本文整理汇总了C++中InitializeObjectAttributes函数的典型用法代码示例。如果您正苦于以下问题:C++ InitializeObjectAttributes函数的具体用法?C++ InitializeObjectAttributes怎么用?C++ InitializeObjectAttributes使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了InitializeObjectAttributes函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: SampSetUpgradeFlag
BOOLEAN
SampSetUpgradeFlag(
)
/*++
Routine Description:
This routine sets SAM upgrade flag is set. The upgrade
flag is:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\lsa
UpgradeSam = REG_DWORD 1
and the value will be deleted.
Arguments:
Return Value:
TRUE - The flag was set
FALSE - The flag was not set or the value was not present
--*/
{
NTSTATUS NtStatus;
UNICODE_STRING KeyName;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE KeyHandle;
UCHAR Buffer[100];
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION) Buffer;
ULONG KeyValueLength = 100;
ULONG ResultLength;
PULONG UpgradeFlag;
//
// Open the Lsa key in the registry
//
RtlInitUnicodeString(
&KeyName,
SAMP_LSA_KEY_NAME
);
InitializeObjectAttributes(
&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
0,
NULL
);
NtStatus = NtOpenKey(
&KeyHandle,
KEY_SET_VALUE,
&ObjectAttributes
);
if (!NT_SUCCESS(NtStatus)) {
return(FALSE);
}
//
// Query the Notification Packages value
//
RtlInitUnicodeString(
&KeyName,
L"UpgradeSam"
);
NtStatus = NtDeleteValueKey(
KeyHandle,
&KeyName
);
NtClose(KeyHandle);
}示例2: FilterAttach
_Use_decl_annotations_
NDIS_STATUS
FilterAttach(
NDIS_HANDLE NdisFilterHandle,
NDIS_HANDLE FilterDriverContext,
PNDIS_FILTER_ATTACH_PARAMETERS AttachParameters
)
/*++
Routine Description:
Filter attach routine.
Create filter's context, allocate NetBufferLists and NetBuffer pools and any
other resources, and read configuration if needed.
Arguments:
NdisFilterHandle - Specify a handle identifying this instance of the filter. FilterAttach
should save this handle. It is a required parameter in subsequent calls
to NdisFxxx functions.
FilterDriverContext - Filter driver context passed to NdisFRegisterFilterDriver.
AttachParameters - attach parameters
Return Value:
NDIS_STATUS_SUCCESS: FilterAttach successfully allocated and initialize data structures
for this filter instance.
NDIS_STATUS_RESOURCES: FilterAttach failed due to insufficient resources.
NDIS_STATUS_FAILURE: FilterAttach could not set up this instance of this filter and it has called
NdisWriteErrorLogEntry with parameters specifying the reason for failure.
N.B.: FILTER can use NdisRegisterDeviceEx to create a device, so the upper
layer can send Irps to the filter.
--*/
{
PMS_FILTER pFilter = NULL;
NDIS_STATUS Status = NDIS_STATUS_SUCCESS;
NTSTATUS NtStatus;
NDIS_FILTER_ATTRIBUTES FilterAttributes;
ULONG Size;
COMPARTMENT_ID OriginalCompartmentID;
OBJECT_ATTRIBUTES ObjectAttributes = {0};
const ULONG RegKeyOffset = ARRAYSIZE(L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\otlwf\\Parameters\\NdisAdapters\\") - 1;
DECLARE_CONST_UNICODE_STRING(RegKeyPath, L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\otlwf\\Parameters\\NdisAdapters\\{00000000-0000-0000-0000-000000000000}");
RtlCopyMemory(RegKeyPath.Buffer + RegKeyOffset, AttachParameters->BaseMiniportName->Buffer + 8, sizeof(L"{00000000-0000-0000-0000-000000000000}"));
LogFuncEntry(DRIVER_DEFAULT);
do
{
ASSERT(FilterDriverContext == (NDIS_HANDLE)FilterDriverObject);
if (FilterDriverContext != (NDIS_HANDLE)FilterDriverObject)
{
Status = NDIS_STATUS_INVALID_PARAMETER;
break;
}
// Verify the media type is supported. This is a last resort; the
// the filter should never have been bound to an unsupported miniport
// to begin with.
if (AttachParameters->MiniportMediaType != NdisMediumIP)
{
LogError(DRIVER_DEFAULT, "Unsupported media type, 0x%x.", (ULONG)AttachParameters->MiniportMediaType);
Status = NDIS_STATUS_INVALID_PARAMETER;
break;
}
Size = sizeof(MS_FILTER) + AttachParameters->BaseMiniportInstanceName->Length;
pFilter = (PMS_FILTER)FILTER_ALLOC_MEM(NdisFilterHandle, Size);
if (pFilter == NULL)
{
LogWarning(DRIVER_DEFAULT, "Failed to allocate context structure, 0x%x bytes", Size);
Status = NDIS_STATUS_RESOURCES;
break;
}
NdisZeroMemory(pFilter, sizeof(MS_FILTER));
LogVerbose(DRIVER_DEFAULT, "Opening interface registry key %S", RegKeyPath.Buffer);
InitializeObjectAttributes(
&ObjectAttributes,
(PUNICODE_STRING)&RegKeyPath,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL);
// Open the registry key
NtStatus = ZwOpenKey(&pFilter->InterfaceRegKey, KEY_ALL_ACCESS, &ObjectAttributes);
if (!NT_SUCCESS(NtStatus))
{
LogError(DRIVER_DEFAULT, "ZwOpenKey failed to open %S, %!STATUS!", RegKeyPath.Buffer, NtStatus);
Status = NDIS_STATUS_FAILURE;
break;
}
//.........这里部分代码省略.........
