All,
I am doing a simple experiment with sfilter. I have written a function that
uses IoCreateFileSpecifyDeviceObjectHint to create a file handle on the NTFS
and then write a buffer into it using ZwWriteFile function. The code used to
work when I used IoBuildSynchronousFsdRequest instead of ZwWriteFile to dump
the buffer. However, converting it to ZwWriteFile is giving me invalid
parameter.
OS: WinXP SP3 32 bit
Please note, the file doesn’t exist in the location.
Please note, GetNtfsVdo works fine, as I seeteh file created on the write
device with length zero bytes. This code is invoked through a simple custom
IOCTL.
PS: I know there are handle leaks and memory leaks, this really is a proto.
Here is the code:
NTSTATUS
MyCreateFileUsingVDO(PWSTR DriveLetterSymLink)
{
PDEVICE_OBJECT ntfsVDO = NULL;
OBJECT_ATTRIBUTES objAttrib;
IO_STATUS_BLOCK ioStatus;
HANDLE hTestFile =(HANDLE)-1;
UNICODE_STRING fileName;
LARGE_INTEGER fileAllocationSize;
PVOID buffer = NULL;
NTSTATUS status = STATUS_SUCCESS;
PDEVICE_OBJECT DeviceObject = NULL;
WCHAR DriveNameBuffer [32];
WCHAR VolumeDeviceName[64];
UNICODE_STRING VolumeName;
WCHAR fileNameBuffer[512];
if(NULL == DriveLetterSymLink)
{
return STATUS_INVALID_PARAMETER;
}
RtlZeroMemory(DriveNameBuffer,sizeof(WCHAR)*32);
RtlStringCbPrintfW(DriveNameBuffer,
32,
L"\??\%ws",
DriveLetterSymLink);
RtlInitEmptyUnicodeString(&VolumeName,VolumeDeviceName,64*sizeof(WCHAR));
ntfsVDO = GetNtfsVdo(DriveNameBuffer, &VolumeName);
if(!ntfsVDO)
{
DbgPrint(“Failed to GetNtfsVdo\n”);
return STATUS_INVALID_PARAMETER;
}
RtlInitEmptyUnicodeString(&fileName,fileNameBuffer,512*sizeof(WCHAR));
RtlCopyUnicodeString(&fileName,&VolumeName);
RtlAppendUnicodeToString(&fileName,L"\MyDir\Myfile.txt");
InitializeObjectAttributes(&objAttrib,
&fileName,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE|OBJ_OPENIF,
NULL,
NULL);
fileAllocationSize.QuadPart =FILE_SIZE;
status = IoCreateFileSpecifyDeviceObjectHint(
&hTestFile,
GENERIC_ALL,
&objAttrib,
&ioStatus,
&fileAllocationSize,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
FILE_OPEN_IF,
FILE_WRITE_THROUGH|FILE_NO_INTERMEDIATE_BUFFERING,
NULL,
0,
CreateFileTypeNone,
NULL,
IO_IGNORE_SHARE_ACCESS_CHECK,
ntfsVDO
);
if(!NT_SUCCESS(status))
{
DbgPrint(“Failed to create file %wZ using
IoCreateFileSpecifyDeviceObjectHint status 0x%X\n”,&fileName,status);
return status;
}
DbgPrint(“%wZ created successfully\n”,&fileName);
//Now we will write some junk data in the file.
//First we allocate 4 kb of nonpaged buffer
buffer =
ExAllocatePoolWithTag(NonPagedPool,FILE_SIZE,NTFS_DIRECT_WRITE_IO_TAG); //
NTFS Direct WRITE IO
if(buffer)
{
RtlFillMemory(buffer, FILE_SIZE, ‘M’);
status = ZwWriteFile(hTestFile,
NULL,
NULL,
NULL,
&ioStatus,
buffer,
FILE_SIZE,
NULL,
NULL);
if(!NT_SUCCESS(status))
{
DbgPrint(“ZwWriteFile failed with status %X\n”,status);
}
ExFreePoolWithTag(buffer,NTFS_DIRECT_WRITE_IO_TAG);
ZwClose(hTestFile);
}
else
{
status = STATUS_INSUFFICIENT_RESOURCES;
}
return status;
}
thanks in advance
B