IO_STATUS_BLOCK ioStatus;
OBJECT_ATTRIBUTES objectAttributes;
PFILE_OBJECT fileObject = NULL;
HANDLE ntFileHandle;
// We have to figure out what device to hook - first open the volume's
// root directory
//
InitializeObjectAttributes(&objectAttributes, pDiskName, OBJ_CASE_INSENSITIVE, NULL, NULL );
status = ZwCreateFile(&ntFileHandle, SYNCHRONIZE|FILE_ANY_ACCESS,
&objectAttributes, &ioStatus, NULL, 0,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE,
NULL, 0);
if (!NT_SUCCESS(status))
{
DbgPrint(("Filemon: Could not open drive\n"));
return FALSE;
}
KdPrint(("Open Device is OK\n"));
//
// Got the file handle, so now look-up the file-object it refers to
//
status = ObReferenceObjectByHandle(ntFileHandle, FILE_READ_DATA, NULL, KernelMode, &fileObject, NULL);
if(!NT_SUCCESS(status))
{
DbgPrint(("Filemon: Could not get fileobject from handle\n"));
ZwClose(ntFileHandle);
return FALSE;
}
DiskDeviceObject = IoGetRelatedDeviceObject(fileObject);
if(!DiskDeviceObject)
{
DbgPrint(("Filemon: Could not get related device object\n"));
goto ErrHand;
}
//创建挂载设备
status = IoCreateDevice(
g_CDO->DriverObject,
sizeof(DEVICE_EXTENSION),
NULL,
DiskDeviceObject->DeviceType,
FILE_DEVICE_SECURE_OPEN,
FALSE,
&NewDeviceObject
);
if (!NT_SUCCESS(status))
{
goto ErrHand;
}
NewDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;
*pOurDevice = NewDeviceObject;