驱动基础之文件操作

一切从基础开始,一切从0开始。 

基础示例:

#pragma PAGEDCODE
VOID FileTest()
{
    OBJECT_ATTRIBUTES    objectAttributes;
    IO_STATUS_BLOCK        iostatus;
    HANDLE                hFile;
    UNICODE_STRING        logFileUnicodeString;
    NTSTATUS            ntStatus;
    PUCHAR                pBuffer;
    LARGE_INTEGER        LINumber;

    FILE_STANDARD_INFORMATION    fsi;
    PUCHAR                pReadBuffer;

    RtlInitUnicodeString(&logFileUnicodeString, L"\\??\\C:\\bin.log");

    //
    //初使化objectattributes结构
    //
    InitializeObjectAttributes(&objectAttributes
                                ,&logFileUnicodeString
                                ,OBJ_CASE_INSENSITIVE    /*对大小写敏感*/
                                ,NULL
                                ,NULL);

    //
    //创建文件
    //
    ntStatus = ZwCreateFile(&hFile
        ,GENERIC_WRITE|GENERIC_READ
        ,&objectAttributes
        ,&iostatus
        ,NULL
        ,FILE_ATTRIBUTE_NORMAL
        ,FILE_SHARE_READ|FILE_SHARE_WRITE
        ,FILE_OPEN_IF    //不存在则创建文件
        /*
        *FILE_OPEN    打开,不存在返回错误
        */
        ,FILE_SYNCHRONOUS_IO_NONALERT
        ,NULL
        ,0);

    if (!NT_SUCCESS(ntStatus))
    {
        dprintf("[XLinkList]@File:%s,Line:%d@File Create Failed!!\n", __FILE__, __LINE__);
    }

    //
    // 构造要填充的数据
    //
    pBuffer = (PUCHAR)ExAllocatePool(PagedPool, BUFFER_SIZE);
    RtlFillMemory(pBuffer, BUFFER_SIZE, 0xAA);
    dprintf("[XLinkList]The program will write %d byte\n", BUFFER_SIZE);

    //
    // 写文件
    //
    ZwWriteFile(hFile, NULL, NULL, NULL, &iostatus, pBuffer, BUFFER_SIZE, NULL, NULL);
    dprintf("[XLinkList]The program really wrote %d bytes\n", iostatus.Information);

    RtlFillMemory(pBuffer, BUFFER_SIZE, 0xBB);
    dprintf("[XLinkList]The program will append %d bytes\n", BUFFER_SIZE);

    //
    // 设置文件指针,从偏移1024处开始写
    //
    LINumber.QuadPart = 1024i64;
    
    //
    // 追加数据
    //
    ZwWriteFile(hFile, NULL, NULL, NULL, &iostatus, pBuffer, BUFFER_SIZE, &LINumber, NULL);
    dprintf("[XLinkList]The program really append %d bytes\n", iostatus.Information);

    ExFreePool(pBuffer);

    /************************************************************************/
    //读文件
    //
    ntStatus = ZwQueryInformationFile(hFile
        ,&iostatus
        ,&fsi
        ,sizeof(FILE_STANDARD_INFORMATION)
        ,FileStandardInformation);
    if (!NT_SUCCESS(ntStatus))
    {
        dprintf("@File:%s,Line:%d@ 读文件出错\n", __FILE__, __LINE__);
        ZwClose(hFile);
        return;
    }
    dprintf("[XLinkList]The program want to read %d bytes\n",fsi.EndOfFile.QuadPart);

    pReadBuffer = (PUCHAR)ExAllocatePool(PagedPool, (LONG)fsi.EndOfFile.QuadPart);
    ZwReadFile(hFile, NULL, NULL, NULL, &iostatus, pReadBuffer, (LONG)fsi.EndOfFile.QuadPart, NULL, NULL);
    dprintf("[XLinkList]The program really read %d bytes\n", iostatus.Information);

    ZwClose(hFile);
    ExFreePool(pReadBuffer);
}

 

posted @ 2012-10-28 11:21  markro  阅读(156)  评论(0)    收藏  举报