static
void
TestIoVolumeDeviceToDosName(void)
{
NTSTATUS Status;
ULONG VolumeNumber;
WCHAR VolumeDeviceNameBuffer[32];
UNICODE_STRING VolumeDeviceName;
PFILE_OBJECT FileObject;
PDEVICE_OBJECT DeviceObject;
UNICODE_STRING DosName;
UNICODE_STRING DosVolumePrefix = RTL_CONSTANT_STRING(L"\\\\?\\Volume");
RtlInitEmptyUnicodeString(&VolumeDeviceName,
VolumeDeviceNameBuffer,
sizeof(VolumeDeviceNameBuffer));
VolumeNumber = 0;
Status = STATUS_SUCCESS;
while (1)
{
Status = GetNextVolumeDevice(&VolumeDeviceName,
&VolumeNumber,
Status);
if (!NT_SUCCESS(Status))
{
trace("GetNextVolumeDevice(0x%lx) failed with %lx\n",
VolumeNumber, Status);
break;
}
RtlInitUnicodeString(&VolumeDeviceName, VolumeDeviceNameBuffer);
Status = IoGetDeviceObjectPointer(&VolumeDeviceName,
READ_CONTROL,
&FileObject,
&DeviceObject);
if (!NT_SUCCESS(Status))
{
trace("IoGetDeviceObjectPointer(%wZ) failed with %lx\n",
&VolumeDeviceName, Status);
continue;
}
Status = IoVolumeDeviceToDosName(DeviceObject, &DosName);
ok_eq_hex(Status, STATUS_SUCCESS);
if (!skip(NT_SUCCESS(Status), "No DOS name\n"))
{
trace("DOS name for %wZ is %wZ\n", &VolumeDeviceName, &DosName);
if (DosName.Length == 2 * sizeof(WCHAR))
{
ok(DosName.Buffer[0] >= L'A' &&
DosName.Buffer[0] <= L'Z' &&
DosName.Buffer[1] == L':',
"Unexpected drive letter: %wZ\n", &DosName);
}
else
{
ok(RtlPrefixUnicodeString(&DosVolumePrefix, &DosName, FALSE),
"Unexpected volume path: %wZ\n", &DosName);
}
RtlFreeUnicodeString(&DosName);
}
ObDereferenceObject(FileObject);
Status = STATUS_SUCCESS;
}
ok(VolumeNumber > 1, "No volumes found\n");
}
VOID
GetDosDeviceName(PDEVICE_OBJECT pDeviceObject,
PUNICODE_STRING pShareName,
PUNICODE_STRING pDosName)
{
NTSTATUS status;
UNICODE_STRING tempDosDrive;
ObReferenceObject(pDeviceObject);
status = IoVolumeDeviceToDosName(
(PVOID)pDeviceObject,
&tempDosDrive);
pDosName->Length = 0;
if(NT_SUCCESS(status))
{
int i = 0;
int wchars = tempDosDrive.Length/2;
int pos = 0;
pDosName->MaximumLength = tempDosDrive.MaximumLength + 2;
pDosName->Buffer = ExAllocatePoolWithTag(NonPagedPool, pDosName->MaximumLength, FILE_POOL_TAG);
if(pDosName->Buffer != NULL)
{
pDosName->Buffer[pos++] = '\\';
pDosName->Length += sizeof(WCHAR);
for(i = 0; i < wchars; i++)
{
if(tempDosDrive.Buffer[i] != 0x003A)
{
pDosName->Buffer[pos++] = tempDosDrive.Buffer[i];
pDosName->Length += sizeof(WCHAR); // Unicode is 2-bytes
}
}
ExFreePool(tempDosDrive.Buffer);
}
} else {
if(pShareName != NULL)
{
pDosName->MaximumLength = pShareName->MaximumLength;
pDosName->Buffer = ExAllocatePoolWithTag(NonPagedPool, pDosName->MaximumLength, FILE_POOL_TAG);
if(pDosName->Buffer != NULL)
{
RtlUnicodeStringCopy(pDosName, pShareName);
}
} else {
pDosName->MaximumLength = 30; // Dont change this
pDosName->Buffer = ExAllocatePoolWithTag(NonPagedPool, pDosName->MaximumLength, FILE_POOL_TAG);
if(pDosName->Buffer != NULL)
{
RtlUnicodeStringCatString(pDosName, L"\\UNKNOWN DRIVE");
}
}
}
ObDereferenceObject(pDeviceObject);
}
/*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*
*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*/
NTSTATUS
cfsd_InstanceSetup( IN PCFLT_RELATED_OBJECTS FltObjects,
IN FLT_INSTANCE_SETUP_FLAGS Flags,
IN DEVICE_TYPE VolumeDeviceType,
IN FLT_FILESYSTEM_TYPE VolumeFilesystemType )
{
#if DBG
UCHAR VPBuffer[sizeof(FLT_VOLUME_PROPERTIES)+512];
PFLT_VOLUME_PROPERTIES VolumeProperties = (PFLT_VOLUME_PROPERTIES)VPBuffer;
PDEVICE_OBJECT theDeviceObject = NULL;
ULONG ReturnedLength;
NTSTATUS Status;
UNICODE_STRING DosName;
Status = FltGetVolumeProperties( FltObjects->Volume,
VolumeProperties,
sizeof( VPBuffer ),
&ReturnedLength );
if ( !NT_SUCCESS( Status ) )
{
}
// Zero it so we can show a NULL if no DOS name is found
RtlZeroMemory( &DosName, sizeof( UNICODE_STRING ) );