示例3: KdPrintKrnl
/*
* 函数说明:
* 初始化通讯
*
* 参数:
* pFlt
*
* 返回值:
* TRUE 成功
* FALSE 失败
*
* 备注:
*
*/
BOOLEAN
CComm::Init(
__in PFLT_FILTER pFlt
)
{
BOOLEAN bRet = FALSE;
CKrnlStr PortName;
NTSTATUS ntStatus = STATUS_UNSUCCESSFUL;
PSECURITY_DESCRIPTOR pSd = NULL;
OBJECT_ATTRIBUTES Ob = {0};
CLog Log;
KdPrintKrnl(LOG_PRINTF_LEVEL_INFO, LOG_RECORED_LEVEL_NEED, L"begin");
__try
{
if (!pFlt)
{
KdPrintKrnl(LOG_PRINTF_LEVEL_ERROR, LOG_RECORED_LEVEL_NEED, L"input argument error");
__leave;
}
if (CMinifilter::ms_pMfIns->CheckEnv(MINIFILTER_ENV_TYPE_FLT_FILTER) && ms_CommInfo.pSeverPort)
{
KdPrintKrnl(LOG_PRINTF_LEVEL_ERROR, LOG_RECORED_LEVEL_NEED, L"already init");
__leave;
}
if (!PortName.Set(g_lpCommPortName, wcslen(g_lpCommPortName)))
{
KdPrintKrnl(LOG_PRINTF_LEVEL_ERROR, LOG_RECORED_LEVEL_NEED, L"PortName.Set failed");
__leave;
}
ntStatus = FltBuildDefaultSecurityDescriptor(&pSd, FLT_PORT_ALL_ACCESS);
if (!NT_SUCCESS(ntStatus))
{
KdPrintKrnl(LOG_PRINTF_LEVEL_ERROR, LOG_RECORED_LEVEL_NEED, L"FltBuildDefaultSecurityDescriptor failed. (%x)",
ntStatus);
__leave;
}
InitializeObjectAttributes(
&Ob,
PortName.Get(),
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
pSd
);
ntStatus = FltCreateCommunicationPort(
pFlt,
&ms_CommInfo.pSeverPort,
&Ob,
NULL,
(PFLT_CONNECT_NOTIFY)CommKmConnectNotify,
(PFLT_DISCONNECT_NOTIFY)CommKmDisconnectNotify,
(PFLT_MESSAGE_NOTIFY)CommKmMessageNotify,
1
);
if (!NT_SUCCESS(ntStatus))
{
KdPrintKrnl(LOG_PRINTF_LEVEL_ERROR, LOG_RECORED_LEVEL_NEED, L"FltCreateCommunicationPort failed. (%x)",
ntStatus);
__leave;
}
bRet = TRUE;
}
__finally
{
if (pSd)
{
FltFreeSecurityDescriptor(pSd);
pSd = NULL;
}
if (!bRet)
{
if (ms_CommInfo.pSeverPort)
//.........这里部分代码省略.........
示例4: ProcessLocaleRegistry
BOOLEAN
ProcessLocaleRegistry(PGENERIC_LIST List)
{
PGENERIC_LIST_ENTRY Entry;
PWCHAR LanguageId;
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING KeyName;
UNICODE_STRING ValueName;
HANDLE KeyHandle;
NTSTATUS Status;
Entry = GetCurrentListEntry(List);
if (Entry == NULL)
return FALSE;
LanguageId = (PWCHAR)GetListEntryUserData(Entry);
if (LanguageId == NULL)
return FALSE;
/* Skip first 4 zeroes */
if (wcslen(LanguageId) >= 4)
LanguageId += 4;
/* Open the NLS language key */
RtlInitUnicodeString(&KeyName,
L"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\NLS\\Language");
InitializeObjectAttributes(&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtOpenKey(&KeyHandle,
KEY_SET_VALUE,
&ObjectAttributes);
if (!NT_SUCCESS(Status))
{
DPRINT1("NtOpenKey() failed (Status %lx)\n", Status);
return FALSE;
}
/* Set default language */
RtlInitUnicodeString(&ValueName,
L"Default");
Status = NtSetValueKey(KeyHandle,
&ValueName,
0,
REG_SZ,
(PVOID)LanguageId,
(wcslen(LanguageId) + 1) * sizeof(WCHAR));
if (!NT_SUCCESS(Status))
{
DPRINT1("NtSetValueKey() failed (Status %lx)\n", Status);
NtClose(KeyHandle);
return FALSE;
}
/* Set install language */
RtlInitUnicodeString(&ValueName,
L"InstallLanguage");
Status = NtSetValueKey (KeyHandle,
&ValueName,
0,
REG_SZ,
(PVOID)LanguageId,
(wcslen(LanguageId) + 1) * sizeof(WCHAR));
NtClose(KeyHandle);
if (!NT_SUCCESS(Status))
{
DPRINT1("NtSetValueKey() failed (Status %lx)\n", Status);
return FALSE;
}
return TRUE;
}示例5: obtest
BOOLEAN
obtest( void )
{
ULONG i;
HANDLE Handles[ 2 ];
NTSTATUS Status;
OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
ObpDumpObjectTable( ObpGetObjectTable(), NULL );
RtlInitString( &ObjectTypeAName, "ObjectTypeA" );
RtlInitString( &ObjectTypeBName, "ObjectTypeB" );
RtlZeroMemory( &ObjectTypeInitializer, sizeof( ObjectTypeInitializer ) );
ObjectTypeInitializer.Length = sizeof( ObjectTypeInitializer );
ObjectTypeInitializer.ValidAccessMask = -1;
ObjectTypeInitializer.PoolType = NonPagedPool;
ObjectTypeInitializer.MaintainHandleCount = TRUE;
ObjectTypeInitializer.DumpProcedure = DumpAProc;
ObjectTypeInitializer.OpenProcedure = OpenAProc;
ObjectTypeInitializer.CloseProcedure = CloseAProc;
ObjectTypeInitializer.DeleteProcedure = DeleteAProc;
ObjectTypeInitializer.ParseProcedure = ParseAProc;
ObCreateObjectType(
&ObjectTypeAName,
&ObjectTypeInitializer,
