驱动文件操作
2016-05-19 11:33
176 查看
一、创建文件
#pragma INITCODE
VOID CreateFileTest()
{
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
//初始化UNICODE_STRING字符串
RtlInitUnicodeString(
&logFileUnicodeString,
L"\\??\\C:\\1.log");
//或者写成 "\\Device\\HarddiskVolume1\\1.LOG"
//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
//创建文件
NTSTATUS ntStatus = ZwCreateFile(
&hfile,
GENERIC_WRITE,
&objectAttributes,
&iostatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OPEN_IF,//即使存在该文件,也创建
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0
);
if ( NT_SUCCESS(ntStatus))
{
KdPrint(("Create file
succussfully!\n"));
}else
{
KdPrint(("Create
file unsuccessfully!\n"));
}
//文件操作
//.......
//关闭文件句柄
ZwClose(hfile);
}
二、打开文件
#pragma INITCODE
VOID OpenFileTest2()
{
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
//初始化UNICODE_STRING字符串
RtlInitUnicodeString(
&logFileUnicodeString,
L"\\??\\C:\\1.log");
//或者写成 "\\Device\\HarddiskVolume1\\1.LOG"
//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
//创建文件
NTSTATUS ntStatus = ZwOpenFile(
&hfile,
GENERIC_ALL,
&objectAttributes,
&iostatus,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_NONALERT);
if ( NT_SUCCESS(ntStatus))
{
KdPrint(("Create file
succussfully!\n"));
}else
{
KdPrint(("Create
file unsuccessfully!\n"));
}
//文件操作
//.......
//关闭文件句柄
ZwClose(hfile);
}
#pragma INITCODE
VOID OpenFileTest1()
{
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
//初始化UNICODE_STRING字符串
RtlInitUnicodeString(
&logFileUnicodeString,
L"\\??\\C:\\1.log");
//或者写成 "\\Device\\HarddiskVolume1\\1.LOG"
//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
OBJ_CASE_INSENSITIVE,//对大小写敏感
NULL,
NULL
);
//创建文件
NTSTATUS ntStatus = ZwCreateFile(
&hfile,
GENERIC_READ,
&objectAttributes,
&iostatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_WRITE,
FILE_OPEN,//对文件打开,如果不存在则返回错误
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0
);
if ( NT_SUCCESS(ntStatus))
{
KdPrint(("Open file
succussfully!\n"));
}else
{
KdPrint(("Open
file unsuccessfully!\n"));
}
//文件操作
//.......
//关闭文件句柄
ZwClose(hfile);
}
三、修改文件的属性(可能有问题)
#pragma INITCODE
VOID ReadFileTest()
{
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
//初始化UNICODE_STRING字符串
RtlInitUnicodeString(
&logFileUnicodeString,
L"\\??\\C:\\1.log");
//或者写成 "\\Device\\HarddiskVolume1\\1.LOG"
//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
OBJ_CASE_INSENSITIVE,//对大小写敏感
NULL,
NULL
);
//创建文件
NTSTATUS ntStatus = ZwCreateFile(
&hfile,
GENERIC_READ,
&objectAttributes,
&iostatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OPEN,//即使存在该文件,也创建
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0
);
if (!NT_SUCCESS(ntStatus))
{
KdPrint(("The file is not
exist!\n"));
return;
}
FILE_STANDARD_INFORMATION fsi;
//读取文件长度
ntStatus = ZwQueryInformationFile(hfile,
&iostatus,
&fsi,
sizeof(FILE_STANDARD_INFORMATION),
FileStandardInformation);
KdPrint(("The program want to read %d
bytes\n",fsi.EndOfFile.QuadPart));
//为读取的文件分配缓冲区
PUCHAR pBuffer =
(PUCHAR)ExAllocatePool(PagedPool,
(LONG)fsi.EndOfFile.QuadPart);
//读取文件
ZwReadFile(hfile,NULL,
NULL,NULL,
&iostatus,
pBuffer,
(LONG)fsi.EndOfFile.QuadPart,
NULL,NULL);
KdPrint(("The program really read %d
bytes\n",iostatus.Information));
//关闭文件句柄
ZwClose(hfile);
//释放缓冲区
ExFreePool(pBuffer);
}
四、写文件的操作
