在驱动程序中写文件

/* 写文件
by exchen
2009-10-04
*/

#include <ntddk.h>

UNICODE_STRING uStr;

VOID DriverUnload(IN PDRIVER_OBJECT DriverObject)
{
	DbgPrint("驱动已经被停止了\n");
}

VOID MyWriteFile(UNICODE_STRING uStr)
{
	HANDLE hFile=NULL;
	IO_STATUS_BLOCK    ioStatus;
	NTSTATUS    ntStatus;
	OBJECT_ATTRIBUTES object_attributes;
	UNICODE_STRING uFileName=RTL_CONSTANT_STRING(L"\\??\\C:\\1.txt");

	InitializeObjectAttributes(
			&object_attributes,
			&uFileName,
			OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,
			NULL,
			NULL);

	ntStatus = ZwCreateFile(
			&hFile,
			GENERIC_READ|GENERIC_WRITE,
			&object_attributes,
			&ioStatus,
			NULL,
			FILE_ATTRIBUTE_NORMAL,
			FILE_SHARE_READ,
			FILE_OPEN_IF,
			FILE_NON_DIRECTORY_FILE|FILE_RANDOM_ACCESS|FILE_SYNCHRONOUS_IO_NONALERT,
			NULL,
			0);
	if (ntStatus == STATUS_SUCCESS)
	{    
		//以下设置文件日志写入指针为文件未
		IO_STATUS_BLOCK file_status;
		FILE_STANDARD_INFORMATION fsi;
		FILE_POSITION_INFORMATION fpi;

		ZwQueryInformationFile(hFile,
				&file_status,
				&fsi,
				sizeof(FILE_STANDARD_INFORMATION), 
				FileStandardInformation);

		fpi.CurrentByteOffset = fsi.EndOfFile;        

		ZwSetInformationFile(hFile,
				&file_status,
				&fpi, 
				sizeof(FILE_POSITION_INFORMATION),
				FilePositionInformation);

		ntStatus=ZwWriteFile(
				hFile,
				NULL,
				NULL,
				NULL,
				&ioStatus,
				uStr.Buffer,
				uStr.Length,
				NULL,
				NULL);
	} 

	ZwClose(hFile);
}

NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, 
IN PUNICODE_STRING RegistryPath)
{
	RtlInitUnicodeString(&uStr,L"This is you Write String");

	MyWriteFile(uStr);

	DriverObject->DriverUnload = DriverUnload;

	return STATUS_SUCCESS;
}

/* 写文件

by exchen

2009-10-04

#include <ntddk.h>

UNICODE_STRING uStr;

VOID DriverUnload(IN PDRIVER_OBJECT DriverObject)

{

DbgPrint("驱动已经被停止了\n");

}

VOID MyWriteFile(UNICODE_STRING uStr)

{

HANDLE hFile=NULL;

IO_STATUS_BLOCK ioStatus;

NTSTATUS ntStatus;

OBJECT_ATTRIBUTES object_attributes;

UNICODE_STRING uFileName=RTL_CONSTANT_STRING(L"\\??\\C:\\1.txt");

InitializeObjectAttributes(

&object_attributes,

&uFileName,

OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,

NULL,

NULL);

ntStatus = ZwCreateFile(

&hFile,

GENERIC_READ|GENERIC_WRITE,

&object_attributes,

&ioStatus,

NULL,

FILE_ATTRIBUTE_NORMAL,

FILE_SHARE_READ,

FILE_OPEN_IF,

FILE_NON_DIRECTORY_FILE|FILE_RANDOM_ACCESS|FILE_SYNCHRONOUS_IO_NONALERT,

NULL,

0);

if (ntStatus == STATUS_SUCCESS)

{

//以下设置文件日志写入指针为文件未

IO_STATUS_BLOCK file_status;

FILE_STANDARD_INFORMATION fsi;

FILE_POSITION_INFORMATION fpi;

ZwQueryInformationFile(hFile,

&file_status,

&fsi,

sizeof(FILE_STANDARD_INFORMATION),

FileStandardInformation);

fpi.CurrentByteOffset = fsi.EndOfFile;

ZwSetInformationFile(hFile,

&file_status,

&fpi,

sizeof(FILE_POSITION_INFORMATION),

FilePositionInformation);

ntStatus=ZwWriteFile(

hFile,

NULL,

&ioStatus,

uStr.Buffer,

uStr.Length,

NULL,

NULL);

}

ZwClose(hFile);

}

NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject,

IN PUNICODE_STRING RegistryPath)

{

RtlInitUnicodeString(&uStr,L"This is you Write String");

MyWriteFile(uStr);

DriverObject->DriverUnload = DriverUnload;

return STATUS_SUCCESS;

}

转载请注明：exchen's blog » 在驱动程序中写文件

在驱动程序中写文件

与本文相关的文章

Hi，您需要填写昵称和邮箱！