(PSECURITY_DESCRIPTOR)NULL,
&ObjectTypeA
);
ObjectTypeInitializer.PoolType = NonPagedPool;
ObjectTypeInitializer.MaintainHandleCount = FALSE;
ObjectTypeInitializer.GenericMapping = MyGenericMapping;
ObjectTypeInitializer.DumpProcedure = DumpBProc;
ObjectTypeInitializer.OpenProcedure = NULL;
ObjectTypeInitializer.CloseProcedure = NULL;
ObjectTypeInitializer.DeleteProcedure = DeleteBProc;
ObjectTypeInitializer.ParseProcedure = NULL;
ObCreateObjectType(
&ObjectTypeBName,
&ObjectTypeInitializer,
(PSECURITY_DESCRIPTOR)NULL,
&ObjectTypeB
);
ObpDumpTypes( NULL );
RtlInitString( &DirectoryName, "\\MyObjects" );
InitializeObjectAttributes( &DirectoryObjA,
&DirectoryName,
OBJ_PERMANENT |
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
NtCreateDirectoryObject( &DirectoryHandle,
0,
&DirectoryObjA
);
NtClose( DirectoryHandle );
RtlInitString( &ObjectAName, "\\myobjects\\ObjectA" );
InitializeObjectAttributes( &ObjectAObjA,
&ObjectAName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
RtlInitString( &ObjectBName, "\\myobjects\\ObjectB" );
InitializeObjectAttributes( &ObjectBObjA,
&ObjectBName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
Status = ObCreateObject(
KernelMode,
ObjectTypeA,
&ObjectAObjA,
KernelMode,
NULL,
(ULONG)sizeof( OBJECTTYPEA ),
0L,
0L,
(PVOID *)&ObjectBodyA
);
ObjectA = (POBJECTTYPEA)ObjectBodyA;
ObjectA->TypeALength = sizeof( *ObjectA );
for (i=0; i<4; i++) {
ObjectA->Stuff[i] = i+1;
}
KeInitializeEvent( &ObjectA->Event, NotificationEvent, TRUE );
Status = ObCreateObject(
KernelMode,
ObjectTypeB,
//.........这里部分代码省略.........
示例6: DriverEntry
/*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*
*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*/
NTSTATUS
DriverEntry( IN PDRIVER_OBJECT theDriverObject,
IN PUNICODE_STRING theRegistryPath )
{
NTSTATUS Status;
PSECURITY_DESCRIPTOR SecurityDescriptor;
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING uPortName;
// Open the registry and read in all the setting we will use in kernel mode
EnumerateRegistryValues( theRegistryPath );
// DDK : "...Add itself to the global list of registered minifilters and to provide
// the Filter Manager with a list of callback functions and other information
// about the minifilter."
Status = FltRegisterFilter( theDriverObject,
&cfsd_FilterRegistration,
&gFilterPointer );
if ( NT_SUCCESS( Status ) )
{
#if ENABLE_USER_INTERFACE
Status = FltBuildDefaultSecurityDescriptor( &SecurityDescriptor,
FLT_PORT_ALL_ACCESS );
if ( NT_SUCCESS( Status ) )
{
RtlInitUnicodeString( &uPortName, USER_COMMUNICATION_PORT_NAME );
InitializeObjectAttributes( &ObjectAttributes,
&uPortName,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
SecurityDescriptor );
Status = FltCreateCommunicationPort( gFilterPointer, // Filter
&gUserModeConnection.ServerPort,// *ServerPort
&ObjectAttributes, // ObjectAttributes
NULL, // ServerPortCookie
cfsd_UserModeConnect, // ConnectNotifyCallback
cfsd_UserModeDisconnect, // DisconnectNotifyCallback
cfsd_UserModeCommunication, // MessageNotifyCallback
1 ); // MaxConnections
FltFreeSecurityDescriptor( SecurityDescriptor );
// If we failed to create a communications port then we are going to fail the driver
if ( !NT_SUCCESS( Status ) )
{
KdPrint( (PRINT_TAG "Failed FltCreateCommunicationPort() with NTSTATUS 0x%x\n",Status ) );
// Release our hidden data memory
ExFreePoolWithTag( gFileData, 'parC' );
return Status;
}
DBG_PRINT( DbgOutput, DBG_USERMODE, (PRINT_TAG_USERMODE "Created communication server port 0x%X for usermode access\n", gUserModeConnection.ServerPort ));
}
#endif // End #if ENABLE_USER_INTERFACE
// DDK : "...Notifies the Filter Manager that the minifilter is ready to
// begin attaching to volumes and filtering I/O requests"
Status = FltStartFiltering( gFilterPointer );
if ( !NT_SUCCESS( Status ))
{
#if ENABLE_USER_INTERFACE
FltCloseCommunicationPort( gUserModeConnection.ServerPort );
#endif // End #if ENABLE_USER_INTERFACE
// If we failed FltStartFiltering() then we unregister ourself with the Filter Manager
// so that we no longer recieve calls to process I/O operations.
