目录相对ZwCreateFile [英] Directory relative ZwCreateFile

问题描述

我必须为我的大学项目实现交叉视图文件完整性检查器。为此，我如何在内核模式下列出目录的文件？

I have to implement cross view file integrity checker for my University project. For that how do I list the files of a Directory in Kernel Mode??

推荐答案

您的起点将是 ZwCreateFile -具有诸如 FILE_LIST_DIRECTORY之类的选项。

Your starting point would be ZwCreateFile - which has options such as "FILE_LIST_DIRECTORY".

然后您将使用 ZwQueryDirectoryFile 来获取有关该目录中文件的信息。

You will then use ZwQueryDirectoryFile to get the information about the file(s) within that directory.

确保确保，您不会忘记 ZwClose -在用户模式应用程序中，它并不那么重要在使用后再次关闭。但是内核不知道驱动程序何时停止使用文件（或者，是否为此文件句柄提供了其他驱动程序，并且将在某个时候使用它），因此即使卸载了驱动程序，文件它打开之前将保持打开状态，直到系统重新启动为止-我非常想不重新启动我的系统，并且有一组不错的驱动程序，一台机器可以运行一年以上。如果您的驱动程序每天泄漏一个手柄，那就是365个泄漏手柄。

Make SURE that you are not forgetting to ZwClose after you open something - it's not so critical in a user-mode application that closes again after it's been used. But the kernel doesn't know when a driver stops using a file (or, for that matter, if some other driver has been given that filehandle, and will be using it at some point), so even if your driver is unloaded, files that it opened will remain open until the system restarts - I quite like to "not restart" my systems, and with a good set of drivers, running a machine for more than a year should be possible. If your driver so much as leaks one handle a day, that's 365 handles leaked.

所以，代码看起来像这样：

So, the code would look something like this:

HANDLE h;
NTSTATUS status;
OBJECT_ATTRIBUTES oa = { sizeof(OBJECT_ATTRIBUTES), NULL, L"mydir",
                         OPEN_CASE_INSENSITIVE, NULL, NULL };
IO_STATUS_BLOCK iosb = {};

status = ZwCreateFile(&h, FILE_LIST_DIRECTORY, &oa, &iosb, NULL, 
                      FILE_ATTRIBUTE_NORMAL, FILE_OPEN, FILE_DIRECTORY_FILE,
                      NULL, 0);
if (status != STATUS_SUCCESS)
{
   ... do something... 
   return errorcode;
}
else
{
    FILE_DIRECTORY_INFORMATION info;
    for(;;)
    {
        status = ZwQueryDirectoryFile(h, NULL, NULL, &iosb, &info, sizeof(info), 
                                      FileDirectoryInformation, TRUE, L"*.*",
                                      FALSE);
        if (status != STATUS_SUCCESS) 
        {
            ... check error code and perhaps print if unexpected error ... 
            break;
        }
        ... do soemthing with `info` ... 
    }
}
ZwClose(h);

这只是一个草图。我现在没有用于编译此文件的设置，我可能错过了一些重要的内容。但是它应该给您一些想法。这里有很多可选参数和可选选项，有些我已经猜测了您想要的东西，但是我认为我已经做出了合理的选择。可能遗漏了一些细节，因此无法正常工作，但是作为一个粗略的起点，它至少应该给您一个想法。

This is just a "rough sketch". I don't have a setup to compile this right now, and I may have missed something important. But it should give you some idea. There are LOTS of optional parameters and optional choices here, and some I've "guessed" what you'd want, but I think I've made reasonable choices. There may be details missing that make this not work, but as a rough starting point, it should give you an idea at least.

这篇关于目录相对ZwCreateFile的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！