlInitUnicodeString(&uFileName, fileName);
	
    InitializeObjectAttributes(&objAttributes, 
							&uFileName,
							OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
							NULL,
							NULL);
	
    status = ZwCreateFile(
		&handle, 
		SYNCHRONIZE | FILE_WRITE_DATA | DELETE,
        &objAttributes, 
		&iosb, 
		NULL, 
		FILE_ATTRIBUTE_NORMAL,
        FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
		FILE_OPEN,
        FILE_SYNCHRONOUS_IO_NONALERT | FILE_DELETE_ON_CLOSE, 
		NULL, 
		0);
    if (!NT_SUCCESS(status)) 
	{
        if (status == STATUS_ACCESS_DENIED)
		{
            status = ZwCreateFile(
				&handle, 
				SYNCHRONIZE | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES,
                &objAttributes, 
				&iosb, 
				NULL, 
				FILE_ATTRIBUTE_NORMAL,
                FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
				FILE_OPEN,
                FILE_SYNCHRONOUS_IO_NONALERT, 
				NULL, 
				0);
            if (NT_SUCCESS(status)) 
			{
                FILE_BASIC_INFORMATION        basicInfo = {0};
				
                status = ZwQueryInformationFile(handle, &iosb,
                    &basicInfo, sizeof(basicInfo), FileBasicInformation);
                if (!NT_SUCCESS(status)) 
				{
                    DbgPrint("ZwQueryInformationFile(%wZ) failed(%x)\n", &uFileName, status);
                }
				
                basicInfo.FileAttributes = FILE_ATTRIBUTE_NORMAL;
                status = ZwSetInformationFile(handle, &iosb,
                    &basicInfo, sizeof(basicInfo), FileBasicInformation);
                if (!NT_SUCCESS(status)) 
				{
                    DbgPrint("ZwSetInformationFile(%wZ) failed(%x)\n", &uFileName, status);
                }
				
                ZwClose(handle);
                status = ZwCreateFile(
					&handle, 
					SYNCHRONIZE | FILE_WRITE_DATA | DELETE,
                    &objAttributes, 
					&iosb, 
					NULL, 
					FILE_ATTRIBUTE_NORMAL,
                    FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
					FILE_OPEN,
                    FILE_SYNCHRONOUS_IO_NONALERT | FILE_DELETE_ON_CLOSE, 
					NULL, 
					0);
            }
        }
		
        if (!NT_SUCCESS(status)) 
		{
            DbgPrint("ZwCreateFile(%wZ) failed(%x)\n", &uFileName, status);
            return status;
        }
    }
	
    disInfo.DeleteFile = TRUE;
    status = ZwSetInformationFile(handle, &iosb,
        &disInfo, sizeof(disInfo), FileDispositionInformation);
    if (!NT_SUCCESS(status)) 
	{
        DbgPrint("ZwSetInformationFile(%wZ) failed(%x)\n", &uFileName, status);
    }
	
    ZwClose(handle);
    return status;
}


封装好的代码:
#include <ntifs.h>
#include <ntddk.h>


NTSTATUS ntCreateFile(WCHAR *szFileName);
NTSTATUS ntCreateDirectory(WCHAR *szDirName);


NTSTATUS ntWriteFile(WCHAR *szFileName);
NTSTATUS ntReadFile(WCHAR *szFile);
NTSTATUS ntCopyFile(const WCHAR * src, const WCHAR * dst);
NTSTATUS ntMoveFile(const WCHAR * src, const WCHAR * dst);
NTSTATUS ntDeleteFile1(const WCHAR * filename);
NTSTATUS ntDeleteFile2(const WCHAR *fileName);


ULONG ntGetFileAttributes(const WCHAR * filename);
NTSTATUS ntSetFileAttribute (WCHAR *szFileName);






VOID DriverUnload(PDRIVER_OBJECT pDriverObject)
{
		NTSTATUS ntStatus= 0;