FltUnregisterFilter( gFilterPointer );
// Release our hidden data memory
ExFreePoolWithTag( gFileData, 'parC' );
}
}
return Status;
}示例7: IsAcpiComputer
static BOOLEAN
IsAcpiComputer(VOID)
{
UNICODE_STRING MultiKeyPathU = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\HARDWARE\\DESCRIPTION\\System\\MultifunctionAdapter");
UNICODE_STRING IdentifierU = RTL_CONSTANT_STRING(L"Identifier");
UNICODE_STRING AcpiBiosIdentifier = RTL_CONSTANT_STRING(L"ACPI BIOS");
OBJECT_ATTRIBUTES ObjectAttributes;
PKEY_BASIC_INFORMATION pDeviceInformation = NULL;
ULONG DeviceInfoLength = sizeof(KEY_BASIC_INFORMATION) + 50 * sizeof(WCHAR);
PKEY_VALUE_PARTIAL_INFORMATION pValueInformation = NULL;
ULONG ValueInfoLength = sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 50 * sizeof(WCHAR);
ULONG RequiredSize;
ULONG IndexDevice = 0;
UNICODE_STRING DeviceName, ValueName;
HANDLE hDevicesKey = NULL;
HANDLE hDeviceKey = NULL;
NTSTATUS Status;
BOOLEAN ret = FALSE;
InitializeObjectAttributes(&ObjectAttributes, &MultiKeyPathU, OBJ_CASE_INSENSITIVE, NULL, NULL);
Status = NtOpenKey(&hDevicesKey, KEY_ENUMERATE_SUB_KEYS, &ObjectAttributes);
if (!NT_SUCCESS(Status))
{
DPRINT("NtOpenKey() failed with status 0x%08lx\n", Status);
goto cleanup;
}
pDeviceInformation = RtlAllocateHeap(RtlGetProcessHeap(), 0, DeviceInfoLength);
if (!pDeviceInformation)
{
DPRINT("RtlAllocateHeap() failed\n");
Status = STATUS_NO_MEMORY;
goto cleanup;
}
pValueInformation = RtlAllocateHeap(RtlGetProcessHeap(), 0, ValueInfoLength);
if (!pDeviceInformation)
{
DPRINT("RtlAllocateHeap() failed\n");
Status = STATUS_NO_MEMORY;
goto cleanup;
}
while (TRUE)
{
Status = NtEnumerateKey(hDevicesKey, IndexDevice, KeyBasicInformation, pDeviceInformation, DeviceInfoLength, &RequiredSize);
if (Status == STATUS_NO_MORE_ENTRIES)
break;
else if (Status == STATUS_BUFFER_OVERFLOW || Status == STATUS_BUFFER_TOO_SMALL)
{
RtlFreeHeap(RtlGetProcessHeap(), 0, pDeviceInformation);
DeviceInfoLength = RequiredSize;
pDeviceInformation = RtlAllocateHeap(RtlGetProcessHeap(), 0, DeviceInfoLength);
if (!pDeviceInformation)
{
DPRINT("RtlAllocateHeap() failed\n");
Status = STATUS_NO_MEMORY;
goto cleanup;
}
Status = NtEnumerateKey(hDevicesKey, IndexDevice, KeyBasicInformation, pDeviceInformation, DeviceInfoLength, &RequiredSize);
}
if (!NT_SUCCESS(Status))
{
DPRINT("NtEnumerateKey() failed with status 0x%08lx\n", Status);
goto cleanup;
}
IndexDevice++;
/* Open device key */
DeviceName.Length = DeviceName.MaximumLength = pDeviceInformation->NameLength;
DeviceName.Buffer = pDeviceInformation->Name;
InitializeObjectAttributes(&ObjectAttributes, &DeviceName, OBJ_CASE_INSENSITIVE, hDevicesKey, NULL);
Status = NtOpenKey(
&hDeviceKey,
KEY_QUERY_VALUE,
&ObjectAttributes);
if (!NT_SUCCESS(Status))
{
DPRINT("NtOpenKey() failed with status 0x%08lx\n", Status);
goto cleanup;
}
/* Read identifier */
Status = NtQueryValueKey(hDeviceKey, &IdentifierU, KeyValuePartialInformation, pValueInformation, ValueInfoLength, &RequiredSize);
if (Status == STATUS_BUFFER_OVERFLOW || Status == STATUS_BUFFER_TOO_SMALL)
{
RtlFreeHeap(RtlGetProcessHeap(), 0, pValueInformation);
ValueInfoLength = RequiredSize;
pValueInformation = RtlAllocateHeap(RtlGetProcessHeap(), 0, ValueInfoLength);
if (!pValueInformation)
{
DPRINT("RtlAllocateHeap() failed\n");
Status = STATUS_NO_MEMORY;
goto cleanup;
}
Status = NtQueryValueKey(hDeviceKey, &IdentifierU, KeyValuePartialInformation, pValueInformation, ValueInfoLength, &RequiredSize);
}
if (!NT_SUCCESS(Status))
{
DPRINT("NtQueryValueKey() failed with status 0x%08lx\n", Status);
//.........这里部分代码省略.........