Status = FltGetDiskDeviceObject( FltObjects->Volume, &theDeviceObject );
if ( NT_SUCCESS( Status ) )
{
Status = IoVolumeDeviceToDosName( theDeviceObject, &DosName );
}
else
{
}
#endif // End #if DBG
UNREFERENCED_PARAMETER( FltObjects );
// *************************************************************************************
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "** [ ATTACHMENT REQUEST 0x%X ] **", Flags ) );
// Handle our instance setup under different situations and decide if we want
// to attach under those circumstances
if ( ( FlagOn( FLTFL_INSTANCE_SETUP_AUTOMATIC_ATTACHMENT, Flags ) ) &&
( FlagOn( FLTFL_INSTANCE_SETUP_AUTOMATIC_ATTACHMENT, gAttachRequirements->InstanceFlags ) ) )
{
// If FLTFL_INSTANCE_SETUP_NEWLY_MOUNTED_VOLUME is set and we are not accepting it, return STATUS_FLT_DO_NOT_ATTACH
if ( ( FlagOn( FLTFL_INSTANCE_SETUP_NEWLY_MOUNTED_VOLUME, Flags ) ) &&
( !FlagOn( FLTFL_INSTANCE_SETUP_NEWLY_MOUNTED_VOLUME, gAttachRequirements->InstanceFlags ) ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED attach method - FLTFL_INSTANCE_SETUP_AUTOMATIC_ATTACHMENT -> FLTFL_INSTANCE_SETUP_NEWLY_MOUNTED_VOLUME\n") );
return STATUS_FLT_DO_NOT_ATTACH;
} // End if ( ( FlagOn( FLTFL_INSTANCE_SETUP_NEWLY_MOUNTED_VOLUME, Flags ) ) &&
// ( !FlagOn( FLTFL_INSTANCE_SETUP_NEWLY_MOUNTED_VOLUME, gAttachRequirements->InstanceFlags ) ) )
#if DBG
if ( FlagOn( FLTFL_INSTANCE_SETUP_NEWLY_MOUNTED_VOLUME, Flags ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ACCEPTED attach method - FLTFL_INSTANCE_SETUP_AUTOMATIC_ATTACHMENT -> FLTFL_INSTANCE_SETUP_NEWLY_MOUNTED_VOLUME\n") );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ACCEPTED attach method - FLTFL_INSTANCE_SETUP_AUTOMATIC_ATTACHMENT\n") );
}
#endif // End #if DBG
} // End if ( ( FlagOn( FLTFL_INSTANCE_SETUP_AUTOMATIC_ATTACHMENT, Flags ) ) &&
// ( FlagOn( FLTFL_INSTANCE_SETUP_AUTOMATIC_ATTACHMENT, gAttachRequirements->InstanceFlags ) ) )
else if ( ( FlagOn( FLTFL_INSTANCE_SETUP_MANUAL_ATTACHMENT, Flags ) ) &&
( FlagOn( FLTFL_INSTANCE_SETUP_MANUAL_ATTACHMENT, gAttachRequirements->InstanceFlags ) ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ACCEPTED attach method - FLTFL_INSTANCE_SETUP_MANUAL_ATTACHMENT\n") );
} // End if ( ( FlagOn( FLTFL_INSTANCE_SETUP_MANUAL_ATTACHMENT, Flags ) ) &&
// ( FlagOn( FLTFL_INSTANCE_SETUP_MANUAL_ATTACHMENT, gAttachRequirements->InstanceFlags ) ) )
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED ATTACHMENT - Unknown FLAGS in fInstanceSetup()\n") );
return STATUS_FLT_DO_NOT_ATTACH;
}
// *************************************************************************************
switch ( VolumeDeviceType )
{
case FILE_DEVICE_UNKNOWN:
{
if ( FlagOn( gAttachRequirements->InstanceVolumeDeviceTypes, MASK_FILE_DEVICE_UNKNOWN ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FILE_DEVICE_CD_ROM_FILE_SYSTEM:
{
if ( FlagOn( gAttachRequirements->InstanceVolumeDeviceTypes, MASK_FILE_DEVICE_CD_ROM_FILE_SYSTEM ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FILE_DEVICE_DFS_FILE_SYSTEM:
{
if ( FlagOn( gAttachRequirements->InstanceVolumeDeviceTypes, MASK_FILE_DEVICE_DFS_FILE_SYSTEM ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FILE_DEVICE_DISK_FILE_SYSTEM:
{
if ( FlagOn( gAttachRequirements->InstanceVolumeDeviceTypes, MASK_FILE_DEVICE_DISK_FILE_SYSTEM ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FILE_DEVICE_NETWORK_FILE_SYSTEM:
{
if ( FlagOn( gAttachRequirements->InstanceVolumeDeviceTypes, MASK_FILE_DEVICE_NETWORK_FILE_SYSTEM ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FILE_DEVICE_TAPE_FILE_SYSTEM:
{
if ( FlagOn( gAttachRequirements->InstanceVolumeDeviceTypes, MASK_FILE_DEVICE_TAPE_FILE_SYSTEM ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FILE_DEVICE_NULL:
{
