|
|
|
DeviceIoControl导致蓝屏。。。
#define FILE_DEVICE_FILEMON 0x00008300
#define IOCTL_FILEMON_ADDPROTECTEDPATH (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x810, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define IOCTL_FILEMON_DELPROTECTEDPATH (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x811, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define IOCTL_FILEMON_GETPROTECTEDPATH (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x812, METHOD_BUFFERED, FILE_ANY_ACCESS )
typedef struct _FilemonNameParam{
char *SourceFileName;
char *CacheFileName;
}FilemonNameParam,*PFilemonNameParam;
#define LOGBUFSIZE ((ULONG)(64*0x400-(3*sizeof(ULONG)+1)))
BOOL SetProtectPath(HANDLE SysHandle,char* Path,bool bAdd=true)
{
DWORD nb;
FilemonNameParam Dir;
Dir.SourceFileName = (char *)malloc(256);
strcpy(Dir.SourceFileName,Path);
Dir.CacheFileName = NULL;
if( !DeviceIoControl(SysHandle,bAdd?IOCTL_FILEMON_ADDPROTECTEDPATH:IOCTL_FILEMON_DELPROTECTEDPATH,
&Dir,sizeof(FilemonNameParam),NULL,
0,&nb,NULL) )
{
free(Dir.SourceFileName);
return FALSE;
}
else{
free(Dir.SourceFileName);
return TRUE;
}
}
BOOL GetProtectPath(HANDLE SysHandle,LPVOID LPOutBuffer,LPDWORD lpLen)
{
DWORD length = 0;
if( !DeviceIoControl(SysHandle,IOCTL_FILEMON_GETPROTECTEDPATH,
NULL, 0, LPOutBuffer,LOGBUFSIZE,
&length, NULL) )
{
return FALSE;
}
else{
*lpLen = length;
return TRUE;
}
}
int _tmain(int argc, _TCHAR* argv[])
{
HANDLE sysHandle;
BeginMonitor(sysHandle);
DWORD len = 0;
char buf[256]={0};
SetProtectPath(sysHandle,"d:\\wfpbs1.txt");
SetProtectPath(sysHandle,"d:\\wfpbs2.txt");
SetProtectPath(sysHandle,"d:\\wfpbs3.txt");
GetProtectPath(sysHandle,buf,&len);
printf("%s\n",buf);
getch();
return 0;
}
调用三次SetProtectPath都可以在驱动的case语句里面断点到。
但是调用最后一个的时候,就直接返回FALSE了,错误码是988。(没有进断点)
过一会就蓝屏了。
我才开始接触这个东西,麻烦指教。。。
|
|
提升卡
变色卡
千斤顶
1/10 
京公网安备 11010802033920号
Copyright © 2005-2024 EEWORLD.com.cn, Inc. All rights reserved