示例8: main
int __cdecl main(int argc, char *argv[])
{
static PH_COMMAND_LINE_OPTION options[] =
{
{ FI_ARG_HELP, L"h", NoArgumentType },
{ FI_ARG_ACTION, L"a", MandatoryArgumentType },
{ FI_ARG_NATIVE, L"N", NoArgumentType },
{ FI_ARG_PATTERN, L"p", MandatoryArgumentType },
{ FI_ARG_CASESENSITIVE, L"C", NoArgumentType },
{ FI_ARG_OUTPUT, L"o", MandatoryArgumentType },
{ FI_ARG_FORCE, L"f", NoArgumentType },
{ FI_ARG_LENGTH, L"L", MandatoryArgumentType }
};
PH_STRINGREF commandLine;
NTSTATUS status = STATUS_SUCCESS;
if (!NT_SUCCESS(PhInitializePhLibEx(0, 0, 0)))
return 1;
PhUnicodeStringToStringRef(&NtCurrentPeb()->ProcessParameters->CommandLine, &commandLine);
if (!PhParseCommandLine(
&commandLine,
options,
sizeof(options) / sizeof(PH_COMMAND_LINE_OPTION),
PH_COMMAND_LINE_IGNORE_FIRST_PART,
FiCommandLineCallback,
NULL
) || FiArgHelp)
{
FiPrintHelp();
return 0;
}
if (!FiArgFileName && (
FiArgAction &&
PhEqualString2(FiArgAction, L"dir", TRUE)
))
{
FiArgFileName = PhCreateStringFromUnicodeString(&NtCurrentPeb()->ProcessParameters->CurrentDirectory.DosPath);
}
if (!FiArgAction)
{
FiPrintHelp();
return 1;
}
else if (PhEqualString2(FiArgAction, L"map", TRUE))
{
WCHAR deviceNameBuffer[7] = L"\\??\\ :";
ULONG i;
WCHAR targetNameBuffer[0x100];
UNICODE_STRING targetName;
targetName.Buffer = targetNameBuffer;
targetName.MaximumLength = sizeof(targetNameBuffer);
for (i = 0; i < 26; i++)
{
HANDLE linkHandle;
OBJECT_ATTRIBUTES oa;
UNICODE_STRING deviceName;
deviceNameBuffer[4] = (WCHAR)('A' + i);
deviceName.Buffer = deviceNameBuffer;
deviceName.Length = 6 * sizeof(WCHAR);
InitializeObjectAttributes(
&oa,
&deviceName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
if (NT_SUCCESS(NtOpenSymbolicLinkObject(
&linkHandle,
SYMBOLIC_LINK_QUERY,
&oa
)))
{
if (NT_SUCCESS(NtQuerySymbolicLinkObject(
linkHandle,
&targetName,
NULL
)))
{
wprintf(L"%c: %.*s\n", 'A' + i, targetName.Length / 2, targetName.Buffer);
}
NtClose(linkHandle);
}
}
}
else if (!FiArgFileName)
{
wprintf(L"Error: file name missing.\n");
FiPrintHelp();
return 1;
}
//.........这里部分代码省略.........
示例9: DriverEntry
//@@@@@@@@@@@@@@@@@@@@@@@@
// IRQL = passive level
//@@@@@@@@@@@@@@@@@@@@@@@@@
extern "C" NTSTATUS DriverEntry( IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING RegistryPath )
{
NTSTATUS Status = {0};
DbgPrint("Keyboard Filter Driver - DriverEntry\nCompiled at " __TIME__ " on " __DATE__ "\n");
/////////////////////////////////////////////////////////////////////////////////////////
// Fill in IRP dispatch table in the DriverObject to handle I/O Request Packets (IRPs)
/////////////////////////////////////////////////////////////////////////////////////////
// For a filter driver, we want pass down ALL IRP_MJ_XX requests to the driver which
// we are hooking except for those we are interested in modifying.