		WCHAR			*szFileName1	= L"\\??\\d:\\1.txt";
		WCHAR			*szFileName2	= L"\\??\\d:\\2.txt";


	 	ntStatus = ntDeleteFile2(szFileName1);
	 	if (!NT_SUCCESS(ntStatus))
	 	{
	 		DbgPrint("ntDeleteFile2() failed%d\n", ntStatus);
	 		//return;
	 	}
	 
	 	ntStatus = ntDeleteFile2(szFileName2);
	 	if (!NT_SUCCESS(ntStatus))
	 	{
	 		DbgPrint("ntDeleteFile2() failed%ws,%x\n", szFileName2,ntStatus);
	 		return;
		}
		DbgPrint("Driver Unloaded\n");
}


NTSTATUS FileOper(VOID);


NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegPath)
{
	DbgPrint("Driver begin\n");
	pDriverObject->DriverUnload = DriverUnload;


	FileOper();


	return STATUS_SUCCESS;
}


NTSTATUS FileOper(VOID)
{
	NTSTATUS		ntStatus		= STATUS_SUCCESS;
	ULONG			ulAttributes	= 0;
	WCHAR			*szDirName		= L"\\??\\D:\\Mallocfree\\";
	WCHAR			*szFileName1	= L"\\??\\d:\\1.txt";
	WCHAR			*szFileName2	= L"\\??\\d:\\2.txt";
	WCHAR			*szFileName3	= L"\\??\\D:\\Mallocfree\\3.txt";
	WCHAR			*szFileName4	= L"\\??\\D:\\Mallocfree\\4.txt";




	ntStatus = ntCreateFile(szFileName1);
	if (!NT_SUCCESS(ntStatus))
	{
		
		DbgPrint("ntCreateFile() failed:%x\n", ntStatus);
		return ntStatus;
	}


	ntStatus = ntCreateDirectory(szDirName);
	if (!NT_SUCCESS(ntStatus))
	{
		DbgPrint("ntCreateDirectory() failed:%x\n", ntStatus);
		return ntStatus;
	}




	ntStatus = ntWriteFile(szFileName1);
	if (!NT_SUCCESS(ntStatus))
	{
		DbgPrint("ntWriteFile() failed:%x\n", ntStatus);
		return ntStatus;
	}


	ntStatus = ntReadFile(szFileName1);
	if (!NT_SUCCESS(ntStatus))
	{
		DbgPrint("ntReadFile() failed:%x\n", ntStatus);
		return ntStatus;
	}


	ntStatus = ntCopyFile(szFileName1, szFileName2);


	if (!NT_SUCCESS(ntStatus))
	{
		DbgPrint("ntCopyFile() failed:%x\n", ntStatus);
		return ntStatus;
	}


	ntStatus = ntCopyFile(szFileName1, szFileName3);
	
	if (!NT_SUCCESS(ntStatus))
	{
		DbgPrint("ntCopyFile() failed:%x\n", ntStatus);
		return ntStatus;
	}




	ntStatus = ntMoveFile(szFileName1, szFileName4);
	
	if (!NT_SUCCESS(ntStatus))
	{
		DbgPrint("ntMoveFile() failed:%x\n", ntStatus);
		return ntStatus;
	}




	ulAttributes = ntGetFileAttributes(szFileName1);
	if(ulAttributes & FILE_ATTRIBUTE_DIRECTORY)
	{
		DbgPrint("%S is a directory\n", szFileName1);
	}
	else
	{
		DbgPrint("%S is not a directory\n", szFileName1);


	}


	ulAttributes = ntGetFileAttributes(szDirName);
	if(ulAttributes & FILE_ATTRIBUTE_DIRECTORY)
	{
		DbgPrint("%S is a directory\n", szDirName);
	}
	else
	{
		DbgPrint("%S is not a directory\n", szDirName);
		