if ( FlagOn( gAttachRequirements->InstanceVolumeDeviceTypes, MASK_FILE_DEVICE_NULL ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FILE_DEVICE_VIRTUAL_DISK:
{
if ( FlagOn( gAttachRequirements->InstanceVolumeDeviceTypes, MASK_FILE_DEVICE_VIRTUAL_DISK ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume <%wZ> [%wZ] (%wZ)\n", &DosName, &VolumeProperties->RealDeviceName, &VolumeProperties->FileSystemDeviceName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
default :
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACHED to NONSUPPORTED Volume Device type : 0x%x\n",VolumeDeviceType ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
} // End switch ( VolumeDeviceType
// *************************************************************************************
switch ( VolumeFilesystemType )
{
case FLT_FSTYPE_UNKNOWN:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_UNKNOWN ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to File System type : FLT_FSTYPE_UNKNOWN [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_UNKNOWN [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_RAW:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_RAW ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_RAW [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_RAW [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_NTFS:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_NTFS ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_NTFS [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_NTFS [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_FAT:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_FAT ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_FAT [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_FAT [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_CDFS:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_CDFS ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_CDFS [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_CDFS [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_UDFS:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_UDFS ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_UDFS [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_UDFS [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_LANMAN:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_LANMAN ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_LANMAN [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_LANMAN [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_WEBDAV:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_WEBDAV ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_WEBDAV [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_WEBDAV [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_RDPDR:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_RDPDR ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_RDPDR [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_RDPDR [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_NFS:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_NFS ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_NFS [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_NFS [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_MS_NETWARE:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_MS_NETWARE) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_MS_NETWARE [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_MS_NETWARE [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_NETWARE:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_NETWARE ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_NETWARE [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_NETWARE [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_BSUDF:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_BSUDF ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_BSUDF [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_BSUDF [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_MUP:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_MUP ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_MUP [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_MUP [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_RSFX:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_RSFX) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_RSFX [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_RSFX [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_ROXIO_UDF1:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_ROXIO_UDF1) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_ROXIO_UDF1 [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_ROXIO_UDF1 [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_ROXIO_UDF2:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_ROXIO_UDF2 ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_ROXIO_UDF2 [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_ROXIO_UDF2 [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
case FLT_FSTYPE_ROXIO_UDF3:
{
if ( FlagOn( gAttachRequirements->InstancedFileSystemTypes, MASK_FSTYPE_ROXIO_UDF3 ) )
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "ATTACHED to Volume File System type : FLT_FSTYPE_ROXIO_UDF3 [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
}
else
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to Volume File System type : FLT_FSTYPE_ROXIO_UDF3 [%wZ]\n",&VolumeProperties->FileSystemDriverName ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
break;
}
default :
{
DBG_PRINT( DbgOutput, DBG_ATTACH_INSTANCE, (PRINT_TAG_ATTACH "REFUSED to ATTACH to NONSUPPORTED Volume File System type : 0x%x\n",VolumeFilesystemType ) );
return STATUS_FLT_DO_NOT_ATTACH;
}
} // End switch ( VolumeFilesystemType )
// *************************************************************************************
return STATUS_SUCCESS;
}
//--------------------
NTSTATUS HookNtOpenFile(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG ShareAccess,
IN ULONG OpenOptions
)
{
FILE_OBJECT *file;
NTSTATUS status;
NTSTATUS retstatus;
KPROCESSOR_MODE mode;
FILE_NAME_INFORMATION *fni;
IO_STATUS_BLOCK isb;
PWCHAR fullFileName;
UNICODE_STRING f1;
PLIST_ENTRY link;
OpenFileEntry *entry;
char* str;
int len1;
int len2;
char* ptr;
ANSI_STRING fi;
++glHookCounter;
// получаем режим процессора (пользовательский или ядра) из которого пришёл запрос
mode = ExGetPreviousMode();
if (mode == KernelMode)
mode = 'K';
else
mode = 'U';
retstatus = glRealNtOpenFile(FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock,
ShareAccess, OpenOptions);
if (ObjectAttributes->RootDirectory) {
// выделения памяти для информации о файле
do
fni = (FILE_NAME_INFORMATION*)ExAllocatePool(PagedPool, 0x1000);
while (fni == NULL);
if (!fni) {
do
fullFileName = ExAllocatePool(PagedPool, len + ObjectAttributes->ObjectName->Length + 2);
while (fullFileName == NULL);
KdPrint(("STR %S\n", ObjectAttributes->ObjectName->Buffer));
KdPrint(("LEN %d\n", ObjectAttributes->ObjectName->Length));
//wcscpy(fullFileName, ObjectAttributes->ObjectName->Buffer);
}
else {
status = ObReferenceObjectByHandle(
ObjectAttributes->RootDirectory, // описатель
0, // права доступа
*IoFileObjectType, // указатель на объект "Тип" для данного объекта
KernelMode, // уровень доступа
// KernelMode - доступ из ядра
// UserMode - доступ из пользовательского режима
// Так как мы указали доступ из ядра,
// то права доступа и указатель на объект "Тип" не обязательны.
// Но, т.к. указатель на объект "Тип" указан, то система проверяет,
// что тип объекта по описателю совпадает с указанным.