for(int i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
pDriverObject->MajorFunction[i] = DispatchPassDown;
DbgPrint("Filled dispatch table with generic pass down routine...\n");
//Explicitly fill in the IRP's we want to hook
pDriverObject->MajorFunction[IRP_MJ_READ] = DispatchRead;
//Go ahead and hook the keyboard now
HookKeyboard(pDriverObject);
DbgPrint("Hooked IRP_MJ_READ routine...\n");
//Set up our worker thread to handle file writes of the scan codes extracted from the
//read IRPs
InitThreadKeyLogger(pDriverObject);
//Initialize the linked list that will serve as a queue to hold the captured keyboard scan codes
PDEVICE_EXTENSION pKeyboardDeviceExtension = (PDEVICE_EXTENSION)pDriverObject->DeviceObject->DeviceExtension;
InitializeListHead(&pKeyboardDeviceExtension->QueueListHead);
//Initialize the lock for the linked list queue
KeInitializeSpinLock(&pKeyboardDeviceExtension->lockQueue);
//Initialize the work queue semaphore
KeInitializeSemaphore(&pKeyboardDeviceExtension->semQueue, 0 , MAXLONG);
//Create the log file
IO_STATUS_BLOCK file_status;
OBJECT_ATTRIBUTES obj_attrib;
CCHAR ntNameFile[64] = "\\DosDevices\\c:\\klog.txt";
STRING ntNameString;
UNICODE_STRING uFileName;
RtlInitAnsiString( &ntNameString, ntNameFile);
RtlAnsiStringToUnicodeString(&uFileName, &ntNameString, TRUE );
InitializeObjectAttributes(&obj_attrib, &uFileName, OBJ_CASE_INSENSITIVE, NULL, NULL);
Status = ZwCreateFile(&pKeyboardDeviceExtension->hLogFile,GENERIC_WRITE,&obj_attrib,&file_status,
NULL,FILE_ATTRIBUTE_NORMAL,0,FILE_OPEN_IF,FILE_SYNCHRONOUS_IO_NONALERT,NULL,0);
RtlFreeUnicodeString(&uFileName);
if (Status != STATUS_SUCCESS)
{
DbgPrint("Failed to create log file...\n");
DbgPrint("File Status = %x\n",file_status);
}
else
{
DbgPrint("Successfully created log file...\n");
DbgPrint("File Handle = %x\n",pKeyboardDeviceExtension->hLogFile);
}
// Set the DriverUnload procedure
pDriverObject->DriverUnload = Unload;
DbgPrint("Set DriverUnload function pointer...\n");
DbgPrint("Exiting Driver Entry......\n");
return STATUS_SUCCESS;
}示例10: FiCreateFile
BOOLEAN FiCreateFile(
_Out_ PHANDLE FileHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ PPH_STRING FileName,
_In_opt_ ULONG FileAttributes,
_In_ ULONG ShareAccess,
_In_ ULONG CreateDisposition,
_In_opt_ ULONG Options
)
{
NTSTATUS status;
HANDLE fileHandle;
OBJECT_ATTRIBUTES oa;
IO_STATUS_BLOCK isb;
PPH_STRING fileName;
UNICODE_STRING fileNameUs;
if (!FileAttributes)
FileAttributes = FILE_ATTRIBUTE_NORMAL;
if (!Options)
Options = FILE_SYNCHRONOUS_IO_NONALERT;
// Not needed, because we handle Win32 paths anyway.
//if (!(FiArgNative))
//{
// status = PhCreateFileWin32(
// FileHandle,
// FileName->Buffer,
// DesiredAccess,
// FileAttributes,
// FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
// CreateDisposition,
// Options
// );
// if (!NT_SUCCESS(status))
// {
// wprintf(L"Error creating/opening file: %s\n", PhGetNtMessage(status)->Buffer);
// return FALSE;
// }
// return TRUE;
//}
fileName = FiFormatFileName(FileName);
if (!PhStringRefToUnicodeString(&fileName->sr, &fileNameUs))
{
PhDereferenceObject(fileName);
return FALSE;
}
InitializeObjectAttributes(
&oa,
&fileNameUs,
(!FiArgCaseSensitive ? OBJ_CASE_INSENSITIVE : 0),
NULL,
NULL
);
status = NtCreateFile(
&fileHandle,
DesiredAccess,
&oa,
&isb,
NULL,
FileAttributes,
ShareAccess,
CreateDisposition,
Options,
NULL,
0
);
if (!NT_SUCCESS(status))
{
wprintf(L"Error creating/opening file: %s\n", PhGetNtMessage(status)->Buffer);
return FALSE;
}
*FileHandle = fileHandle;
return TRUE;
}示例11: SampCleanup18471
NTSTATUS
SampCleanup18471(
)
/*++
Routine Description:
Cleans up the transaction log left by fixing bug 18471. This routine
builds a transaction with all the keys in the log and then commits
the transaction
Arguments:
None.
Return Value:
Status codes from the NT registry APIs and NT RXact APIs
--*/
{
OBJECT_ATTRIBUTES ObjectAttributes;
NTSTATUS Status;
HANDLE RootKey = NULL;
HANDLE AliasKey = NULL;
UCHAR Buffer[sizeof(KEY_BASIC_INFORMATION) + 15 * sizeof(WCHAR)];
UCHAR Buffer2[sizeof(KEY_BASIC_INFORMATION) + 15 * sizeof(WCHAR)];
UNICODE_STRING KeyName;
WCHAR KeyBuffer[100];
PKEY_BASIC_INFORMATION BasicInfo = (PKEY_BASIC_INFORMATION) Buffer;
PKEY_BASIC_INFORMATION BasicInfo2 = (PKEY_BASIC_INFORMATION) Buffer2;
ULONG BasicInfoLength;
ULONG Index, Index2;
//
// Open the 18471 key in the registry
//
RtlInitUnicodeString(
&KeyName,
SAMP_FIX_18471_KEY_NAME
);
InitializeObjectAttributes(
&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
0,
NULL
);
Status = NtOpenKey(
&RootKey,
KEY_READ | DELETE,
&ObjectAttributes
);
if (!NT_SUCCESS(Status)) {
//
// If the error was that the key did not exist, then there
// is nothing to cleanup, so return success.
