登录  | 立即注册

游客您好!登录后享受更多精彩

查看: 141|回复: 1

驱动开发与系统原理-保护与解除保护文件

[复制链接]

78

主题

-6

回帖

71

积分

网站编辑

积分
71
发表于 2025-3-10 23:06:29 | 显示全部楼层 |阅读模式

这里的保护并不是真正的保护,只是通过0环占用文件达到文件无法被操作

0环代码

        #define CTL_PROTECT_PATH IRP_IOCTRL_CODE(14)
        #define CTL_UNPROTECT_PATH IRP_IOCTRL_CODE(15)
        ...
        ...
        //文件操作-保护文件
        NTSTATUS SetProtectIoCall(char* szFileName) {
            NTSTATUS ntSTATUS = STATUS_SUCCESS;
            //文件句柄 
            HANDLE hFile = NULL;
            //文件属性结构体
            FILE_STANDARD_INFORMATION fsi = { 0 };

            //完成状态
            IO_STATUS_BLOCK Iostatus = { 0 };
            //对象属性
            OBJECT_ATTRIBUTES ObjectAtt = { 0 };
            //三环c:\a.txt
            //0环:\\??\\c:\a.txt
            //将三环路径转换成驱动使用的路径
            ANSI_STRING asFilePath = { 0 };
            UNICODE_STRING usFilePath = { 0 };
            UNICODE_STRING usDriverFilePath = { 0 };
            UNICODE_STRING usDrvPath = { 0 };
            WCHAR  wcBuffer[256];
            ULONG wcbufferLen = 256 * sizeof(WCHAR);
            RtlInitEmptyUnicodeString(&usDrvPath, &wcBuffer, wcbufferLen);
            RtlInitUnicodeString(&usDriverFilePath, L"\\??\\");
            RtlInitAnsiString(&asFilePath, szFileName);
            RtlAnsiStringToUnicodeString(&usFilePath, &asFilePath, TRUE);
            RtlAppendUnicodeStringToString(&usDrvPath, &usDriverFilePath);
            RtlAppendUnicodeStringToString(&usDrvPath, &usFilePath);
            RtlFreeUnicodeString(&usFilePath);

            InitializeObjectAttributes(&ObjectAtt, &usDrvPath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);

            //打开文件 ZwOpenFile()
            ntSTATUS = ZwOpenFile(&hFile, GENERIC_ALL, &ObjectAtt, &Iostatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_WRITE|FILE_SHARE_READ, FILE_OPEN,FILE_SYNCHRONOUS_IO_NONALERT,NULL,0);
            //保存文件句柄
            g_FileHandle = hFile;
            return ntSTATUS;


        }
        //文件操作-解除保护文件
        NTSTATUS SetUnProtectIoCall() {
            DbgBreakPoint();
            NTSTATUS ntSTATUS = 1;
            if (g_FileHandle!=NULL)
            {
                ntSTATUS=ZwClose(g_FileHandle);
                return ntSTATUS;
            }
            else
            {
                return ntSTATUS;
            }

        }
        ...
        ...
                case CTL_PROTECT_PATH: {
                ntStatus = SetProtectIoCall(pInputBuffer);
                if (NT_SUCCESS(ntStatus))
                {
                    RtlZeroMemory(pOutputBuffer, 1024);
                    ULONG uRetlength = strlen("Protect Success!");
                    RtlCopyMemory(pOutputBuffer, "Protect Success!", uRetlength);
                    pIrp->IoStatus.Status = STATUS_SUCCESS;
                    pIrp->IoStatus.Information = uRetlength;
                    IoCompleteRequest(pIrp, IO_NO_INCREMENT);
                }
                else {
                    RtlZeroMemory(pOutputBuffer, 1024);
                    ULONG uRetlength = strlen("Protect Failed!");
                    RtlCopyMemory(pOutputBuffer, "Protect Failed!", uRetlength);
                    pIrp->IoStatus.Status = STATUS_SUCCESS;
                    pIrp->IoStatus.Information = uRetlength;
                    IoCompleteRequest(pIrp, IO_NO_INCREMENT);

                }
                return STATUS_SUCCESS;

            }
            case CTL_UNPROTECT_PATH: {
                ntStatus = SetUnProtectIoCall(pInputBuffer);
                if (NT_SUCCESS(ntStatus))
                {
                    RtlZeroMemory(pOutputBuffer, 1024);
                    ULONG uRetlength = strlen("UnProtect Success!");
                    RtlCopyMemory(pOutputBuffer, "UnProtect Success!", uRetlength);
                    pIrp->IoStatus.Status = STATUS_SUCCESS;
                    pIrp->IoStatus.Information = uRetlength;
                    IoCompleteRequest(pIrp, IO_NO_INCREMENT);
                }
                else {
                    RtlZeroMemory(pOutputBuffer, 1024);
                    ULONG uRetlength = strlen("UnProtect Failed!");
                    RtlCopyMemory(pOutputBuffer, "UnProtect Failed!", uRetlength);
                    pIrp->IoStatus.Status = STATUS_SUCCESS;
                    pIrp->IoStatus.Information = uRetlength;
                    IoCompleteRequest(pIrp, IO_NO_INCREMENT);

                }
                return STATUS_SUCCESS;
            }

3环代码

            case'B': {
              RetNumber = 0;
              memset(InputBuffer, 0, sizeof(InputBuffer));
              memset(OutputBuffer, 0, sizeof(OutputBuffer));
              printf("请输入需要保护文件的路径:\n");
              scanf("%s", InputBuffer);
              DeviceIoControl(hDriver, CTL_PROTECT_PATH, InputBuffer, sizeof(InputBuffer), OutputBuffer, sizeof(OutputBuffer), &RetNumber, NULL);
              printf("返回数据: %s\n", OutputBuffer);
              system("pause");
              break;
            }
            case'C': {
              RetNumber = 0;
              memset(InputBuffer, 0, sizeof(InputBuffer));
              memset(OutputBuffer, 0, sizeof(OutputBuffer));
              printf("请输入需要解除保护文件的路径:\n");
              scanf("%s", InputBuffer);
              DeviceIoControl(hDriver, CTL_UNPROTECT_PATH, InputBuffer, sizeof(InputBuffer), OutputBuffer, sizeof(OutputBuffer), &RetNumber, NULL);
              printf("返回数据: %s\n", OutputBuffer);
              system("pause");
              break;
            }

解除保护后

0

主题

189

回帖

145

积分

注册会员

积分
145
发表于 2025-3-17 15:56:38 | 显示全部楼层
支持!!
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|Archiver|手机版|小黑屋|断点社区 |网站地图

GMT+8, 2025-4-4 13:40 , Processed in 0.184623 second(s), 23 queries , Yac On.

Powered by XiunoBBS

Copyright © 2001-2025, 断点社区.

快速回复 返回顶部 返回列表