	}


// 	ntStatus = ntDeleteFile2(szFileName1);
// 	if (!NT_SUCCESS(ntStatus))
// 	{
// 		DbgPrint("ntDeleteFile2() failed\n", ntStatus);
// 		return ntStatus;
// 	}
// 
// 	ntStatus = ntDeleteFile2(szFileName2);
// 	if (!NT_SUCCESS(ntStatus))
// 	{
// 		DbgPrint("ntDeleteFile2() failed\n", ntStatus);
// 		return ntStatus;
// 	}


	return ntStatus;
}


NTSTATUS ntCreateFile(WCHAR *szFileName)
{
	OBJECT_ATTRIBUTES		objAttrib	={0};
	UNICODE_STRING			uFileName	={0};
	IO_STATUS_BLOCK 		io_status	= {0};
	HANDLE					hFile		= NULL;
	NTSTATUS				status		= 0;


	RtlInitUnicodeString(&uFileName, szFileName);
	InitializeObjectAttributes(
		&objAttrib,
		& uFileName,
		OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
		NULL,
		NULL
		);




	status = ZwCreateFile(
			&hFile, 
			GENERIC_WRITE,
	        &objAttrib, 
			&io_status, 
			NULL, 
			FILE_ATTRIBUTE_NORMAL,
	        FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
			FILE_OPEN_IF,
	        FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE, 
			NULL, 
			0);


	if(NT_SUCCESS(status))
	{
		ZwClose(hFile);
	}


	return status;
}


NTSTATUS ntCreateDirectory(WCHAR *szDirName)
{
	OBJECT_ATTRIBUTES		objAttrib	=	{0};
	UNICODE_STRING			uDirName	=	{0};
	IO_STATUS_BLOCK 		io_status	=	{0};
	HANDLE					hFile		=	NULL;
	NTSTATUS				status		=	0;


	RtlInitUnicodeString(&uDirName, szDirName);
	InitializeObjectAttributes(&objAttrib,
							&uDirName,
							OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
							NULL,
							NULL);


	status = ZwCreateFile(&hFile, 
			GENERIC_READ | GENERIC_WRITE,
	        &objAttrib, 
			&io_status, 
			NULL, 
			FILE_ATTRIBUTE_DIRECTORY,
	        FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
			FILE_OPEN_IF,
	        FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT, 
			NULL, 
			0);
	if (NT_SUCCESS(status))
	{
		ZwClose(hFile);
	}


	return status;


}


ULONG ntGetFileAttributes(const WCHAR * filename)
{
	ULONG							dwRtn 		= 0;
	NTSTATUS						ntStatus	= STATUS_UNSUCCESSFUL;
	OBJECT_ATTRIBUTES				objAttr		= {0};
	UNICODE_STRING					uName		= {0};
	FILE_NETWORK_OPEN_INFORMATION 	info		= {0};




	if (filename == NULL)
	{
		return ntStatus;
	}
	RtlInitUnicodeString(&uName, filename);
	RtlZeroMemory(&info, sizeof(FILE_NETWORK_OPEN_INFORMATION));


	InitializeObjectAttributes(
			&objAttr,
			&uName,
			OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
			NULL,
			NULL
			);
	ntStatus = ZwQueryFullAttributesFile(
			&objAttr,
			&info);
	if (NT_SUCCESS(ntStatus))
	{
		dwRtn = info.FileAttributes;
	}
	if(dwRtn & FILE_ATTRIBUTE_DIRECTORY)
	{
		DbgPrint("%S is a directory\n", filename);
	}
	return dwRtn;
}


NTSTATUS ntSetFileAttribute (WCHAR *szFileName) 
{
	OBJECT_ATTRIBUTES 			objectAttributes	= {0};
	IO_STATUS_BLOCK 			iostatus			= {0};
	HANDLE 						hfile				= NULL;
	UNICODE_STRING 				uFile				= {0};
	FILE_STANDARD_INFORMATION	fsi					= {0};
	FILE_POSITION_INFORMATION	fpi					= {0};
	NTSTATUS					ntStatus			= 0;




