ZwSetInformationFile问题

damofeishazcj

ZwSetInformationFile问题 [复制链接]

NTSTATUS CoreyDDKDriverControl(IN PDEVICE_OBJECT pDevObj,
   IN PIRP pIrp)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
__try
{
KdPrint(("[CoreyFileKiller]Enter HelloDDKDeviceIOControl\n"));

//得到当前堆栈
PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp);
//得到输入缓冲区大小
ULONG cbin = stack->Parameters.DeviceIoControl.InputBufferLength;
//得到输出缓冲区大小
ULONG cbout = stack->Parameters.DeviceIoControl.OutputBufferLength;
//得到IOCTL码
ULONG code = stack->Parameters.DeviceIoControl.IoControlCode;

PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)
pDevObj->DeviceExtension;

ULONG info = 0;
DEVICE_RETN drRetn;

switch(code)
{
case IOCTL_BEGIN_KILL:
{
//得到输入数据
HANDLE hFile;
OBJECT_ATTRIBUTES objectAttributes;
PUNICODE_STRING pPath = (PUNICODE_STRING)pIrp->AssociatedIrp.SystemBuffer;

KdPrint(("[CoreyFileKiller]File:%ws %d %d",pPath->Buffer,pPath->Length,pPath->MaximumLength));

IO_STATUS_BLOCK ioStatus;

InitializeObjectAttributes(&objectAttributes,
pPath,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);

ntStatus = ZwCreateFile(&hFile,
GENERIC_READ|GENERIC_WRITE
,
&objectAttributes,
&ioStatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);

if(NT_SUCCESS(ntStatus))
{
KdPrint(("[CoreyFileKiller]Open file sucessfully.\n"));
}else
{
KdPrint(("[CoreyFileKiller]Open file faily.%x\n",ioStatus.Information));
pIrp->IoStatus.Status = ntStatus;
pIrp->IoStatus.Information = info; // bytes xfered
IoCompleteRequest( pIrp, IO_NO_INCREMENT );
return ntStatus;
}

FILE_BASIC_INFORMATION fbi;
FILE_STANDARD_INFORMATION fsi;

ntStatus = ZwQueryInformationFile(hFile,
&ioStatus,
&fbi,
sizeof(fbi),
FileBasicInformation
);

if(NT_SUCCESS(ntStatus))
{
KdPrint(("[CoreyFileKiller]Read file basic sucessfully.\n"));
}else
{
KdPrint(("[CoreyFileKiller]Read file basic faily.\n"));
pIrp->IoStatus.Status = ntStatus;
pIrp->IoStatus.Information = info; // bytes xfered
IoCompleteRequest( pIrp, IO_NO_INCREMENT );
return ntStatus;
}

ntStatus = ZwQueryInformationFile(hFile,
&ioStatus,
&fsi,
sizeof(FILE_STANDARD_INFORMATION),
FileStandardInformation
);

if(NT_SUCCESS(ntStatus))
{
KdPrint(("[CoreyFileKiller]Read file attribute sucessfully.%d\n",fsi.DeletePending));
}
else
{
KdPrint(("[CoreyFileKiller]Read file attribute faily.\n"));
pIrp->IoStatus.Status = ntStatus;
pIrp->IoStatus.Information = info; // bytes xfered
IoCompleteRequest( pIrp, IO_NO_INCREMENT );
return ntStatus;
}

fsi.DeletePending = TRUE;
ntStatus = ZwSetInformationFile(hFile,
&ioStatus,
&fsi,
sizeof(FILE_STANDARD_INFORMATION),
FileStandardInformation
);

if(NT_SUCCESS(ntStatus))
{
KdPrint(("[CoreyFileKiller]Set file attribute sucessfully.\n"));
drRetn.IsSucessed = 1;
}
else
{
KdPrint(("[CoreyFileKiller]Set file attribute faily.%x\n",ioStatus.Information));
drRetn.IsSucessed = 0;
}

drRetn.ChangeTime    = fbi.ChangeTime;
drRetn.CreationTime    = fbi.CreationTime;
drRetn.FileAttributes = fbi.FileAttributes;
drRetn.LastAccessTime = fbi.LastAccessTime;
drRetn.LastWriteTime  = fbi.LastWriteTime;
info = sizeof(drRetn);
ZwClose(hFile);
}

}

memcpy(pIrp->AssociatedIrp.SystemBuffer,&drRetn,sizeof(drRetn));
// 完成IRP
pIrp->IoStatus.Status = ntStatus;
pIrp->IoStatus.Information = info; // bytes xfered
IoCompleteRequest( pIrp, IO_NO_INCREMENT );
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
KdPrint(("[CoreyFileKiller]Catch a BSOD\n"));
return ntStatus;
}
return ntStatus;
}

ZwSetInformation函数总是调用不成功，调用后ioStatus的Information是18。请问是什么问题啊？大家帮帮我啊。