文件重命名的几种写法
现在主要的是通过往ZwSetInformationFile发送HANDLE和改名请求
再者就是 往 IoSetInformation 发送FILEOBJECT和改名请求
以及我自己模仿iosetinformation写成的创建IRP改名
void
RenameFileROutineByHandle()
{
UNICODE_STRING UniFileString;
OBJECT_ATTRIBUTES object;
NTSTATUS status;
HANDLE hFile;
IO_STATUS_BLOCK io_status = {0};
PFILE_RENAME_INFORMATION RenamInfo = NULL;
UNICODE_STRING UniRenameStr;
PFILE_OBJECT fileObject;
RtlInitUnicodeString(&UniFileString,L"\\Device\\HarddiskVolume2\\1.txt");
InitializeObjectAttributes(
&object,
&UniFileString,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL);
//打开文件,存在打开,不存在返回错误
status = ZwCreateFile( &hFile,
GENERIC_READ | GENERIC_WRITE,
&object,
&io_status,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OPEN,
FILE_NON_DIRECTORY_FILE |FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
if(!NT_SUCCESS(status))
{
_asm int 3;
}
RenamInfo = (PFILE_RENAME_INFORMATION)ExAllocatePoolWithTag(NonPagedPool,1024,0);
RenamInfo->ReplaceIfExists = FALSE;
RenamInfo->RootDirectory = NULL;
UniRenameStr.Buffer = RenamInfo->FileName;
RenamInfo->FileNameLength = sizeof(ReNamePath) - sizeof(WCHAR);
RtlCopyMemory(UniRenameStr.Buffer,ReNamePath,
sizeof(ReNamePath));
status = ZwSetInformationFile(hFile,&io_status,RenamInfo,1024,FileRenameInformation);
if(!NT_SUCCESS(status))
{
_asm int 3;
}
ZwClose(hFile);
return;
}
void
RenameFileROutineByObj()
{
UNICODE_STRING UniFileString;
OBJECT_ATTRIBUTES object;
NTSTATUS status;
HANDLE hFile;
IO_STATUS_BLOCK io_status = {0};
PFILE_RENAME_INFORMATION RenamInfo = NULL;
UNICODE_STRING UniRenameStr;
PFILE_OBJECT fileObject;
RtlInitUnicodeString(&UniFileString,L"\\Device\\HarddiskVolume2\\1.txt");
InitializeObjectAttributes(
&object,
&UniFileString,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL);
//打开文件,存在打开,不存在返回错误
status = ZwCreateFile( &hFile,
GENERIC_READ | GENERIC_WRITE,
&object,
&io_status,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OPEN,
FILE_NON_DIRECTORY_FILE |FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
if(!NT_SUCCESS(status))
{
_asm int 3;
}
RenamInfo = (PFILE_RENAME_INFORMATION)ExAllocatePoolWithTag(NonPagedPool,1024,0);
RenamInfo->ReplaceIfExists = FALSE;
RenamInfo->RootDirectory = NULL;
UniRenameStr.Buffer = RenamInfo->FileName;
RenamInfo->FileNameLength = sizeof(ReNamePath) - sizeof(WCHAR);
RtlCopyMemory(UniRenameStr.Buffer,ReNamePath,
sizeof(ReNamePath));
///////////////////////////////////////////////////////////
status = ObReferenceObjectByHandle( hFile,
0,
*IoFileObjectType,
KernelMode,
&fileObject,
NULL);
if (!NT_SUCCESS(status))
{
_asm int 3;
}
status = IoSetInformation( fileObject,
FileRenameInformation,
1024,
RenamInfo);
if (!NT_SUCCESS(status))
{
_asm int 3;
}
ObDereferenceObject(fileObject);
//////////////////////////////////////////////////////////
ZwClose(hFile);
return;
}
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
void
RenameFileROutineByIrp()
{
UNICODE_STRING UniFileString;
OBJECT_ATTRIBUTES object;
NTSTATUS status;
HANDLE hFile;
IO_STATUS_BLOCK io_status = {0};
PFILE_RENAME_INFORMATION RenamInfo = NULL;
UNICODE_STRING UniRenameStr;
PFILE_OBJECT FileObject;
PDEVICE_OBJECT deviceObject = NULL;
PIRP irp = NULL;
KEVENT event;
IO_STATUS_BLOCK localIoStatus;
PIO_STACK_LOCATION irpSp = NULL;
UNICODE_STRING newFileName;
HANDLE handle;
PFILE_OBJECT targetFileObject;
RtlInitUnicodeString(&UniFileString,L"\\Device\\HarddiskVolume2\\1.txt");
InitializeObjectAttributes(
&object,
&UniFileString,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL);
//打开文件,存在打开,不存在返回错误