	RtlInitUnicodeString( &uFile, szFileName);
	InitializeObjectAttributes(&objectAttributes,
							&uFile,
							OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, 
							NULL, 
							NULL );


	ntStatus = ZwCreateFile( &hfile, 
							GENERIC_READ,
							&objectAttributes, 
							&iostatus, 
							NULL,
							FILE_ATTRIBUTE_NORMAL, 
							0,
							FILE_OPEN, 
							FILE_SYNCHRONOUS_IO_NONALERT, 
							NULL, 
							0 );
	if (!NT_SUCCESS(ntStatus))
	{
		return ntStatus;
	}


	ntStatus = ZwQueryInformationFile(hfile,
								&iostatus,
								&fsi,
								sizeof(FILE_STANDARD_INFORMATION),
								FileStandardInformation);
	if (!NT_SUCCESS(ntStatus))
	{
		ZwClose(hfile);
		return ntStatus;
	}
	
	fpi.CurrentByteOffset.QuadPart = 100i64;




	ntStatus = ZwSetInformationFile(hfile,
							&iostatus,
							&fpi,
							sizeof(FILE_POSITION_INFORMATION),
							FilePositionInformation);


	ZwClose(hfile);
	return ntStatus;
}


NTSTATUS ntWriteFile(WCHAR *szFileName) 
{
	OBJECT_ATTRIBUTES 	objectAttributes	= {0};
	IO_STATUS_BLOCK 	iostatus			= {0};
	HANDLE 				hfile				= NULL;
	UNICODE_STRING 		uFile				= {0};
	LARGE_INTEGER		number				= {0};
	PUCHAR				pBuffer				= NULL;
	NTSTATUS			ntStatus			= STATUS_SUCCESS;




	RtlInitUnicodeString( &uFile, szFileName);
	
	InitializeObjectAttributes(&objectAttributes,
							&uFile,
							OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
							NULL, 
							NULL );


	//创建文件
	ntStatus = ZwCreateFile( &hfile, 
							GENERIC_WRITE,
							&objectAttributes, 
							&iostatus, 
							NULL,
							FILE_ATTRIBUTE_NORMAL, 
							FILE_SHARE_WRITE,
							FILE_OPEN_IF, 
							FILE_SYNCHRONOUS_IO_NONALERT, 
							NULL, 
							0 );
	if (!NT_SUCCESS(ntStatus))
	{
		return ntStatus;
	}


	pBuffer = (PUCHAR)ExAllocatePoolWithTag(PagedPool,1024, 'ELIF');
	if (pBuffer == NULL)
	{
		ZwClose(hfile);
		return STATUS_INSUFFICIENT_RESOURCES;
	}


	RtlZeroMemory(pBuffer,1024);


	RtlCopyMemory(pBuffer, L"Hello, world", wcslen(L"Hello, world")*sizeof(WCHAR));
	//写文件
	ntStatus = ZwWriteFile(hfile,NULL,NULL,NULL,&iostatus,pBuffer,1024,NULL,NULL);




	ZwClose(hfile);


	ExFreePool(pBuffer);
	return ntStatus;
}


NTSTATUS ntReadFile(WCHAR *szFile) 
{
	OBJECT_ATTRIBUTES 			objectAttributes	= {0};
	IO_STATUS_BLOCK 			iostatus			= {0};
	HANDLE 						hfile				= NULL;
	UNICODE_STRING 				uFile				= {0};
	FILE_STANDARD_INFORMATION	fsi					= {0};
	PUCHAR						pBuffer				= NULL;
	NTSTATUS					ntStatus			= 0;


