|
修改FILE_OJBECT结构里的盘符问题???分不多,请高手看看啊!!
[复制链接]
PVOID pFileNameBuffer = NULL;
// 对象头 = pFileObject->DeviceObject + 0x18
POBJECT_HEADER pObjectHeader = OBJECT_TO_OBJECT_HEADER(pFileObject->DeviceObject);
// _OBJECT_HEADER_NAME_INFO在_OBJECT_HEADER中和偏移
ULONG ulNameInfoOffset = pObjectHeader->NameInfoOffset;
// 整数 - 整数 (不要写成指针 - 整数)
// _OBJECT_HEADER_NAME_INFO = 对象头 - 0x10
ULONG ulObjectNameInfo = (ULONG)pObjectHeader - ulNameInfoOffset;
// _UNICODE_STRING 偏移 + 0x004
PUNICODE_STRING pusVloumeName = (PUNICODE_STRING)(ulObjectNameInfo + 0x004);
RtlInitUnicodeString(&usNewFileName,L"HarddiskVolume2");
pFileNameBuffer = ExAllocatePool(NonPagedPool,pusVloumeName->MaximumLength);
if (!pFileNameBuffer)
{
ntStatus = STATUS_UNSUCCESSFUL;
return ntStatus;
}
/ 把原来的释放
ExFreePool(pusVloumeName->Buffer);
pusVloumeName->Buffer = pFileNameBuffer;
pusVloumeName->Length = usNewFileName.Length;
pusVloumeName->MaximumLength = usNewFileName.MaximumLength;
RtlCopyUnicodeString(pusVloumeName,&usNewFileName);
DbgPrint(" [%ws] len %d \r\n",pusVloumeName->Buffer,pusVloumeName->Length);
ntStatus = RtlVolumeDeviceToDosName(pFileObject->DeviceObject,&usDosName);
以上是我通过FILE_OBJECT的修改过程 ,在C盘上存文件时,转到“HarddiskVolume2”第二个卷上,但求得的usDosName还是C盘!原因不明,请高手指教!!!!!!!!!!!
|
|