//
if (Status == STATUS_OBJECT_NAME_NOT_FOUND) {
return(STATUS_SUCCESS);
}
return(Status);
}
//
// Create a transaction to add all the keys to delete to
//
Status = SampAcquireWriteLock();
if (!NT_SUCCESS(Status)) {
goto Cleanup;
}
SampSetTransactionDomain(0);
SampTransactionWithinDomain = FALSE;
//
// Now enumerate all the subkeys of the root 18471 key
//
Index = 0;
do
{
Status = NtEnumerateKey(
RootKey,
Index,
KeyBasicInformation,
BasicInfo,
sizeof(Buffer),
&BasicInfoLength
);
//
//
//.........这里部分代码省略.........
示例12: SampCheckMemberUpgradedFor18471
NTSTATUS
SampCheckMemberUpgradedFor18471(
IN ULONG AliasRid,
IN ULONG MemberRid
)
/*++
Routine Description:
This routine checks if the SAM upgrade flag is set. The upgrade
flag is:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\lsa
UpgradeSam = REG_DWORD 1
Arguments:
Return Value:
TRUE - The flag was set
FALSE - The flag was not set or the value was not present
--*/
{
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE KeyHandle;
NTSTATUS Status;
WCHAR KeyName[100];
WCHAR AliasName[15]; // big enough for 4 billion
UNICODE_STRING KeyNameString;
UNICODE_STRING AliasString;
//
// Build the full key name. It is of the form:
// "fix18471\alias_rid\member_rid"
//
wcscpy(
KeyName,
SAMP_FIX_18471_KEY_NAME L"\\"
);
AliasString.Buffer = AliasName;
AliasString.MaximumLength = sizeof(AliasName);
Status = RtlIntegerToUnicodeString(
AliasRid,
16,
&AliasString
);
ASSERT(NT_SUCCESS(Status));
wcscat(
KeyName,
AliasString.Buffer
);
wcscat(
KeyName,
L"\\"
);
AliasString.MaximumLength = sizeof(AliasName);
Status = RtlIntegerToUnicodeString(
MemberRid,
16,
&AliasString
);
ASSERT(NT_SUCCESS(Status));
wcscat(
KeyName,
AliasString.Buffer
);
RtlInitUnicodeString(
&KeyNameString,
KeyName
);
//
// Open the member key in the registry
//
InitializeObjectAttributes(
&ObjectAttributes,
&KeyNameString,
OBJ_CASE_INSENSITIVE,
0,
NULL
);
Status = NtOpenKey(
&KeyHandle,
KEY_READ,
//.........这里部分代码省略.........
示例13: if
//.........这里部分代码省略.........
!is_drv_letter_valid(name[0])) {
/* invalid file path name */
return ERR_PTR(-EINVAL);
}
PrefixLength = (USHORT)strlen(dos_file_prefix[0]);
} else {
int i, j;
for (i = 0; i < 3 && dos_file_prefix[i] != NULL; i++) {
j = strlen(dos_file_prefix[i]);
if (NameLength > j &&
_strnicmp(dos_file_prefix[i], name, j) == 0)
break;
}
if (i >= 3)
return ERR_PTR(-EINVAL);
}
AnsiString = kmalloc(sizeof(CHAR) * (NameLength + PrefixLength + 1),
__GFP_ZERO);
if (NULL == AnsiString)
return ERR_PTR(-ENOMEM);
UnicodeString =
kmalloc(sizeof(WCHAR) * (NameLength + PrefixLength + 1),
__GFP_ZERO);
if (NULL == UnicodeString) {
kfree(AnsiString);
return ERR_PTR(-ENOMEM);
}
if (PrefixLength) {
RtlCopyMemory(&AnsiString[0], dos_file_prefix[0], PrefixLength);
}
RtlCopyMemory(&AnsiString[PrefixLength], name, NameLength);
NameLength += PrefixLength;
AnsiName.MaximumLength = NameLength + 1;
AnsiName.Length = NameLength;
AnsiName.Buffer = AnsiString;
UnicodeName.MaximumLength = (NameLength + 1) * sizeof(WCHAR);
UnicodeName.Length = 0;
UnicodeName.Buffer = (PWSTR)UnicodeString;
RtlAnsiStringToUnicodeString(&UnicodeName, &AnsiName, FALSE);
/* Setup the object attributes structure for the file. */
InitializeObjectAttributes(
&ObjectAttributes,
&UnicodeName,
OBJ_CASE_INSENSITIVE |
OBJ_KERNEL_HANDLE,
NULL,
NULL );
/* Now to open or create the file now */
Status = ZwCreateFile(
&FileHandle,
DesiredAccess,
&ObjectAttributes,
&IoStatus,
0,
FILE_ATTRIBUTE_NORMAL,
ShareAccess,
CreateDisposition,
CreateOptions,
NULL,
0 );