	RtlInitUnicodeString( &uFile, szFile);
	InitializeObjectAttributes(&objectAttributes,
							&uFile,
							OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
							NULL, 
							NULL );


	ntStatus = ZwCreateFile( &hfile, 
							GENERIC_READ,
							&objectAttributes, 
							&iostatus, 
							NULL,
							FILE_ATTRIBUTE_NORMAL, 
							FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
							FILE_OPEN,
							FILE_SYNCHRONOUS_IO_NONALERT, 
							NULL, 
							0 );


	if (!NT_SUCCESS(ntStatus))
	{
		return ntStatus;
	}


	ntStatus = ZwQueryInformationFile(hfile,
					&iostatus,
					&fsi,
					sizeof(FILE_STANDARD_INFORMATION),
					FileStandardInformation);
	if (!NT_SUCCESS(ntStatus))
	{
		ZwClose(hfile);
		return ntStatus;
	}


 	pBuffer = (PUCHAR)ExAllocatePoolWithTag(PagedPool,
							(LONG)fsi.EndOfFile.QuadPart,'ELIF');
	if (pBuffer == NULL)
	{
		ZwClose(hfile);
		return STATUS_INSUFFICIENT_RESOURCES;
	}


	ntStatus = ZwReadFile(
				hfile,
				NULL,
				NULL,
				NULL,
				&iostatus,
				pBuffer,
				(LONG)fsi.EndOfFile.QuadPart,
				NULL,NULL);


	ZwClose(hfile);
	ExFreePool(pBuffer);


	return ntStatus;
}


NTSTATUS ntCopyFile(const WCHAR * src, const WCHAR * dst)
{




	HANDLE					hSrcFile		= NULL;
	HANDLE					hDstFile		= NULL;
	UNICODE_STRING			uSrc			= {0};
	UNICODE_STRING			uDst			= {0};
	OBJECT_ATTRIBUTES		objSrcAttrib	= {0};
	OBJECT_ATTRIBUTES		objDstAttrib	= {0};
	NTSTATUS				status			= 0;
	ULONG					uReadSize		= 0;
	ULONG					uWriteSize		= 0;
	ULONG					length			= 0;
	PVOID 					buffer			= NULL;
	LARGE_INTEGER 			offset			= {0};
	IO_STATUS_BLOCK 		io_status		= {0};


	RtlInitUnicodeString(&uSrc, src);
	RtlInitUnicodeString(&uDst, dst);


	InitializeObjectAttributes(&objSrcAttrib,
		&uSrc,
		OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
		NULL,
		NULL);
	InitializeObjectAttributes(&objDstAttrib,
		&uDst,
		OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
		NULL,
		NULL);


	status = ZwCreateFile(
			&hSrcFile, 
			FILE_READ_DATA | FILE_READ_ATTRIBUTES,
	        &objSrcAttrib, 
			&io_status, 
			NULL, 
			FILE_ATTRIBUTE_NORMAL,
	        FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
			FILE_OPEN,
	        FILE_SYNCHRONOUS_IO_NONALERT, 
			NULL, 
			0);
	if (!NT_SUCCESS(status))
	{
		return status;
	}


	status = ZwCreateFile(
			&hDstFile, 
			GENERIC_WRITE,
	        &objDstAttrib, 
			&io_status, 
			NULL, 
			FILE_ATTRIBUTE_NORMAL,
	        FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
			FILE_OPEN_IF,
	        FILE_SYNCHRONOUS_IO_NONALERT, 
			NULL, 
			0);
	if (!NT_SUCCESS(status))
	{
		ZwClose(hSrcFile);
		return status;
	}


	buffer = ExAllocatePoolWithTag(PagedPool, 1024, 'ELIF');
	if (buffer == NULL)
	{
		ZwClose(hSrcFile);
		ZwClose(hDstFile);
		return STATUS_INSUFFICIENT_RESOURCES;
	} 


	while(1)
	{
		status = ZwReadFile (
                    hSrcFile,NULL,NULL,NULL,
                    &io_status,buffer, PAGE_SIZE,&offset,
                    NULL);
        if(!NT_SUCCESS(status))
        {
               if(status == STATUS_END_OF_FILE)
				{
                     status = STATUS_SUCCESS;
				}
               break;
          }


          length = (ULONG)io_status.Information;


          status = ZwWriteFile(
                    hDstFile,NULL,NULL,NULL,
                    &io_status,
                    buffer,length,&offset,
                    NULL);
           if(!NT_SUCCESS(status))
                    break;


            offset.QuadPart += length;


	}


	ExFreePool(buffer);