#pragma INITCODE
VOID WriteFileTest()
{
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
//初始化UNICODE_STRING字符串
RtlInitUnicodeString(
&logFileUnicodeString,
L"\\??\\C:\\1.log");
//或者写成 "\\Device\\HarddiskVolume1\\1.LOG"
//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
OBJ_CASE_INSENSITIVE,//对大小写敏感
NULL,
NULL
);
//创建文件
NTSTATUS ntStatus = ZwCreateFile(
&hfile,
GENERIC_WRITE,
&objectAttributes,
&iostatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_WRITE,
FILE_OPEN_IF,//即使存在该文件,也创建
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0
);
#define BUFFER_SIZE 1024
PUCHAR pBuffer =
(PUCHAR)ExAllocatePool(PagedPool,BUFFER_SIZE);
//构造要填充的数据
RtlFillMemory(pBuffer,BUFFER_SIZE,0xAA);
KdPrint(("The program will write %d
bytes\n",BUFFER_SIZE));
//写文件
ZwWriteFile(hfile,NULL,NULL,NULL,&iostatus,pBuffer,BUFFER_SIZE,NULL,NULL);
KdPrint(("The program really wrote %d
bytes\n",iostatus.Information));
//构造要填充的数据
RtlFillMemory(pBuffer,BUFFER_SIZE,0xBB);
KdPrint(("The program will append %d
bytes\n",BUFFER_SIZE));
//追加数据
LARGE_INTEGER number;
number.QuadPart = 1024i64;//设置文件指针
//对文件进行附加写
ZwWriteFile(hfile,NULL,NULL,NULL,&iostatus,pBuffer,BUFFER_SIZE,&number,NULL);
KdPrint(("The program really appended %d
bytes\n",iostatus.Information));
//关闭文件句柄
ZwClose(hfile);
ExFreePool(pBuffer);
}
五、读文件的操作(可能有问题)
#pragma INITCODE
VOID ReadFileTest()
{
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
//初始化UNICODE_STRING字符串
RtlInitUnicodeString(
&logFileUnicodeString,
L"\\??\\C:\\1.log");
//或者写成 "\\Device\\HarddiskVolume1\\1.LOG"
//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
OBJ_CASE_INSENSITIVE,//对大小写敏感
NULL,
NULL
);
//创建文件
NTSTATUS ntStatus = ZwCreateFile(
&hfile,
GENERIC_READ,
&objectAttributes,
&iostatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OPEN,//即使存在该文件,也创建
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0
);
if (!NT_SUCCESS(ntStatus))
{
KdPrint(("The file is not
exist!\n"));
return;
}
FILE_STANDARD_INFORMATION fsi;
//读取文件长度
ntStatus = ZwQueryInformationFile(hfile,
&iostatus,
&fsi,
sizeof(FILE_STANDARD_INFORMATION),
FileStandardInformation);
KdPrint(("The program want to read %d
bytes\n",fsi.EndOfFile.QuadPart));
//为读取的文件分配缓冲区
PUCHAR pBuffer =
(PUCHAR)ExAllocatePool(PagedPool,
(LONG)fsi.EndOfFile.QuadPart);
//读取文件
ZwReadFile(hfile,NULL,
NULL,NULL,
&iostatus,
pBuffer,
(LONG)fsi.EndOfFile.QuadPart,
NULL,NULL);
KdPrint(("The program really read %d
bytes\n",iostatus.Information));
//关闭文件句柄
ZwClose(hfile);
//释放缓冲区
ExFreePool(pBuffer);
}
//ZwCreateFile
参数DesiredAccess [in] 追加 FILE_APPEND_DATA
和 GENERIC_* 一起执行或操作。FILE_APPEND_DATA 是不起作用的 必须和 FILE_*组合
#pragma INITCODE
VOID CreateFileTest()
{
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
//初始化UNICODE_STRING字符串
RtlInitUnicodeString(
&logFileUnicodeString,
L"\\??\\C:\\1.log");
//或者写成 "\\Device\\HarddiskVolume1\\1.LOG"
//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
//创建文件
NTSTATUS ntStatus = ZwCreateFile(
&hfile,
GENERIC_WRITE,
&objectAttributes,
&iostatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OPEN_IF,//即使存在该文件,也创建
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0
);
if ( NT_SUCCESS(ntStatus))
{
KdPrint(("Create file
succussfully!\n"));
}else
{
KdPrint(("Create
file unsuccessfully!\n"));
}
//文件操作
//.......
