从文件句柄或文件 ID 打开备用数据流 (ADS) [英] Open Alternate Data Stream (ADS) from file handle or file ID
本文介绍了从文件句柄或文件 ID 打开备用数据流 (ADS)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想使用文件的现有句柄或文件 ID 打开文件的备用数据流.我找到的唯一方法是通过全名(文件名 + ADS 名称).怕在操作过程中文件被重命名.
I would like to open an alternate data stream of a file using an existing handle to the file, or using the file id. The only way I found is by the full name (file name + ADS name). I am afraid of the file being renamed during the operation.
有没有办法做到这一点?
Is there a way to do that?
推荐答案
使用 NtOpenFile 或 NtCreateFile
例如在 hFile
NTSTATUS OpenADS(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, HANDLE hFile, PCWSTR Name)
{
IO_STATUS_BLOCK iosb;
UNICODE_STRING ObjectName;
RtlInitUnicodeString(&ObjectName, Name);
OBJECT_ATTRIBUTES oa = { sizeof(oa), hFile, &ObjectName };
return NtOpenFile(FileHandle, DesiredAccess, &oa, &iosb, FILE_SHARE_VALID_FLAGS, FILE_SYNCHRONOUS_IO_NONALERT);
}
where Name 类似于 L":test_stream"(以 : 开头)
where Name something like L":test_stream" (begin with :)
这篇关于从文件句柄或文件 ID 打开备用数据流 (ADS)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
