91av视频/亚洲h视频/操亚洲美女/外国一级黄色毛片 - 国产三级三级三级三级

資源簡介

現(xiàn)在很多做透明加解密的初學(xué)者都比較困惑,不知從何下手,我也是如此,從什么都不會(huì)開始,慢慢肯文件系統(tǒng)內(nèi)幕,到OSR上面請(qǐng)教,四個(gè)月的時(shí)間還是收獲頗豐。其實(shí)真正研究以后會(huì)發(fā)現(xiàn),很多都是體力活,要不斷的去跟蹤文件的操作流程。在這里發(fā)一個(gè)基于minifilter的透明加解密的驅(qū)動(dòng)源碼僅供大家參考,其中也實(shí)現(xiàn)了對(duì)文件標(biāo)識(shí)的處理,文件標(biāo)識(shí)放在文件尾部。算是拋磚引玉吧。坦白的說,這個(gè)代碼并不穩(wěn)定(偶爾與norton殺毒軟件會(huì)有沖突),但是我覺得整個(gè)流程是正確的,可能有些細(xì)節(jié)還沒有考慮清楚,我覺得對(duì)初學(xué)者還是有一定幫助吧,當(dāng)然大蝦們可以跳過,呵呵。另外,有關(guān)加解密算法的代碼由于不是我寫的,也不好公開,所以我把相關(guān)代碼用“\\\”給注釋掉了(但沒有去掉),請(qǐng)大家見諒,不過不會(huì)對(duì)整個(gè)流程產(chǎn)生影響。大家可以重點(diǎn)看一下各個(gè)派遣函數(shù)的實(shí)現(xiàn)。 歡迎大家拍磚,覺得有點(diǎn)意思就頂一下啊,在看代碼的過程中如果有什么好的建議,也希望能告訴我。 最后非常感謝XiangXiangRen,zzbwang,neak47等網(wǎng)友在這段時(shí)間內(nèi)對(duì)我的幫助。XiangXiangRen的書以及zzbwang的帖子對(duì)我完成這項(xiàng)工作有很大的幫助和參考價(jià)值,在此謹(jǐn)與大家分享。 編譯環(huán)境:WDK6001.18002 XP x86 PS: 您可以將附件中的代碼進(jìn)行修改和轉(zhuǎn)發(fā),但轉(zhuǎn)發(fā)時(shí)請(qǐng)注明出處。 http://bbs.driverdevelop.com/htm_data/39/1001/119736.html

資源截圖

代碼片段和文件信息 

#include?“cache.h“
#include?“file.h“

void?Cc_ClearFileCache(PFILE_object?Fileobject?BOOLEAN?bIsFlushCache?PLARGE_INTEGER?FileOffset?ULONG?Length)
{
	BOOLEAN?PurgeRes?;
	BOOLEAN?ResourceAcquired?=?FALSE?;
	BOOLEAN?PagingIoResourceAcquired?=?FALSE?;
	PFSRTL_COMMON_FCB_HEADER?Fcb?=?NULL?;
	LARGE_INTEGER?Delay50Milliseconds?=?{(ULONG)(-50?*?1000?*?10)?-1};
	IO_STATUS_BLOCK?IoStatus?=?{0}?;

	if?((Fileobject?==?NULL))
	{
		return?;
	}

????Fcb?=?(PFSRTL_COMMON_FCB_HEADER)Fileobject->FsContext?;
	if?(Fcb?==?NULL)
	{
		return?;
	}
	
Acquire:
	FsRtlEnterFileSystem()?;

	if?(Fcb->Resource)
		ResourceAcquired?=?ExAcquireResourceExclusiveLite(Fcb->Resource?TRUE)?;
	if?(Fcb->PagingIoResource)
		PagingIoResourceAcquired?=?ExAcquireResourceExclusive(Fcb->PagingIoResourceFALSE);
	else
		PagingIoResourceAcquired?=?TRUE?;
	if?(!PagingIoResourceAcquired)
	{
		if?(Fcb->Resource)??ExReleaseResource(Fcb->Resource);
		FsRtlExitFileSystem();
		KeDelayExecutionThread(KernelModeFALSE&Delay50Milliseconds);	
		goto?Acquire;	
	}