&file, // указатель для сохранения указателя на объект
NULL); // указатель для получения дополнительной информации об описателе
if (NT_SUCCESS(status)) {
UNICODE_STRING diskName;
file->FileName.Buffer[file->FileName.Length / 2] = 0;
status = IoVolumeDeviceToDosName(file->DeviceObject, &diskName);
if (NT_SUCCESS(status)) {
diskName.Buffer[diskName.Length / 2] = 0;
do
fullFileName = ExAllocatePool(PagedPool,
file->FileName.Length + len + diskName.Length + ObjectAttributes->ObjectName->Length + 2);
while (fullFileName == NULL);
KdPrint(("STR %S\n", ObjectAttributes->ObjectName->Buffer));
KdPrint(("LEN %d\n", ObjectAttributes->ObjectName->Length));
//wcscpy(fullFileName, diskName.Buffer);
}
else {
do
fullFileName = ExAllocatePool(PagedPool,
file->FileName.Length + len + ObjectAttributes->ObjectName->Length + 2);
while (fullFileName == NULL);
KdPrint(("STR %S\n", ObjectAttributes->ObjectName->Buffer));
KdPrint(("LEN %d\n", ObjectAttributes->ObjectName->Length));
//wcscpy(fullFileName, L"");
}
wcscat(fullFileName, file->FileName.Buffer);
wcscat(fullFileName, ObjectAttributes->ObjectName->Buffer);
ObDereferenceObject(file);
}
else {
do
fullFileName = ExAllocatePool(PagedPool, len + ObjectAttributes->ObjectName->Length + 2);
while (fullFileName == NULL);
KdPrint(("STR %S\n", ObjectAttributes->ObjectName->Buffer));
KdPrint(("LEN %d\n", ObjectAttributes->ObjectName->Length));
//wcscpy(fullFileName, ObjectAttributes->ObjectName->Buffer);
}
ExFreePool(fni);
}
}
else {
do
fullFileName = ExAllocatePool(PagedPool, len + ObjectAttributes->ObjectName->Length + 2);
while (fullFileName == NULL);
KdPrint(("STR %S\n", ObjectAttributes->ObjectName->Buffer));
KdPrint(("LEN %d\n", ObjectAttributes->ObjectName->Length));
//wcscpy(fullFileName, ObjectAttributes->ObjectName->Buffer);
}
ExFreePool(fullFileName);
//если раскоментить wcscpy , что сверху, то драйвер будет падать,
//по-этому нужно поработать над этим(Маткину не очень нравится)
//падает изза того, что в какой то момент, выделяется мало памяти, а дальше происходт запись в "0"
//и начиная с if (ObjectAttributes->RootDirectory) идет по идее бесполезный код
//по-этому дальше идет "костыль"
do
fullFileName = ExAllocatePool(NonPagedPool, len + ObjectAttributes->ObjectName->Length + 2);
while (fullFileName == NULL);
wcscpy(fullFileName, ObjectAttributes->ObjectName->Buffer);
//"костыль" заключается в том , что я выделяю память предварительно больше чем нужно
//за это отвечает глобальная переменная len
//бегаем по списку
for (link = glOpenFiles.Flink; link != &glOpenFiles; link = link->Flink) {
entry = CONTAINING_RECORD(link, OpenFileEntry, link);
//ищим вхождения имени \file_name
if (wcsstr(_wcslwr(fullFileName), _wcslwr(entry->fullName.Buffer)) != NULL)
retstatus = STATUS_ACCESS_DENIED;
// STATUS_OPEN_FAILED
//STATUS_ACCESS_DENIED
}
ExFreePool(fullFileName);
--glHookCounter;
return retstatus;
}
NTSTATUS
NPInstanceSetup (
__in PCFLT_RELATED_OBJECTS FltObjects,
__in FLT_INSTANCE_SETUP_FLAGS Flags,
__in DEVICE_TYPE VolumeDeviceType,
__in FLT_FILESYSTEM_TYPE VolumeFilesystemType
)
{
NTSTATUS status = STATUS_SUCCESS;
PVOLUME_CONTEXT context = NULL;
ULONG retLen;
UCHAR volPropBuffer[sizeof(FLT_VOLUME_PROPERTIES)+512];
PFLT_VOLUME_PROPERTIES volProp = (PFLT_VOLUME_PROPERTIES)volPropBuffer;
PDEVICE_OBJECT devObj = NULL;
UNREFERENCED_PARAMETER( Flags );
UNREFERENCED_PARAMETER( VolumeDeviceType );
UNREFERENCED_PARAMETER( VolumeFilesystemType );
PAGED_CODE();
PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
("minifilter1!NPInstanceSetup: Entered\n") );
try
{
// Allocate a volume context structure.
