如题,如何在一个U盘过滤驱动里读取U盘扇区并对U盘进行加解密?
请大家指点一下
我想在过滤驱动里创建一个IRP,功能号为IRP_MJ_READ,不知道到底怎么写是读取U盘的零扇区?
我想在SCSI的派遣函数里读取U盘的O扇区,如果发现我写入的标识,则允许使用U盘。如果没发现,则禁用
#pragma LOCKEDCODE
NTSTATUS DispatchForSCSI(IN PDEVICE_OBJECT fido, IN PIRP Irp)
{
KdPrint((DRIVERNAME " - Enter DispatchForSCSI \n"));
//获得设备扩展
PDEVICE_EXTENSION pdx = (PDEVICE_EXTENSION) fido->DeviceExtension;
//获得I/O堆栈
PIO_STACK_LOCATION irpStack = IoGetCurrentIrpStackLocation(Irp);
PDEVICE_OBJECT DeviceObject = pdx->DeviceObject;
NTSTATUS status;
if (_wcsnicmp(DeviceObject->AttachedDevice->DriverObject->DriverName.Buffer,L"\\Driver\\USBSTOR",15)==0)
{
status = ReadSector(fido,Irp);//在这里读0扇区,如果没发现自己写入的标识,则禁用U盘
if (!NT_SUCCESS(status))
{
Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
Irp->IoStatus.Information = 0;
IoCompleteRequest( Irp, IO_NO_INCREMENT );
return STATUS_ACCESS_DENIED;
}
}
}
我想lz这样做也应该可以达到控制访问权限的目的,但是加密怎么做?
有一个想法供lz参考,你可以在文件系统filter层里面做动作,这个层面就是用来实现lz想要实现的功能的
引用: 引用 3 楼 guopeixin 的回复:
我想lz这样做也应该可以达到控制访问权限的目的,但是加密怎么做?
有一个想法供lz参考,你可以在文件系统filter层里面做动作,这个层面就是用来实现lz想要实现的功能的
不好意思,看错了,lz是想直接操作sector
SCSI本身不是很了解,只是知道它是一种很老的协议,用在u盘的驱动里也应该是做什么转换的,应该可以吧,
惭愧,惭愧
我自己参考别人的代码写了点代码,读U盘扇区没有成功。
过滤驱动过载在注册表HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}下,
部分代码如下:高手们给指点一下
#pragma LOCKEDCODE
NTSTATUS DispatchForSCSI(IN PDEVICE_OBJECT fido, IN PIRP Irp)
{
KdPrint((DRIVERNAME " - Enter DispatchForSCSI \n"));
//获得设备扩展
PDEVICE_EXTENSION pdx = (PDEVICE_EXTENSION) fido->DeviceExtension;
//获得I/O堆栈
PIO_STACK_LOCATION irpStack = IoGetCurrentIrpStackLocation(Irp);
PDEVICE_OBJECT DeviceObject = pdx->DeviceObject;
NTSTATUS status;
if (_wcsnicmp(DeviceObject->AttachedDevice->DriverObject->DriverName.Buffer,L"\\Driver\\USBSTOR",15)==0)
{
//读取U盘扇区,没有标识禁用
status = HandleStartDevice(fido,Irp);
if (!NT_SUCCESS(status))
{
Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
Irp->IoStatus.Information = 0;
IoCompleteRequest( Irp, IO_NO_INCREMENT );
return STATUS_ACCESS_DENIED;
}
//获取自旋锁
status = IoAcquireRemoveLock(&pdx->RemoveLock, Irp);
//判断是否成功获取自旋锁
if (!NT_SUCCESS(status))
//结束IRP请求
return CompleteRequest(Irp, status, 0);
//略过当前I/O堆栈
IoSkipCurrentIrpStackLocation(Irp);
//调用底层驱动程序
status = IoCallDriver(pdx->LowerDeviceObject, Irp);
//释放自旋锁
IoReleaseRemoveLock(&pdx->RemoveLock, Irp);
return status;
}
}
NTSTATUS
HandleStartDevice(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
NTSTATUS ntStatus;
CHAR buffer[512] = {0};
ULONG Length = 512;
// Read the device descriptor
//ntStatus = ReadandSelectDescriptors(DeviceObject);
ntStatus = ReadSector(DeviceObject,&buffer,Length);
if(!NT_SUCCESS(ntStatus))
{
KdPrint(("ReadandSelectDescriptors failed\n"));
return ntStatus;
}
return ntStatus;
}
NTSTATUS ReadSector(PDEVICE_OBJECT DeviceObject, PVOID Buffer, ULONG Length)
{
KEVENT event;
NTSTATUS ntStatus = STATUS_SUCCESS;
PIRP Irp;
LARGE_INTEGER lioffset = {0};
IO_STATUS_BLOCK iostatus = {0};
PDEVICE_EXTENSION pdx;
pdx = (PDEVICE_EXTENSION)DeviceObject->DeviceExtension;
lioffset.QuadPart = 512;
//初始化事件
KeInitializeEvent(&event, NotificationEvent, FALSE);
Irp = IoBuildSynchronousFsdRequest(IRP_MJ_READ,
pdx->LowerDeviceObject,
Buffer,
Length,
&lioffset,
&event,
&iostatus);
if(0 == Irp)
{
KdPrint(("IoBuildSynchronousFsdRequest fail! \n"));
return STATUS_INSUFFICIENT_RESOURCES;
}
//发送IRP
ntStatus = IoCallDriver(pdx->LowerDeviceObject, Irp);
//等待事件
if(STATUS_PENDING == ntStatus)
{
KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, 0);
ntStatus = iostatus.Status;
}
if(iostatus.Information == 0)
{
KdPrint(("iostatus.Information == 0 \n"));
goto _end;
}
KdPrint(("iostatus.Information == 0x%x \n", iostatus.Information));
_end:
return ntStatus;
}
京公网安备 11010802033920号
