文件重命名的几种写法-白红宇

文件重命名的几种写法

阅读量：4635 次

发布时间：2019-06-09

本文共 7828 字，大约阅读时间需要 26 分钟。

现在主要的是通过往ZwSetInformationFile发送HANDLE和改名请求

再者就是往 IoSetInformation 发送FILEOBJECT和改名请求

以及我自己模仿iosetinformation写成的创建IRP改名

voidRenameFileROutineByHandle(){ UNICODE_STRING  UniFileString; OBJECT_ATTRIBUTES object; NTSTATUS   status; HANDLE    hFile; IO_STATUS_BLOCK  io_status = {0}; PFILE_RENAME_INFORMATION RenamInfo = NULL; UNICODE_STRING  UniRenameStr; PFILE_OBJECT  fileObject; RtlInitUnicodeString(&UniFileString,L"\\Device\\HarddiskVolume2\\1.txt");  InitializeObjectAttributes(  &object,  &UniFileString,  OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,  NULL,  NULL); //打开文件,存在打开，不存在返回错误 status = ZwCreateFile( &hFile,  GENERIC_READ | GENERIC_WRITE,  &object,  &io_status,  NULL,  FILE_ATTRIBUTE_NORMAL,  FILE_SHARE_READ,  FILE_OPEN,  FILE_NON_DIRECTORY_FILE |FILE_SYNCHRONOUS_IO_NONALERT,  NULL,  0); if(!NT_SUCCESS(status)) {  _asm int 3; } RenamInfo = (PFILE_RENAME_INFORMATION)ExAllocatePoolWithTag(NonPagedPool,1024,0); RenamInfo->ReplaceIfExists = FALSE; RenamInfo->RootDirectory = NULL;  UniRenameStr.Buffer = RenamInfo->FileName; RenamInfo->FileNameLength = sizeof(ReNamePath) - sizeof(WCHAR); RtlCopyMemory(UniRenameStr.Buffer,ReNamePath,  sizeof(ReNamePath)); status = ZwSetInformationFile(hFile,&io_status,RenamInfo,1024,FileRenameInformation); if(!NT_SUCCESS(status)) {  _asm int 3; } ZwClose(hFile); return;}voidRenameFileROutineByObj(){ UNICODE_STRING  UniFileString; OBJECT_ATTRIBUTES object; NTSTATUS   status; HANDLE    hFile; IO_STATUS_BLOCK  io_status = {0}; PFILE_RENAME_INFORMATION RenamInfo = NULL; UNICODE_STRING  UniRenameStr; PFILE_OBJECT  fileObject; RtlInitUnicodeString(&UniFileString,L"\\Device\\HarddiskVolume2\\1.txt"); InitializeObjectAttributes(  &object,  &UniFileString,  OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,  NULL,  NULL); //打开文件,存在打开，不存在返回错误 status = ZwCreateFile( &hFile,  GENERIC_READ | GENERIC_WRITE,  &object,  &io_status,  NULL,  FILE_ATTRIBUTE_NORMAL,  FILE_SHARE_READ,  FILE_OPEN,  FILE_NON_DIRECTORY_FILE |FILE_SYNCHRONOUS_IO_NONALERT,  NULL,  0); if(!NT_SUCCESS(status)) {  _asm int 3; } RenamInfo = (PFILE_RENAME_INFORMATION)ExAllocatePoolWithTag(NonPagedPool,1024,0); RenamInfo->ReplaceIfExists = FALSE; RenamInfo->RootDirectory = NULL; UniRenameStr.Buffer = RenamInfo->FileName; RenamInfo->FileNameLength = sizeof(ReNamePath) - sizeof(WCHAR); RtlCopyMemory(UniRenameStr.Buffer,ReNamePath,  sizeof(ReNamePath)); ///   status = ObReferenceObjectByHandle( hFile,    0,    *IoFileObjectType,    KernelMode,    &fileObject,    NULL);   if (!NT_SUCCESS(status))   {    _asm int 3;   }     status = IoSetInformation( fileObject,    FileRenameInformation,    1024,    RenamInfo);   if (!NT_SUCCESS(status))   {    _asm int 3;   }      ObDereferenceObject(fileObject); // ZwClose(hFile); return;}///voidRenameFileROutineByIrp(){UNICODE_STRING  UniFileString; OBJECT_ATTRIBUTES object; NTSTATUS   status; HANDLE    hFile; IO_STATUS_BLOCK  io_status = {0}; PFILE_RENAME_INFORMATION RenamInfo = NULL; UNICODE_STRING  UniRenameStr; PFILE_OBJECT  FileObject; PDEVICE_OBJECT   deviceObject = NULL; PIRP     irp = NULL; KEVENT     event; IO_STATUS_BLOCK  localIoStatus; PIO_STACK_LOCATION  irpSp = NULL; UNICODE_STRING   newFileName; HANDLE    handle; PFILE_OBJECT   targetFileObject; RtlInitUnicodeString(&UniFileString,L"\\Device\\HarddiskVolume2\\1.txt"); InitializeObjectAttributes(  &object,  &UniFileString,  OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,  NULL,  NULL); //打开文件,存在打开，不存在返回错误 status = ZwCreateFile( &hFile,  GENERIC_READ | GENERIC_WRITE,  &object,  &io_status,  NULL,  FILE_ATTRIBUTE_NORMAL,  FILE_SHARE_READ,  FILE_OPEN,  FILE_NON_DIRECTORY_FILE |FILE_SYNCHRONOUS_IO_NONALERT,  NULL,  0); if(!NT_SUCCESS(status)) {  _asm int 3; } RenamInfo = (PFILE_RENAME_INFORMATION)ExAllocatePoolWithTag(NonPagedPool,1024,0); RenamInfo->ReplaceIfExists = FALSE; RenamInfo->RootDirectory = NULL; UniRenameStr.Buffer = RenamInfo->FileName; RenamInfo->FileNameLength = sizeof(ReNamePath) - sizeof(WCHAR); RtlCopyMemory(UniRenameStr.Buffer,ReNamePath,  sizeof(ReNamePath)); status = ObReferenceObjectByHandle( hFile,    0,    *IoFileObjectType,    KernelMode,    &FileObject,    NULL); if (!NT_SUCCESS(status)) {   _asm int 3; } /// 以下为iosetinformationfile ObReferenceObject( FileObject );   KeInitializeEvent( &event, SynchronizationEvent, FALSE );  deviceObject = IoGetRelatedDeviceObject( FileObject );   irp = IoAllocateIrp( deviceObject->StackSize, TRUE );    if (!irp)  {  _asm int 3; }  irp->Tail.Overlay.OriginalFileObject = FileObject;    irp->Tail.Overlay.Thread = PsGetCurrentThread();    irp->RequestorMode = KernelMode;  irp->UserEvent = &event;    irp->Flags = IRP_SYNCHRONOUS_API;     irp->UserIosb = &localIoStatus;     irpSp = IoGetNextIrpStackLocation( irp );    irpSp->MajorFunction = IRP_MJ_SET_INFORMATION;    irpSp->FileObject = FileObject;   irp->AssociatedIrp.SystemBuffer = RenamInfo;    irp->Flags |= IRP_BUFFERED_IO;  irpSp->Parameters.SetFile.Length = 1024;    irpSp->Parameters.SetFile.FileInformationClass = FileRenameInformation;  irpSp->Parameters.SetFile.ReplaceIfExists = RenamInfo->ReplaceIfExists;  if (RenamInfo->FileName[0] == (UCHAR) OBJ_NAME_PATH_SEPARATOR ||            RenamInfo->RootDirectory != NULL)  { / // 以下IopOpenLinkOrRenameTarget  ACCESS_MASK   accessMask = FILE_WRITE_DATA;  OBJECT_ATTRIBUTES  objectAttributes;  IO_STATUS_BLOCK  ioStatus;  OBJECT_HANDLE_INFORMATION  handleInformation;    newFileName.Length = (USHORT) RenamInfo->FileNameLength;  newFileName.MaximumLength = (USHORT) RenamInfo->FileNameLength;  newFileName.Buffer = RenamInfo->FileName;    InitializeObjectAttributes( &objectAttributes,                                &newFileName,                                OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,                                NULL,                                NULL );          status = IoCreateFile( &handle,                               FILE_WRITE_DATA | SYNCHRONIZE,                               &objectAttributes,                               &ioStatus,                               (PLARGE_INTEGER) NULL,                               0,                               FILE_SHARE_READ | FILE_SHARE_WRITE,                               FILE_OPEN,                               FILE_OPEN_FOR_BACKUP_INTENT,                               (PVOID) NULL,                               0L,                               CreateFileTypeNone,                               (PVOID) NULL,          //IO_OPEN_TARGET_DIRECTORY |                               IO_NO_PARAMETER_CHECKING |          0x0004 |                               IO_FORCE_ACCESS_CHECK );    if(!NT_SUCCESS(status))  {   _asm int 3;  }  status = ObReferenceObjectByHandle( handle,                                              accessMask,                                              *IoFileObjectType,                                              KernelMode,                                              (PVOID *) &targetFileObject,                                              &handleInformation );         if(!NT_SUCCESS(status))  {   _asm int 3;  }  ObDereferenceObject( targetFileObject );                  if (IoGetRelatedDeviceObject( targetFileObject) !=                    IoGetRelatedDeviceObject( FileObject )) {                    _asm int 3;                } else {                    irpSp->Parameters.SetFile.FileObject = targetFileObject;                    //*TargetHandle = handle;                    status = STATUS_SUCCESS;                }       } // 以上IopOpenLinkOrRenameTarget / status = IoCallDriver( deviceObject, irp ); if (status == STATUS_PENDING)  KeWaitForSingleObject(&event, Executive, KernelMode, TRUE, 0); if(!NT_SUCCESS(status)) {  _asm int 3; }  ZwClose( handle);//  以上为IOSETINFORMATIONFILE   ZwClose(hFile); ObDereferenceObject(FileObject); return STATUS_SUCCESS;}

转载于:https://www.cnblogs.com/itdef/p/3759975.html

你可能感兴趣的文章

命令行编译运行CSharp文件

查看>>

HDOJ 1060 Leftmost Digit

查看>>

1035等差数列末项计算

查看>>

ASP.NET MVC 2示例Tailspin Travel

查看>>

CDMA鉴权

查看>>