- #include "ntddk.h"
- #define PAGEDCODE code_seg("PAGE")
- #define LOCKEDCODE code_seg()
- #define INITCODE code_seg("INIT")
- #define PAGEDDATA data_seg("PAGE")
- #define LOCKEDDATA data_seg()
- #define INITDATA data_seg("INIT")
- #pragma PAGEDCODE
- NTSTATUS MyCreateFile()
- {
- NTSTATUS Status;
- HANDLE hFile;
- UNICODE_STRING usFileName;
- OBJECT_ATTRIBUTES FileObjAttr;
- IO_STATUS_BLOCK IoStatusBlock;
- RtlInitUnicodeString(&usFileName, L"\\??\\c:\\1.txt");
- memset(&FileObjAttr, 0, sizeof(OBJECT_ATTRIBUTES));
- InitializeObjectAttributes(&FileObjAttr, &usFileName, OBJ_CASE_INSENSITIVE, NULL, NULL);
- Status = ZwCreateFile(&hFile, GENERIC_ALL, &FileObjAttr, &IoStatusBlock, NULL, FILE_ATTRIBUTE_NORMAL,
- FILE_SHARE_READ, FILE_OPEN_IF, FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
-
- if (!NT_SUCCESS(Status))
- {
- return Status;
- }
- KdPrint(("create file succcess!"));
- ZwClose(hFile);
- return Status;
- }
- #pragma PAGEDCODE
- NTSTATUS MyOpenFile()
- {
- NTSTATUS Status;
- HANDLE hFile;
- UNICODE_STRING usFileName;
- OBJECT_ATTRIBUTES FileObjAttr;
- IO_STATUS_BLOCK IoStatusBlock;
- FILE_BASIC_INFORMATION fbi;
- LARGE_INTEGER number;
- PCHAR pBuffer = (PCHAR)ExAllocatePool(PagedPool, 20);
- RtlInitUnicodeString(&usFileName, L"\\??\\c:\\1.txt");
- memset(&FileObjAttr, 0, sizeof(OBJECT_ATTRIBUTES));
- InitializeObjectAttributes(&FileObjAttr, &usFileName, OBJ_CASE_INSENSITIVE, NULL, NULL);
- Status = ZwOpenFile(&hFile, GENERIC_ALL, &FileObjAttr, &IoStatusBlock, FILE_SHARE_READ, FILE_NON_DIRECTORY_FILE);
- if (!NT_SUCCESS(Status))
- {
- KdPrint(("open file faild! status:0x%X", Status));
- return Status;
- }
- KdPrint(("open file succcess!"));
- Status = ZwQueryInformationFile(hFile, &IoStatusBlock, &fbi,
- sizeof(FILE_BASIC_INFORMATION), FileBasicInformation);
- if (!NT_SUCCESS(Status))
- {
- KdPrint(("Error code: 0x%X",Status));
- ZwClose(hFile);
- return Status;
- }
- //fbi.FileAttributes |= FILE_ATTRIBUTE_READONLY;
- Status = ZwSetInformationFile(hFile, &IoStatusBlock, &fbi,
- sizeof(FILE_BASIC_INFORMATION), FileBasicInformation);
- if (!NT_SUCCESS(Status))
- {
- KdPrint(("Error code: 0x%X",Status));
- ZwClose(hFile);
- return Status;
- }
- number.QuadPart = 0;
- Status = ZwReadFile(hFile, NULL, NULL, NULL, &IoStatusBlock, pBuffer, 8, &number, NULL);
- if (!NT_SUCCESS(Status))
- {
- KdPrint(("Error code: 0x%X",Status));
- ExFreePool(pBuffer);
- ZwClose(hFile);
- return Status;
- }
- KdPrint(("%s", pBuffer));
- RtlCopyMemory(pBuffer, "12345678901234567890", 20);
- Status = ZwWriteFile(hFile, NULL, NULL, NULL, &IoStatusBlock, pBuffer, 20, &number, NULL);
- if (!NT_SUCCESS(Status))
- {
- KdPrint(("Error code: 0x%X",Status));
- ExFreePool(pBuffer);
- ZwClose(hFile);
- return Status;
- }
- ExFreePool(pBuffer);
- ZwClose(hFile);
- return Status;
- }
- #pragma PAGEDCODE
- VOID MyDriverUnload(IN PDRIVER_OBJECT pDriverObject)
- {
- KdPrint(("DriverEntry unLoading...\n"));
- }
- #pragma INITCODE
- NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING RegistryPath)
- {
- NTSTATUS status = STATUS_SUCCESS;
- MyCreateFile();
- pDriverObject->DriverUnload = MyDriverUnload;
- return status;
- }
复制代码 |