/* Check the returned status of IoStatus... */
if (!NT_SUCCESS(IoStatus.Status)) {
kfree(UnicodeString);
kfree(AnsiString);
return ERR_PTR(cfs_error_code(IoStatus.Status));
}
/* Allocate the file_t: libcfs file object */
fp = kmalloc(sizeof(*fp) + NameLength, __GFP_ZERO);
if (NULL == fp) {
Status = ZwClose(FileHandle);
ASSERT(NT_SUCCESS(Status));
kfree(UnicodeString);
kfree(AnsiString);
return ERR_PTR(-ENOMEM);
}
fp->f_handle = FileHandle;
strcpy(fp->f_name, name);
fp->f_flags = flags;
fp->f_mode = (mode_t)mode;
fp->f_count = 1;
/* free the memory of temporary name strings */
kfree(UnicodeString);
kfree(AnsiString);
return fp;
}示例14: DraidStart
NTSTATUS
DraidStart(
PDRAID_GLOBALS DraidGlobals
) {
NTSTATUS status;
OBJECT_ATTRIBUTES objectAttributes;
#if 0
TDI_CLIENT_INTERFACE_INFO info;
UNICODE_STRING clientName;
#endif
KDPrintM(DBG_LURN_INFO, ("Starting\n"));
InitializeListHead(&DraidGlobals->ArbiterList);
KeInitializeSpinLock(&DraidGlobals->ArbiterListSpinlock);
InitializeListHead(&DraidGlobals->ClientList);
KeInitializeSpinLock(&DraidGlobals->ClientListSpinlock);
KeInitializeEvent(&DraidGlobals->DraidExitEvent, NotificationEvent, FALSE);
KeInitializeEvent(&DraidGlobals->NetChangedEvent, NotificationEvent, FALSE);
InitializeListHead(&DraidGlobals->ListenContextList);
KeInitializeSpinLock(&DraidGlobals->ListenContextSpinlock);
InitializeObjectAttributes(
&objectAttributes, NULL, OBJ_KERNEL_HANDLE, NULL, NULL);
g_DraidGlobals = DraidGlobals;
status = PsCreateSystemThread(
&DraidGlobals->DraidThreadHandle,
THREAD_ALL_ACCESS,
&objectAttributes,
NULL,
NULL,
DraidListenerThreadProc,
DraidGlobals
);
if(!NT_SUCCESS(status)) {
ASSERT(FALSE);
DraidGlobals->DraidThreadHandle = NULL;
DraidGlobals->DraidThreadObject = NULL;
return STATUS_UNSUCCESSFUL;
}
status = ObReferenceObjectByHandle(
DraidGlobals->DraidThreadHandle,
FILE_READ_DATA,
NULL,
KernelMode,
&DraidGlobals->DraidThreadObject,
NULL
);
if(!NT_SUCCESS(status)) {
ASSERT(FALSE);
DraidGlobals->DraidThreadObject = NULL;
DraidGlobals->DraidThreadHandle = NULL;
return STATUS_UNSUCCESSFUL;
}
return STATUS_SUCCESS;
}示例15: RtlCreateUserThread
/*
@implemented
*/
NTSTATUS
NTAPI
RtlCreateUserThread(IN HANDLE ProcessHandle,
IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
IN BOOLEAN CreateSuspended,
IN ULONG StackZeroBits OPTIONAL,
IN SIZE_T StackReserve OPTIONAL,
IN SIZE_T StackCommit OPTIONAL,
IN PTHREAD_START_ROUTINE StartAddress,
IN PVOID Parameter OPTIONAL,
OUT PHANDLE ThreadHandle OPTIONAL,
OUT PCLIENT_ID ClientId OPTIONAL)
{
NTSTATUS Status;
HANDLE Handle;
CLIENT_ID ThreadCid;
INITIAL_TEB InitialTeb;
OBJECT_ATTRIBUTES ObjectAttributes;
CONTEXT Context;
/* First, we'll create the Stack */
Status = RtlpCreateUserStack(ProcessHandle,
StackReserve,
StackCommit,
StackZeroBits,
&InitialTeb);
if (!NT_SUCCESS(Status)) return Status;
/* Next, we'll set up the Initial Context */
RtlInitializeContext(ProcessHandle,
&Context,
Parameter,
StartAddress,
InitialTeb.StackBase);
/* We are now ready to create the Kernel Thread Object */
InitializeObjectAttributes(&ObjectAttributes,
NULL,
0,
NULL,
SecurityDescriptor);
Status = ZwCreateThread(&Handle,
THREAD_ALL_ACCESS,
&ObjectAttributes,
ProcessHandle,
&ThreadCid,
&Context,
&InitialTeb,
CreateSuspended);
if (!NT_SUCCESS(Status))
{
/* Free the stack */
RtlpFreeUserStack(ProcessHandle, &InitialTeb);
}
else
{
/* Return thread data */
if (ThreadHandle)
*ThreadHandle = Handle;
else
NtClose(Handle);
if (ClientId) *ClientId = ThreadCid;
}
/* Return success or the previous failure */
return Status;
}