Hi all,
I have written an driver to backup a files which are used by operating
system or some other process; My driver
can able to backup all the files including system registry, but when I try
to backup the PST file when outlook
got launched, I could not read the file and the read (i.e. ZWReadfile)
doesn't fail; instead it returns only empty
buffer.
// OPEN FILE
InitializeObjectAttributes (&ObjectAttributes,
&UniFileName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
status = ZwCreateFile(&pFileDetails->FileHandle,
STANDARD_RIGHTS_READ,
&ObjectAttributes,
&IoStatus,
0, // alloc
size = none
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT |
FILE_NON_DIRECTORY_FILE |
FILE_SEQUENTIAL_ONLY,
NULL, // eabuffer
0); // ealength
if (!NT_SUCCESS(status))
{
Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = PORTIO_FAILURE;
pFileDetails->FileHandle = (HANDLE) -1;
}
else
{
Irp->IoStatus.Information = InBufferSize;
Irp->IoStatus.Status = PORTIO_SUCCESS;
}
// MOVE THE FILE POINTER TO THE DESIRED LOCATION
status = ZwQueryInformationFile(pFileDetails->FileHandle,
&IoStatus,
&StandardInfo,
sizeof(FILE_STANDARD_INFORMATION),
FileStandardInformation);
if (!NT_SUCCESS(status))
{
Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = PORTIO_FAILURE;
break;
}
LengthOfFile = StandardInfo.EndOfFile.LowPart;
if (LengthOfFile < 1)
{
Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = PORTIO_FAILURE;
break;
}
// READ FILE
status = ZwReadFile(pFileDetails->FileHandle,
NULL,
NULL,
NULL,
&IoStatus,
pFileDetails->Buffer,
pFileDetails->dwSize,
&pFileDetails->dwBeginOffset,
NULL);
if (!NT_SUCCESS(status))
{
Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = PORTIO_FAILURE;
}
else
{
Irp->IoStatus.Information = InBufferSize;
Irp->IoStatus.Status = PORTIO_SUCCESS;
}
}
Please let me know your suggestions to over come the problem.
Elango C
CompuApps, Inc.
Chennai, India.
website:http://celango.blogspot.com