status = ZwCreateFile( &hFile,
GENERIC_READ | GENERIC_WRITE,
&object,
&io_status,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OPEN,
FILE_NON_DIRECTORY_FILE |FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
if(!NT_SUCCESS(status))
{
_asm int 3;
}
RenamInfo = (PFILE_RENAME_INFORMATION)ExAllocatePoolWithTag(NonPagedPool,1024,0);
RenamInfo->ReplaceIfExists = FALSE;
RenamInfo->RootDirectory = NULL;
UniRenameStr.Buffer = RenamInfo->FileName;
RenamInfo->FileNameLength = sizeof(ReNamePath) - sizeof(WCHAR);
RtlCopyMemory(UniRenameStr.Buffer,ReNamePath,
sizeof(ReNamePath));
status = ObReferenceObjectByHandle( hFile,
0,
*IoFileObjectType,
KernelMode,
&FileObject,
NULL);
if (!NT_SUCCESS(status))
{
_asm int 3;
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////
// 以下为iosetinformationfile
ObReferenceObject( FileObject );
KeInitializeEvent( &event, SynchronizationEvent, FALSE );
deviceObject = IoGetRelatedDeviceObject( FileObject );
irp = IoAllocateIrp( deviceObject->StackSize, TRUE );
if (!irp)
{
_asm int 3;
}
irp->Tail.Overlay.OriginalFileObject = FileObject;
irp->Tail.Overlay.Thread = PsGetCurrentThread();
irp->RequestorMode = KernelMode;
irp->UserEvent = &event;
irp->Flags = IRP_SYNCHRONOUS_API;
irp->UserIosb = &localIoStatus;
irpSp = IoGetNextIrpStackLocation( irp );
irpSp->MajorFunction = IRP_MJ_SET_INFORMATION;
irpSp->FileObject = FileObject;
irp->AssociatedIrp.SystemBuffer = RenamInfo;
irp->Flags |= IRP_BUFFERED_IO;
irpSp->Parameters.SetFile.Length = 1024;
irpSp->Parameters.SetFile.FileInformationClass = FileRenameInformation;
irpSp->Parameters.SetFile.ReplaceIfExists = RenamInfo->ReplaceIfExists;
if (RenamInfo->FileName[0] == (UCHAR) OBJ_NAME_PATH_SEPARATOR ||
RenamInfo->RootDirectory != NULL)
{
/////////////////////////////////////////////////////////
// 以下IopOpenLinkOrRenameTarget
ACCESS_MASK accessMask = FILE_WRITE_DATA;
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK ioStatus;
OBJECT_HANDLE_INFORMATION handleInformation;
newFileName.Length = (USHORT) RenamInfo->FileNameLength;
newFileName.MaximumLength = (USHORT) RenamInfo->FileNameLength;
newFileName.Buffer = RenamInfo->FileName;
InitializeObjectAttributes( &objectAttributes,
&newFileName,
OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,
NULL,
NULL );
status = IoCreateFile( &handle,
FILE_WRITE_DATA | SYNCHRONIZE,
&objectAttributes,
&ioStatus,
(PLARGE_INTEGER) NULL,
0,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN,
FILE_OPEN_FOR_BACKUP_INTENT,
(PVOID) NULL,
0L,
CreateFileTypeNone,
(PVOID) NULL,
//IO_OPEN_TARGET_DIRECTORY |
IO_NO_PARAMETER_CHECKING |
0x0004 |
IO_FORCE_ACCESS_CHECK );
if(!NT_SUCCESS(status))
{
_asm int 3;
}
status = ObReferenceObjectByHandle( handle,
accessMask,
*IoFileObjectType,
KernelMode,
(PVOID *) &targetFileObject,
&handleInformation );
if(!NT_SUCCESS(status))
{
_asm int 3;
}
ObDereferenceObject( targetFileObject );
if (IoGetRelatedDeviceObject( targetFileObject) !=
IoGetRelatedDeviceObject( FileObject )) {
_asm int 3;
} else {
irpSp->Parameters.SetFile.FileObject = targetFileObject;
//*TargetHandle = handle;
status = STATUS_SUCCESS;
}
}
// 以上IopOpenLinkOrRenameTarget
/////////////////////////////////////////////////////
status = IoCallDriver( deviceObject, irp );
if (status == STATUS_PENDING)
KeWaitForSingleObject(&event, Executive, KernelMode, TRUE, 0);
if(!NT_SUCCESS(status))
{
_asm int 3;
}
ZwClose( handle);
// 以上为IOSETINFORMATIONFILE
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
ZwClose(hFile);
ObDereferenceObject(FileObject);
return STATUS_SUCCESS;
}