//关闭文件句柄
ZwClose(hfile);
}
二、打开文件
#pragma INITCODE
VOID OpenFileTest2()
{
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
//初始化UNICODE_STRING字符串
RtlInitUnicodeString(
&logFileUnicodeString,
L"\\??\\C:\\1.log");
//或者写成 "\\Device\\HarddiskVolume1\\1.LOG"
//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
//创建文件
NTSTATUS ntStatus = ZwOpenFile(
&hfile,
GENERIC_ALL,
&objectAttributes,
&iostatus,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_NONALERT);
if ( NT_SUCCESS(ntStatus))
{
KdPrint(("Create file
succussfully!\n"));
}else
{
KdPrint(("Create
file unsuccessfully!\n"));
}
//文件操作
//.......
//关闭文件句柄
ZwClose(hfile);
}
#pragma INITCODE
VOID OpenFileTest1()
{
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
//初始化UNICODE_STRING字符串
RtlInitUnicodeString(
&logFileUnicodeString,
L"\\??\\C:\\1.log");
//或者写成 "\\Device\\HarddiskVolume1\\1.LOG"
//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
OBJ_CASE_INSENSITIVE,//对大小写敏感
NULL,
NULL
);
//创建文件
NTSTATUS ntStatus = ZwCreateFile(
&hfile,
GENERIC_READ,
&objectAttributes,
&iostatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_WRITE,
FILE_OPEN,//对文件打开,如果不存在则返回错误
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0
);
if ( NT_SUCCESS(ntStatus))
{
KdPrint(("Open file
succussfully!\n"));
}else
{
KdPrint(("Open
file unsuccessfully!\n"));
}
//文件操作
//.......
//关闭文件句柄
ZwClose(hfile);
}
三、修改文件的属性(可能有问题)
#pragma INITCODE
VOID ReadFileTest()
{
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
//初始化UNICODE_STRING字符串
RtlInitUnicodeString(
&logFileUnicodeString,
L"\\??\\C:\\1.log");
//或者写成 "\\Device\\HarddiskVolume1\\1.LOG"
//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
OBJ_CASE_INSENSITIVE,//对大小写敏感
NULL,
NULL
);
//创建文件
NTSTATUS ntStatus = ZwCreateFile(
&hfile,
GENERIC_READ,
&objectAttributes,
&iostatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OPEN,//即使存在该文件,也创建
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0
);
if (!NT_SUCCESS(ntStatus))
{
KdPrint(("The file is not
exist!\n"));
return;
}
FILE_STANDARD_INFORMATION fsi;
//读取文件长度
ntStatus = ZwQueryInformationFile(hfile,
&iostatus,
&fsi,
sizeof(FILE_STANDARD_INFORMATION),
FileStandardInformation);
KdPrint(("The program want to read %d
bytes\n",fsi.EndOfFile.QuadPart));
//为读取的文件分配缓冲区
PUCHAR pBuffer =
(PUCHAR)ExAllocatePool(PagedPool,
(LONG)fsi.EndOfFile.QuadPart);
//读取文件
ZwReadFile(hfile,NULL,
NULL,NULL,
&iostatus,
pBuffer,
(LONG)fsi.EndOfFile.QuadPart,
NULL,NULL);
KdPrint(("The program really read %d
bytes\n",iostatus.Information));
//关闭文件句柄
ZwClose(hfile);
//释放缓冲区
ExFreePool(pBuffer);
}
四、写文件的操作
#pragma INITCODE
VOID WriteFileTest()
{
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
//初始化UNICODE_STRING字符串
RtlInitUnicodeString(
&logFileUnicodeString,
L"\\??\\C:\\1.log");
//或者写成 "\\Device\\HarddiskVolume1\\1.LOG"
//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
OBJ_CASE_INSENSITIVE,//对大小写敏感
NULL,
NULL
);
//创建文件
