Hi
I have tried to move the detected file in IRP_MJ_CREATE by calling FltSetInformationFile ().
However, I get a STATUS_ACCESS_DENIED (0xC0000022) error.
- I wonder if there is a way to access the shared folder in the kernel.
Below is my code.
// OriginFilePath : \Device\Mup\192.168.0.4\test\test.txt
// DestFilePath : \Device\Mup\192.168.0.4\test\test.txt.move
NTSTATUS MoveFile(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, WCHAR *OriginFilePath, WCHAR *DestFilePath)
{
UNREFERENCED_PARAMETER(Data);
UNREFERENCED_PARAMETER(FltObjects);
UNREFERENCED_PARAMETER(OriginFilePath);
UNREFERENCED_PARAMETER(DestFilePath);
NTSTATUS Status = STATUS_UNSUCCESSFUL;
UNICODE_STRING OrifileNameUnicodeString = { 0, };
UNICODE_STRING RenfileNameUnicodeString = { 0, };
OBJECT_ATTRIBUTES OriObjAttr = { 0 };
IO_STATUS_BLOCK OriIoFileStatus = { 0, };
PFILE_RENAME_INFORMATION RenameInfo = NULL;
HANDLE FileHandle = NULL;
PFILE_OBJECT ptmpfo = NULL;
if (!OriginFilePath || !DestFilePath)
return Status;
DbgPrint("MoveFile %S -> %S\n", OriginFilePath, DestFilePath);
RtlInitUnicodeString(&OrifileNameUnicodeString, OriginFilePath);
RtlInitUnicodeString(&RenfileNameUnicodeString, DestFilePath);
InitializeObjectAttributes(&OriObjAttr, &OrifileNameUnicodeString, OBJ_KERNEL_HANDLE, NULL, NULL);
Status = FltCreateFileEx(FltObjects->Filter,
FltObjects->Instance,
&FileHandle,
&ptmpfo,
FILE_GENERIC_WRITE, &OriObjAttr, &OriIoFileStatus, NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
FILE_OPEN, 0, NULL, 0, 0
);
if (!NT_SUCCESS(Status) || !FileHandle) {
DbgPrint("FAIL - MoveFile, FltCreateFileEx %X\n", Status);
return Status;
}
RenameInfo = (PFILE_RENAME_INFORMATION)ExAllocatePoolWithTag(NonPagedPool,
sizeof(FILE_RENAME_INFORMATION) + RenfileNameUnicodeString.Length, '12WR');
if (!RenameInfo) {
FltClose(FileHandle);
return Status;
}
memcpy(RenameInfo->FileName, RenfileNameUnicodeString.Buffer, RenfileNameUnicodeString.Length);
RenameInfo->ReplaceIfExists = TRUE;
RenameInfo->RootDirectory = NULL;
RenameInfo->FileNameLength = RenfileNameUnicodeString.Length;
Status = FltSetInformationFile(FltObjects->Instance, ptmpfo, RenameInfo,
sizeof(FILE_RENAME_INFORMATION) + RenfileNameUnicodeString.Length,
FileRenameInformation);
if (!NT_SUCCESS(Status))
DbgPrint("FAIL - MoveFile, FltSetInformation %X\n", Status); // <--- STATUS_ACCESS_DENIED (0xC0000022) error.
ExFreePool(RenameInfo);
FltClose(FileHandle);
return Status;
}