 |
ATAPI(磁盘端口驱动)级文件保护简单实现
#define IoGetIrpStackLocation( Irp , Level) (\ (Irp)->Tail.Overlay.CurrentStackLocation + Level ) BOOL IfIrpHasFobj(PIRP pIrp , LPCWSTR FileName) { ULONG i , j ; PIO_STACK_LOCATION irpStack ; PVOID NamePool ; |
for ( i = 0 ; i < (ULONG)(pIrp->StackCount - pIrp->CurrentLocation + 1) ; i ++) { irpStack = IoGetIrpStackLocation(pIrp , i ); if (irpStack->FileObject) { if (irpStack->FileObject->FileName.Buffer) { NamePool = ExAllocatePool(NonPagedPool , irpStack->FileObject->FileName.Length + 2); if (NamePool) { KDMSG(("%ws" , irpStack->FileObject->FileName.Buffer)); RtlCopyMemory(NamePool , irpStack->FileObject->FileName.Buffer , irpStack->FileObject->FileName.Length + 2); _wcsupr((wchar_t*)NamePool); if (wcsstr((wchar_t*)NamePool , FileName)) { ExFreePool(NamePool); return TRUE ; } ExFreePool(NamePool); } } } } return FALSE ; } NTSTATUS ProxyAtapiScsi(PDEVICE_OBJECT devobj , PIRP pIrp) { NTSTATUS stat ; if (IfIrpHasFobj(pIrp , L"123.TXT")) { pIrp->IoStatus.Status = 0xc0000001; pIrp->IoStatus.Information = 0 ; IoCompleteRequest(pIrp , IO_NO_INCREMENT); return 0xc0000001; } __asm { push pIrp push devobj call OldAtapiScsiDispatch mov stat ,eax } return stat ; } |
相关黑客文章
- 2008-09-16[黑客编程] Linux操作系统Shell基础知识
- 2008-09-16[黑客编程] Shell基础学习:关于Wget命令的..
- 2008-09-16[本地提权] linux下留本地后门的两个方法
- 2008-09-16[工具使用] Linux压缩打包命令使用方法
- 2008-09-15[黑客编程] 新手入门——shell入门
- 2008-09-15[黑客编程] Unix和Linux下C语言学习指南
- 2008-09-15[工具使用] Linux 指令篇:使用者管理--su
- 2008-09-15[工具使用] 3389的SHIFT后门自动扫描
- 2008-09-14[本地提权] 一个linux提权用的技巧
- 2008-09-14[黑客编程] 从脚本编写到面向对象的 Pytho..
