文件属性结构体
typedef struct _OBJECT_ATTRIBUTES {
ULONG Length; //结构体的长度
HANDLE RootDirectory; //判断是否是根目录
PUNICODE_STRING ObjectName; //对象的名称
ULONG Attributes; //属性
PVOID SecurityDescriptor; //安全属性
PVOID SecurityQualityOfService; //
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
typedef CONST OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES;
删除文件
1 INT MyDelFile(WCHAR DelFileName[])
2 {
3 NTSTATUS status;
4 UNICODE_STRING usFileName;
5 OBJECT_ATTRIBUTES oa;
6
7 //文件名转成unicode字符串
8 RtlInitUnicodeString(&usFileName,DelFileName);
9
10 //初始化文件属性结构体
11 InitializeObjectAttributes(&oa,&usFileName,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,NULL,NULL);
12
13 //删除文件
14 status = ZwDeleteFile(&oa);
15 return NT_SUCCESS(status);
16 }
复制文件
VOID MyCopyFile(WCHAR SrcFileName[],WCHAR DestFileName[])
{
UNICODE_STRING usSrcFileName;
UNICODE_STRING usDestFileName;
NTSTATUS status;
OBJECT_ATTRIBUTES oa; //文件属性结构体定义
IO_STATUS_BLOCK IoStauts;
HANDLE hFile;
PCHAR Buffer = NULL;
//定义一个文件信息的结构体
FILE_STANDARD_INFORMATION fsi = {0};
RtlInitUnicodeString(&usSrcFileName,SrcFileName);
RtlInitUnicodeString(&usDestFileName,DestFileName);
//初始化文件属性结构体InitializeObjectAttributes(&oa,&usSrcFileName,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,NULL,NULL);
//打开文件
status = ZwCreateFile(&hFile,
GENERIC_ALL,
&oa,
&IoStauts,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
if (!NT_SUCCESS(status))
{
KdPrint(("文件打开失败!"));
}
//获取文件信息
status = ZwQueryInformationFile(hFile,&IoStauts,&fsi,sizeof(fsi),FileStandardInformation);
if (!NT_SUCCESS(status))
{
KdPrint(("获取文件信息失败!"));
ZwClose(hFile);
return;
}
if (fsi.EndOfFile.LowPart > 0)
{
Buffer = (PCHAR)ExAllocatePool(PagedPool,fsi.EndOfFile.LowPart);
}
if (Buffer != NULL)
{
//读取文件类型
status = ZwReadFile(hFile,NULL,NULL,NULL,&IoStauts,Buffer,fsi.EndOfFile.LowPart,NULL,NULL);
if (!NT_SUCCESS(status))
{
KdPrint(("读取文件失败!"));
ZwClose(hFile);
return;
}
}
//关闭文件
ZwClose(hFile);
//给oa清零
RtlZeroMemory(&oa,sizeof(oa));
//初始化文件属性结构体InitializeObjectAttributes(&oa,&usDestFileName,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,NULL,NULL);
status = ZwCreateFile(&hFile,
GENERIC_ALL,
&oa,
&IoStauts,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OVERWRITE_IF,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
if (!NT_SUCCESS(status))
{
return;
}
//向文件中写入数据
status = ZwWriteFile(hFile,NULL,NULL,NULL,&IoStauts,Buffer,fsi.EndOfFile.LowPart,NULL,NULL);
if (!NT_SUCCESS(status))
{
KdPrint(("写入失败!"));
ZwClose(hFile);
return;
}
ZwClose(hFile);
if (Buffer !=NULL)
{
ExFreePool(Buffer);
}
}
文件名结构体
typedef struct _FILE_RENAME_INFORMATION {
BOOLEAN ReplaceIfExists; //是否被替换(为TRUE替换)
HANDLE RootDirectory; //判断是否是根目录
ULONG FileNameLength; //文件名的长度
WCHAR FileName[1]; //文件名
} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
文件名的更改
VOID MyRenameFile(WCHAR SrcFileName[],WCHAR DestFileName[])
{
UNICODE_STRING usDestFileName;
UNICODE_STRING usSrcFileName;
PFILE_RENAME_INFORMATION pfri; //定义一个文件名信息结构体类型
HANDLE hFile;
OBJECT_ATTRIBUTES oa;
NTSTATUS status;
IO_STATUS_BLOCK IoStauts;
ULONG BufferLen;
RtlInitUnicodeString(&usDestFileName,DestFileName);
RtlInitUnicodeString(&usSrcFileName,SrcFileName);
//初始化属性结构体
InitializeObjectAttributes(&oa,&usSrcFileName,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,NULL,NULL);
status = ZwCreateFile(&hFile,
GENERIC_ALL,
&oa,
&IoStauts,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
if (!NT_SUCCESS(status))
{
KdPrint(("文件打开失败!"));
return ;
}
BufferLen = sizeof(FILE_RENAME_INFORMATION) + wcslen(DestFileName)*sizeof(WCHAR);
pfri = (PFILE_RENAME_INFORMATION)ExAllocatePool(PagedPool,BufferLen);
RtlZeroMemory(pfri,BufferLen);
RtlCopyMemory(pfri->FileName,DestFileName,wcslen(DestFileName)*sizeof(WCHAR));
pfri->FileNameLength =wcslen(DestFileName)*sizeof(WCHAR);
pfri->ReplaceIfExists = TRUE;
status = ZwSetInformationFile(hFile,&IoStauts,pfri,BufferLen,FileRenameInformation);
if (!NT_SUCCESS(status))
{
ZwClose(hFile);
KdPrint(("重名失败!%x",status));
return ;
}
ZwClose(hFile);
}
浙公网安备 33010602011771号