Frank… here is code list.
(code is very dirty, sorry…)
NTSTATUS
RSFFMHookRoutine( PDEVICE_OBJECT HookDevice, IN PIRP Irp )
{
…
case IRP_MJ_CREATE:
…
myHeader = ExAllocatePool(NonPagedPool,4096*sizeof(CHAR) );
if( !myHeader )
{
DbgPrint((“RSFFM : failed to alloc myHeader…\n”));
break;
}
if( FALSE == GetFileSizeAndHandle( fullPathName, &ulFileSize, &hFile,
myHeader ) )
{
break;
}
…
}
unsigned long MyGetFileSize( HANDLE hFile )
{
IO_STATUS_BLOCK IoStatus;
FILE_STANDARD_INFORMATION FSI;
NTSTATUS ntStatus;
UCHAR aaa;
if( !hFile )
{
DbgPrint((“RSFFM : hFile Error in MyGetFileSize…\n”));
return 0; //ÆÄÀÏÀÇ ÇÚµéÀÌ ¾ø´Â °æ¿ì
}
RtlZeroMemory( &FSI, sizeof(FILE_STANDARD_INFORMATION) );
RtlZeroMemory( &IoStatus, sizeof(IO_STATUS_BLOCK) );
ntStatus = ZwQueryInformationFile(
hFile,
&IoStatus,
&FSI,
sizeof( FILE_STANDARD_INFORMATION ),
FileStandardInformation
);
aaa= KeGetCurrentIrql();
DbgPrint((“RSFFM : Current IRQL is [%u]\n”, aaa));
if( !NT_SUCCESS(ntStatus) )
{
DbgPrint((“RSFFM : ntStatus error in MyGetFileSize… Status = %u size
is %u \n”, IoStatus.Status, (unsigned long)FSI.EndOfFile.LowPart));
return 0;
}
return (unsigned long)FSI.EndOfFile.LowPart;
}
#include <stdlib.h>
BOOLEAN GetFileSizeAndHandle( PCHAR fullPathName, unsigned long*
ulFileSize, unsigned long* hFile, char* header )
{
WCHAR fullPath[300];
WCHAR tempwcfilefullpath[300];
HANDLE hFILE;
OBJECT_ATTRIBUTES objectAttributes;
UNICODE_STRING uni_filename;
IO_STATUS_BLOCK ioStatus;
NTSTATUS ntStatus;
PCHAR pBuffer;
mbstowcs( tempwcfilefullpath, fullPathName, 300 );
swprintf( fullPath, L"\??\%s", tempwcfilefullpath );
RtlInitUnicodeString( &uni_filename, fullPath );
InitializeObjectAttributes( &objectAttributes,
&uni_filename,
OBJ_CASE_INSENSITIVE,
NULL,
NULL );
ntStatus = ZwCreateFile( &hFILE,
GENERIC_READ,
&objectAttributes,
&ioStatus,
NULL,
0,
FILE_SHARE_READ,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0 );
if ( !NT_SUCCESS( ntStatus ) )
{
DbgPrint((“RSFFM : Error in ZwCreateFile…\n”));
return (FALSE);
}
pBuffer = ExAllocatePool(NonPagedPool,
4096sizeof(CHAR)
);
if( !pBuffer ){
DbgPrint((“RSFFM : !pBuffer alloc error\n”));
ZwClose(hFILE);
return (FALSE);
}
if (NT_SUCCESS(ZwReadFile(hFILE,
NULL,
NULL,
NULL,
&ioStatus,
pBuffer,
4096sizeof(CHAR),
NULL,
NULL)
)
) {
//DbgPrint((“RSFFM : ReadBytes:[%u]\n”, (unsigned
long)ioStatus.Information));
hFile = (unsigned long)hFILE; //ÆÄÀÏÀÇ ÇÚµé
memcpy((void)header, (void*)pBuffer, 4096*sizeof(CHAR) );
*ulFileSize = MyGetFileSize( hFile );
if( pBuffer ) ExFreePool( pBuffer );
ZwClose(hFILE);
return (TRUE);
}
else {
DbgPrint((“RSFFM : !ZwReadFile”));
if( pBuffer ) ExFreePool( pBuffer );
ZwClose(hFILE);
return (FALSE);
}
}
help… or advise me…
thanks…</stdlib.h>