|
|
本帖最后由 Krueger 于 2020-10-1 05:18 编辑
基于此参考 (https://blog.csdn.net/zy_strive_2012/article/details/78337637),我正在使用符号链接文件测试IrpDeleteFileForce(),但对于pFileObject,状态始终为0xC000000D(STATUS_INVALID_PARAMETER)。 我仅在GetDriveObject()例程中将FILE_OPEN_REPARSE_POINT添加到(IoCreateFile()函数的)的CreateOptions参数中,而IrpCreateFile()例程返回STATUS_SUCCESS,我不明白为什么IrpDeleteFileForce()失败的原因:-(
一些解决方案?
- NTSTATUS GetDriveObject(PUNICODE_STRING pDriveName, PDEVICE_OBJECT* DeviceObject, PDEVICE_OBJECT* ReadDevice)
- {
- NTSTATUS status;
- OBJECT_ATTRIBUTES objectAttributes;
- HANDLE DeviceHandle = NULL;
- IO_STATUS_BLOCK ioStatus;
- PFILE_OBJECT pFileObject;
- if (pDriveName == NULL || DeviceObject == NULL || ReadDevice == NULL)
- return STATUS_INVALID_PARAMETER;
- InitializeObjectAttributes(&objectAttributes, pDriveName, OBJ_CASE_INSENSITIVE, NULL, NULL);
- status = IoCreateFile(&DeviceHandle, SYNCHRONIZE | FILE_ANY_ACCESS, &objectAttributes, &ioStatus, NULL, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE | FILE_OPEN_REPARSE_POINT, NULL, 0, CreateFileTypeNone, NULL, IO_NO_PARAMETER_CHECKING);
- if (!NT_SUCCESS(status))
- return status;
- status = ObReferenceObjectByHandle(DeviceHandle, FILE_READ_DATA, *IoFileObjectType, KernelMode, &pFileObject, NULL);
- if (!NT_SUCCESS(status))
- {
- ZwClose(DeviceHandle);
- return status;
- }
- if (pFileObject->Vpb == 0 || pFileObject->Vpb->RealDevice == NULL)
- {
- ObDereferenceObject(pFileObject);
- ZwClose(DeviceHandle);
- return STATUS_UNSUCCESSFUL;
- }
- *DeviceObject = pFileObject->Vpb->DeviceObject;
- *ReadDevice = pFileObject->Vpb->RealDevice;
- ObDereferenceObject(pFileObject);
- ZwClose(DeviceHandle);
- return STATUS_SUCCESS;
- }
|
|
发表于 2020-9-30 21:40:41
楼主