	ZwClose(hSrcFile);
	ZwClose(hDstFile);


	return status;
}


NTSTATUS ntMoveFile(const WCHAR * src, const WCHAR * dst)
{
	NTSTATUS		status = 0;
	
	status = ntCopyFile(src, dst);
	
	if (NT_SUCCESS(status))
	{
		status = ntDeleteFile2(src);
	}
	
	return status;
}


NTSTATUS ntDeleteFile1(const WCHAR * filename)
{
		NTSTATUS				ntStatus	= 0;
		OBJECT_ATTRIBUTES		objAttr		= {0};
		UNICODE_STRING			uName		= {0};


		RtlInitUnicodeString(&uName, filename);
		InitializeObjectAttributes(
			&objAttr,
			&uName,
			OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
			NULL,
			NULL
			);
		ntStatus = ZwDeleteFile(&objAttr);
		
		return ntStatus;


}


NTSTATUS ntDeleteFile2(const WCHAR *fileName)
{
    OBJECT_ATTRIBUTES                	objAttributes	= {0};
    IO_STATUS_BLOCK                    	iosb			= {0};
    HANDLE                           	handle			= NULL;
    FILE_DISPOSITION_INFORMATION    	disInfo			= {0};
	UNICODE_STRING						uFileName		= {0};
    NTSTATUS                        	status			= 0;
	
	RtlInitUnicodeString(&uFileName, fileName);
	
    InitializeObjectAttributes(&objAttributes, 
							&uFileName,
							OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
							NULL,
							NULL);
	
    status = ZwCreateFile(
		&handle, 
		SYNCHRONIZE | FILE_WRITE_DATA | DELETE,
        &objAttributes, 
		&iosb, 
		NULL, 
		FILE_ATTRIBUTE_NORMAL,
        FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
		FILE_OPEN,
        FILE_SYNCHRONOUS_IO_NONALERT | FILE_DELETE_ON_CLOSE, 
		NULL, 
		0);
    if (!NT_SUCCESS(status)) 
	{
        if (status == STATUS_ACCESS_DENIED)
		{
            status = ZwCreateFile(
				&handle, 
				SYNCHRONIZE | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES,
                &objAttributes, 
				&iosb, 
				NULL, 
				FILE_ATTRIBUTE_NORMAL,
                FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
				FILE_OPEN,
                FILE_SYNCHRONOUS_IO_NONALERT, 
				NULL, 
				0);
            if (NT_SUCCESS(status)) 
			{
                FILE_BASIC_INFORMATION        basicInfo = {0};
				
                status = ZwQueryInformationFile(handle, &iosb,
                    &basicInfo, sizeof(basicInfo), FileBasicInformation);
                if (!NT_SUCCESS(status)) 
				{
                    DbgPrint("ZwQueryInformationFile(%wZ) failed(%x)\n", &uFileName, status);
                }
				
                basicInfo.FileAttributes = FILE_ATTRIBUTE_NORMAL;
                status = ZwSetInformationFile(handle, &iosb,
                    &basicInfo, sizeof(basicInfo), FileBasicInformation);
                if (!NT_SUCCESS(status)) 
				{
                    DbgPrint("ZwSetInformationFile(%wZ) failed(%x)\n", &uFileName, status);
                }
				
                ZwClose(handle);
                status = ZwCreateFile(
					&handle, 
					SYNCHRONIZE | FILE_WRITE_DATA | DELETE,
                    &objAttributes, 
					&iosb, 
					NULL, 
					FILE_ATTRIBUTE_NORMAL,
                    FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
					FILE_OPEN,
                    FILE_SYNCHRONOUS_IO_NONALERT | FILE_DELETE_ON_CLOSE, 
					NULL, 
					0);
            }
        }
		
        if (!NT_SUCCESS(status)) 
		{
            DbgPrint("ZwCreateFile(%wZ) failed(%x)\n", &uFileName, status);
            return status;
        }
    }
	
    disInfo.DeleteFile = TRUE;
    status = ZwSetInformationFile(handle, &iosb,
        &disInfo, sizeof(disInfo), FileDispositionInformation);
    if (!NT_SUCCESS(status)) 
	{
        DbgPrint("ZwSetInformationFile(%wZ) failed(%x)\n", &uFileName, status);
    }
	