status = FltAllocateContext( FltObjects->Filter,
FLT_VOLUME_CONTEXT,
sizeof(VOLUME_CONTEXT),
NonPagedPool,
&context );
if( !NT_SUCCESS(status) )
leave;
// Get the volume properties, so I can get a sector size
status = FltGetVolumeProperties( FltObjects->Volume,
volProp,
sizeof(volPropBuffer),
&retLen );
if( !NT_SUCCESS(status) )
leave;
// Get sector size
ASSERT((volProp->SectorSize == 0) || (volProp->SectorSize >= MIN_SECTOR_SIZE));
context->SectorSize = max(volProp->SectorSize, MIN_SECTOR_SIZE);
// Get device object, so I can get disk name
context->Name.Buffer = NULL;
status = FltGetDiskDeviceObject( FltObjects->Volume, &devObj );
if( !NT_SUCCESS(status) )
leave;
status = IoVolumeDeviceToDosName( devObj, &context->Name);
if( !NT_SUCCESS(status) )
leave;
// Set the context
status = FltSetVolumeContext( FltObjects->Volume,
FLT_SET_CONTEXT_KEEP_IF_EXISTS,
context,
NULL );
DbgPrint("minifilter1!NPInstanceSetup: [%wZ 0x%04x/0x%04x]\n",
&context->Name, context->SectorSize, volProp->SectorSize);
DbgPrint("[%wZ - %wZ - %wZ]\n",
&volProp->FileSystemDriverName,
&volProp->FileSystemDeviceName,
&volProp->RealDeviceName);
if (status == STATUS_FLT_CONTEXT_ALREADY_DEFINED )
{
status = STATUS_SUCCESS;
}
}
finally
{
// Always release the context. If the set failed, it will free the
// context. If not, it will remove the reference added by the set.
// Note that the name buffer in the context will get freed by the
// NPCleanupVolumeContext() routine.
if(context)
FltReleaseContext( context );
if(devObj)
ObDereferenceObject( devObj );
}
return status;
}
NTSTATUS
DPVolumeOnLineCompleteRoutine(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOLUME_ONLINE_CONTEXT Context
)
{
//返回值
NTSTATUS ntStatus = STATUS_SUCCESS;
//这个卷设备的dos名字,也就是C,D等
UNICODE_STRING DosName = { 0 };
//在这里Context是不可能为空的,为空就是出错了
ASSERT(Context!=NULL);
//下面调用我们自己的VolumeOnline处理
//获取这个卷的dos名字
ntStatus = IoVolumeDeviceToDosName(Context->DevExt->PhyDevObj, &DosName);
if (!NT_SUCCESS(ntStatus))
goto ERROUT;
//将dos名字变成大写形式
Context->DevExt->VolumeLetter = DosName.Buffer[0];
if (Context->DevExt->VolumeLetter > L'Z')
Context->DevExt->VolumeLetter -= (L'a' - L'A');
//我们只保护“D”盘
if (Context->DevExt->VolumeLetter == L'D')
{
//获取这个卷的基本信息
ntStatus = DPQueryVolumeInformation(
Context->DevExt->PhyDevObj,
&(Context->DevExt->TotalSizeInByte),
&(Context->DevExt->ClusterSizeInByte),
&(Context->DevExt->SectorSizeInByte));
if (!NT_SUCCESS(ntStatus))
{
goto ERROUT;
}
//建立这个卷对应的位图
ntStatus = DPBitmapInit(
&Context->DevExt->Bitmap,
Context->DevExt->SectorSizeInByte,
8,
25600,
(DWORD)(Context->DevExt->TotalSizeInByte.QuadPart /
(LONGLONG)(25600 * 8 * Context->DevExt->SectorSizeInByte)) + 1);
if (!NT_SUCCESS(ntStatus))
goto ERROUT;
//对全局量赋值,说明我们找到需要保护的那个设备了
gProtectDevExt = Context->DevExt;
}
ERROUT:
if (!NT_SUCCESS(ntStatus))
{
if (NULL != Context->DevExt->Bitmap)
{
DPBitmapFree(Context->DevExt->Bitmap);
}
if (NULL != Context->DevExt->TempFile)
{
ZwClose(Context->DevExt->TempFile);
}
}
if (NULL != DosName.Buffer)
{
ExFreePool(DosName.Buffer);
}
//设置等待同步事件,这样可以让我们等待的DeviceIoControl处理过程继续运行
KeSetEvent(
Context->Event,
0,
FALSE);
return STATUS_SUCCESS;
}
