基于文件过滤驱动的文件重定向
转自:http://mzf2008.blog.163.com/blog/static/3559978620114153254458/
NTSTATUS
SfCreate (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
PSFILTER_DEVICE_EXTENSION deviceExtension;
PDEVICE_OBJECT attachedDevice;
PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation(Irp);
NTSTATUS status;
PFILE_OBJECT FileObject = irpSp->FileObject;
UNICODE_STRING sourceName;
UNICODE_STRING destinationName;
//如果是控制设备就结束此IRP
if(DeviceObject == gSFilterControlDeviceObject)
{
KdPrint(("if(DeviceObject == gSFilterControlDeviceObject)/n"));
Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
Irp->IoStatus.Information = 0;
status = Irp->IoStatus.Status;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
}
ASSERT(IS_MY_DEVICE_OBJECT(DeviceObject));
deviceExtension = DeviceObject->DeviceExtension;
attachedDevice = deviceExtension->AttachedToDeviceObject;
RtlInitUnicodeString( &sourceName, L"//1.txt" );
if (FileObject && RtlCompareUnicodeString( &sourceName, &FileObject->FileName, TRUE ) == 0)
{
// 释放掉FileObject->FileName.Buffer中的内存, 重新分配之
ExFreePool(FileObject->FileName.Buffer);
FileObject->FileName.Length = 0;
FileObject->FileName.MaximumLength = 256;
FileObject->FileName.Buffer=(PWCHAR)ExAllocatePool(NonPagedPool, 256);
// 设定目标文件的全路径, 可以跨卷
RtlInitUnicodeString( &destinationName, L"//Device//HarddiskVolume1//2.txt" );
RtlCopyUnicodeString(&FileObject->FileName, &destinationName);
FileObject->FileName.Buffer[FileObject->FileName.Length/2] = UNICODE_NULL;
// 设定IoStatus值 为 STATUS_REPARSE;
Irp->IoStatus.Status = STATUS_REPARSE;
Irp->IoStatus.Information = IO_REPARSE;
IoCompleteRequest( Irp, IO_NO_INCREMENT );
return STATUS_REPARSE;
}
else
{
IoSkipCurrentIrpStackLocation(Irp);
return IoCallDriver(attachedDevice,Irp);
}
}
1.在未加载驱动的时候, 创建两个空白文件, 大小为0KB, 分别为1.txt 和 2.txt
2.加载驱动, 并打开1.txt 进行编辑.
3.保存文件后, 1.txt的大小没有变化, 而2.txt 的大小变成了1KB
4.关闭驱动后, 查看两个文本, 2.txt的内容是我们刚刚写入的, 文件重定向成功~
总结如下:
在做文件重定向时,确实应该在IRP_MJ_CREATE里进行重定向,而且应该这样做:
1,先释放原FileObject->FileName;
2,重新分配一个UNICODE_STRING,并将其Buffer设置为你想打开的文件全路径, 类似 "//Device//HarddiskVolume1//2.txt" ;
3,Irp->IoStatus.Status=STATUS_REPARSE;
Irp->IoStatus.Informiation=IO_REPARSE;
IoCompleteRequeset(Irp,IO_NO_INCEMENT);
return STATUS_REPARSE;