    ZwClose(handle);
    return status;
}





BUAA操作系统万字笔记-课堂笔记-期末考试-考研必备-北航961系列
桃木山人的博客
06-04 2316
设备的管理的目的和功能外设管理目的提高效率:提高I/O访问效率,匹配CPU和多种不同处理速度的外设方便使用:方便用户使用,对不同类型的设备统一使用方法,协调对设备的并发使用方便控制:方便OS内部对设备的控制:增加和删除设备,适应新的设备类型外设管理功能提供设备使用的用户接口:命令接口和编程接口。设备分配和释放:使用设备前,需要分配设备和相应的通道、控制器。设备的访问和控制:包括并发访问和差错处理。I/O缓冲和调度:目标是提高I/O访问效率。I/O管理示意(软件角度)
理2244计科-C语言-OneNote笔记.rar
11-10
- 文件操作:学习如何打开、读写和关闭文件,掌握文件指针的概念。 - 预处理指令:包括宏定义、头文件包含和条件编译等内容。 这些笔记详细地阐述了C语言的基础知识,不仅适合初学者入门,也对有一定经验的开发者...
malloc 以及大型视频文件读取
hqyhqyhq的专栏
09-06 634
1、malloc // code...        void Function(void)        {         char *p = (char *)malloc(100 * sizeof(char));     } 2、读取大型视频文件
文件读写基本操作与malloc
qq_41547686的博客
03-18 651
C语言中可以同时打开两个文件 只要是两个不同的指针,可以同时打开多个文件,操作与一个文件的操作是一样的。 C语言中在定义的函数中读写文件,可以直接读写。 其他的一些变量如果在函数内部定义,是局部的,函数执行结束时,变量也结束了使命不复存在。而在函数内部读写文件,即使头上的参数没有传出去,也保留了下来,对文件进行读入(前提是文件存在且不空)可以;直接创建文件(主函数中没有写)对文件进行写入结果也会保...
windows driver 获取文件属性
sz76211822的专栏
11-13 1168
OBJECT_ATTRIBUTES oa; FILE_NETWORK_OPEN_INFORMATION fnoi; UNICODE_STRING strPath = RTL_CONSTANT_STRING(L"\\??\\E:\\安装软件\\win7旗舰版.iso"); LARGE_INTEGER li_temp; char strTime[ArrayLength] = {0}; AN
Ring0文件操作
kernweak的博客
10-25 1214
 Ring0文件操作,文件复制,移动,删除,删除使用设置属性,路径硬编码 #include &lt;ntifs.h&gt; #include &lt;ntddk.h&gt; NTSTATUS ntCreateFile(WCHAR *szFileName); NTSTATUS ntCreateDirectory(WCHAR *szDirName); NTSTATUS ntWriteFile(...
文件操作
kernweak的博客
05-24 412
文件的表示 应用层:”c:\\hi.txt” 内核:L”\\??\\c:\\hi.txt”//??实际上是个符号链接,连接的是卷设备名称->\\device\\harddiskvolume3\\hi.txt R3: 设备名:L”\\\\.\\xxxDrv” R0 设备名:”\\device\\xxxDrv” 符号连接名:”\\dosdevices\\xxxDrv”或\\??\\xxxDrv...
Linux操作系统-读书笔记
07-08
这篇读书笔记将基于《鸟哥的Linux私房菜》、《Linux内核的设计与实现》、《深入理解Linux内核》以及《深入Linux内核架构》等经典书籍,深入探讨Linux系统的核心概念和技术。 1. **系统架构** Linux采用微内核架构...
ruc-master-paper-开发笔记
最新发布
06-08
7. **预处理器**:预处理器处理宏定义、文件包含和条件编译指令,笔记可能会有相关的实例和解释。 8. **编译和链接**:C程序的编译过程涉及预处理、编译、汇编和链接四个步骤。开发者可能介绍了如何使用编译器(如...
tj12401101-masterdemo笔记
04-27
9. **输入/输出**:标准输入输出流(scanf、printf)、文件操作(fopen、fclose、fread、fwrite等)。 10. **错误处理**:使用errno和perror函数来处理运行时错误。 11. **编译与链接**:了解编译器的工作原理,...