	if(Fileobject->SectionobjectPointer)
	{
		IoSetTopLevelIrp(?(PIRP)FSRTL_FSP_TOP_LEVEL_IRP?);

		if?(bIsFlushCache)
		{
			CcFlushCache(?Fileobject->SectionobjectPointer?FileOffset?Length?&IoStatus?);
		}

		if(Fileobject->SectionobjectPointer->ImageSectionobject)
		{
			MmFlushImageSection(
				Fileobject->SectionobjectPointer
				MmFlushForWrite
				)?;
		}

		if(Fileobject->SectionobjectPointer->DataSectionobject)
		{?
			PurgeRes?=?CcPurgeCacheSection(?Fileobject->SectionobjectPointer
				NULL
				0
				FALSE?);????????????????????????????????????????????????????
		}
??????????????????????????????????????
		IoSetTopLevelIrp(NULL);???????????????????????????????????
	}

	if?(Fcb->PagingIoResource)
		ExReleaseResourceLite(Fcb->PagingIoResource?);???????????????????????????????????????
	if?(Fcb->Resource)
		ExReleaseResourceLite(Fcb->Resource?);?????????????????????

	FsRtlExitFileSystem()?;
}

?屬性????????????大小?????日期????時(shí)間???名稱
-----------?---------??----------?-----??----

?????文件?????????13??2010-01-18?14:39??encryption_on-the-fly\Build.txt

?????文件???????2015??2010-01-18?14:07??encryption_on-the-fly\engine\cache.c

?????文件????????222??2010-01-18?10:36??encryption_on-the-fly\engine\cache.h

?????文件???????3498??2010-01-18?14:36??encryption_on-the-fly\engine\common.h

?????文件???????5759??2010-01-18?14:08??encryption_on-the-fly\engine\ctx.c

?????文件???????1186??2010-01-18?14:04??encryption_on-the-fly\engine\ctx.h

?????文件???????2481??2010-01-18?11:55??encryption_on-the-fly\engine\engine.inf

?????文件????????266??2009-08-19?09:48??encryption_on-the-fly\engine\engine.rc

?????文件??????14969??2010-01-18?14:09??encryption_on-the-fly\engine\file.c

?????文件???????3744??2010-01-18?10:38??encryption_on-the-fly\engine\file.h

?????文件?????121786??2008-01-19?13:16??encryption_on-the-fly\engine\fltKernel.h

?????文件???????1975??2010-01-18?14:35??encryption_on-the-fly\engine\key.c

?????文件????????528??2010-01-18?14:06??encryption_on-the-fly\engine\key.h

?????文件??????74208??2010-01-18?14:33??encryption_on-the-fly\engine\main.c

?????文件???????9158??2010-01-18?10:43??encryption_on-the-fly\engine\main.h

?????文件????????399??2009-10-11?09:40??encryption_on-the-fly\engine\makefile

?????文件???????4882??2010-01-18?14:10??encryption_on-the-fly\engine\message.c

?????文件????????861??2010-01-18?10:56??encryption_on-the-fly\engine\message.h

?????文件??????20007??2010-01-18?10:53??encryption_on-the-fly\engine\process.c

?????文件???????2227??2010-01-18?10:44??encryption_on-the-fly\engine\process.h

?????文件????????324??2010-01-18?10:31??encryption_on-the-fly\engine\sources

?????目錄??????????0??2010-01-18?14:39??encryption_on-the-fly\engine

?????文件????????944??2010-01-18?11:18??encryption_on-the-fly\include\error.h

?????文件???????3700??2010-01-18?14:06??encryption_on-the-fly\include\interface.h

?????文件???????1835??2010-01-18?10:41??encryption_on-the-fly\include\iocommon.h

?????目錄??????????0??2010-01-18?14:37??encryption_on-the-fly\include

?????目錄??????????0??2010-01-18?14:39??encryption_on-the-fly

-----------?---------??----------?-----??----

???????????????276987????????????????????27



............此處省略0個(gè)文件信息

評(píng)論

共有 條評(píng)論