NTSTATUS ntStatus = ZwCreateFile(
&hfile,
GENERIC_WRITE,
&objectAttributes,
&iostatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_WRITE,
FILE_OPEN_IF,//即使存在该文件,也创建
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0
);
#define BUFFER_SIZE 1024
PUCHAR pBuffer =
(PUCHAR)ExAllocatePool(PagedPool,BUFFER_SIZE);
//构造要填充的数据
RtlFillMemory(pBuffer,BUFFER_SIZE,0xAA);
KdPrint(("The program will write %d
bytes\n",BUFFER_SIZE));
//写文件
ZwWriteFile(hfile,NULL,NULL,NULL,&iostatus,pBuffer,BUFFER_SIZE,NULL,NULL);
KdPrint(("The program really wrote %d
bytes\n",iostatus.Information));
//构造要填充的数据
RtlFillMemory(pBuffer,BUFFER_SIZE,0xBB);
KdPrint(("The program will append %d
bytes\n",BUFFER_SIZE));
//追加数据
LARGE_INTEGER number;
number.QuadPart = 1024i64;//设置文件指针
//对文件进行附加写
ZwWriteFile(hfile,NULL,NULL,NULL,&iostatus,pBuffer,BUFFER_SIZE,&number,NULL);
KdPrint(("The program really appended %d
bytes\n",iostatus.Information));
//关闭文件句柄
ZwClose(hfile);
ExFreePool(pBuffer);
}
五、读文件的操作(可能有问题)
#pragma INITCODE
VOID ReadFileTest()
{
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
HANDLE hfile;
UNICODE_STRING logFileUnicodeString;
//初始化UNICODE_STRING字符串
RtlInitUnicodeString(
&logFileUnicodeString,
L"\\??\\C:\\1.log");
//或者写成 "\\Device\\HarddiskVolume1\\1.LOG"
//初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&logFileUnicodeString,
OBJ_CASE_INSENSITIVE,//对大小写敏感
NULL,
NULL
);
//创建文件
NTSTATUS ntStatus = ZwCreateFile(
&hfile,
GENERIC_READ,
&objectAttributes,
&iostatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OPEN,//即使存在该文件,也创建
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0
);
if (!NT_SUCCESS(ntStatus))
{
KdPrint(("The file is not
exist!\n"));
return;
}
FILE_STANDARD_INFORMATION fsi;
//读取文件长度
ntStatus = ZwQueryInformationFile(hfile,
&iostatus,
&fsi,
sizeof(FILE_STANDARD_INFORMATION),
FileStandardInformation);
KdPrint(("The program want to read %d
bytes\n",fsi.EndOfFile.QuadPart));
//为读取的文件分配缓冲区
PUCHAR pBuffer =
(PUCHAR)ExAllocatePool(PagedPool,
(LONG)fsi.EndOfFile.QuadPart);
//读取文件
ZwReadFile(hfile,NULL,
NULL,NULL,
&iostatus,
pBuffer,
(LONG)fsi.EndOfFile.QuadPart,
NULL,NULL);
KdPrint(("The program really read %d
bytes\n",iostatus.Information));
//关闭文件句柄
ZwClose(hfile);
//释放缓冲区
ExFreePool(pBuffer);
}
//ZwCreateFile
参数DesiredAccess [in] 追加 FILE_APPEND_DATA
和 GENERIC_* 一起执行或操作。FILE_APPEND_DATA 是不起作用的 必须和 FILE_*组合
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- April.Quartus&&VerilogHDL
- 知识是不会让人自满的。 少年,只有名和利才会。
- Graphical Analysis of German Parliament Voting Pattern
- [javaSE] 单例设计模式
- Retrofit 2.0 + OkHttp 3.0 配置
- RS232
- ApplicationId与PackageName的纠葛(ApplicationId versus PackageName译文)
- jQuery UI 实例 – 切换(Toggle)
- Android:手把手教你打造可缩放移动的ImageView(下)
- C++实验6-数组合并
- iOS-PingFangSC字体
- Qt入门之信号与槽机制
- Java获取客户端/访问者真实IP地址的两种方法
- 从输入网址到显示网页的全过程分析
- 移动端常见div同行自适应布局
- C++实验6-数组合并
- c++实验6-数组合并
- uses-permission与persmission
- 找水王
- 怎样将多个PDF文件的页面进行合并