C++中CopyFile和MoveFile函数使用区别的示例分析
08-18
主要介绍了C++中CopyFile和MoveFile函数使用区别的示例分析,CopyFile表示将文件A拷贝到B,如果B已经存在则覆盖,MoveFile表示将文件A移动到。对此感兴趣的可以来了解一下
Windows核心编程 跨进程操作
qq_61553520的博客
11-24 1630
Winodws核心编程 跨进程使用句柄,跨进程操作内存
ZwQueryDirectoryFile用法
weixin_34343308的博客
07-03 1434
1. 当返回值为STATUS_SUCCESS时,返回的字节数保存在IoStatusBlock.Information字段中; 2. 如果FileName字段被指定了,那么对于同时指定的FileHandle,那么所有后续的对于该FileHandle的调用,都要根据该FileName来过滤结果。 3. 如果ReturnSingleEntry指定为TRUE, 并且FileName指定为NULL,那么...
删除或重命名正在打开的文件
axit27651846的博客
01-02 256
删除或重命名正在打开的文件 Windows NT中有一个函数MoveFileEx,若使用MOVEFILE_DELAY_UNTIL_REBOOT 标记,它可以在重启过程中删除文件。但是,Windows 9x 并不支持这个标记。怎么办呢? 每次当你重启,windows会在Windows目录下寻找文件WININIT.INI。这个文件包含删除/复制/重命名文件的命令,它可以在任何东西(实...
如何写优雅的代码(1)——灵活使用goto和__try:评论反馈
norains的专栏
07-21 3303
    //========================================================================    //TITLE:    //    如何写优雅的代码(1)——灵活使用goto和__try:评论反馈    //AUTHOR:    //    norains    //DATE:    //    Tuesday  21-July-
FILE_BASIC_INFORMATION 的理解
lhj6105的专栏
01-05 2635
<br />1.       文件的创建<br />对文件的创建或者打开都是通过内核函数ZwCreateFile实现的。和Windows API类似,这个内核函数返回一个文件句柄,文件的所有操作都是依靠这个句柄进行操作的。在文件操作完毕后,要关闭这个文件句柄。<br />NTSTATUS  <br />   ZwCreateFile(<br />     OUT PHANDLE   FileHandle,<br />     IN ACCESS_MASK   DesiredAccess,<br /
08-驱动中的文件操作
ahaozi01的博客
07-17 637
文件的打开与关闭: ZwCreateFile用于打开或创建文件,其原型如下: NTSTATUS ZwCreateFile( Out PHANDLE FileHandle, In ACCESS_MASK DesiredAccess, In POBJECT_ATTRIBUTES ObjectAttributes, Out PIO_STATUS_BLOCK IoStatusBlock, In_opt PLARGE_INTEGER AllocationSize, In ULONG FileAttributes, I
枚举SSDT 系统服务表中的函数地址
qinqin772的博客
01-02 2055
网上关于SSDT的有很多的博客可以参考,我就不啰嗦了直接上码 #include //SSDT服务表中,各项对应的函数名称,@num 代表参数*4的大小 char* funcName[] = { "NtAcceptConnectPort@24 ", "NtAccessCheck@32 ",
Zw 系列函数
huanongying131的博客
11-19 3925
转:http://blog.sina.com.cn/s/blog_4a1acc7f0100cfud.html      896  37F 0000D379 ZwAcceptConnectPort         897  380 0000D38E ZwAccessCheck         898  381 0000D3A3 ZwAccessCheckAndAuditAlarm         ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值