-
大小: 58KB文件類型: .rar金幣: 2下載: 0 次發(fā)布日期: 2023-12-21
- 語言: Html/CSS
- 標簽: minifilter??透明??加解密??
資源簡介
現(xiàn)在很多做透明加解密的初學者都比較困惑,不知從何下手,我也是如此,從什么都不會開始,慢慢肯文件系統(tǒng)內(nèi)幕,到OSR上面請教,四個月的時間還是收獲頗豐。其實真正研究以后會發(fā)現(xiàn),很多都是體力活,要不斷的去跟蹤文件的操作流程。在這里發(fā)一個基于minifilter的透明加解密的驅(qū)動源碼僅供大家參考,其中也實現(xiàn)了對文件標識的處理,文件標識放在文件尾部。算是拋磚引玉吧。坦白的說,這個代碼并不穩(wěn)定(偶爾與norton殺毒軟件會有沖突),但是我覺得整個流程是正確的,可能有些細節(jié)還沒有考慮清楚,我覺得對初學者還是有一定幫助吧,當然大蝦們可以跳過,呵呵。另外,有關加解密算法的代碼由于不是我寫的,也不好公開,所以我把相關代碼用“\\\”給注釋掉了(但沒有去掉),請大家見諒,不過不會對整個流程產(chǎn)生影響。大家可以重點看一下各個派遣函數(shù)的實現(xiàn)。
歡迎大家拍磚,覺得有點意思就頂一下啊,在看代碼的過程中如果有什么好的建議,也希望能告訴我。
最后非常感謝XiangXiangRen,zzbwang,neak47等網(wǎng)友在這段時間內(nèi)對我的幫助。XiangXiangRen的書以及zzbwang的帖子對我完成這項工作有很大的幫助和參考價值,在此謹與大家分享。
編譯環(huán)境:WDK6001.18002 XP x86
PS: 您可以將附件中的代碼進行修改和轉(zhuǎn)發(fā),但轉(zhuǎn)發(fā)時請注明出處。
http://bbs.driverdevelop.com/htm_data/39/1001/119736.html
代碼片段和文件信息
#include?“cache.h“
#include?“file.h“
void?Cc_ClearFileCache(PFILE_object?Fileobject?BOOLEAN?bIsFlushCache?PLARGE_INTEGER?FileOffset?ULONG?Length)
{
BOOLEAN?PurgeRes?;
BOOLEAN?ResourceAcquired?=?FALSE?;
BOOLEAN?PagingIoResourceAcquired?=?FALSE?;
PFSRTL_COMMON_FCB_HEADER?Fcb?=?NULL?;
LARGE_INTEGER?Delay50Milliseconds?=?{(ULONG)(-50?*?1000?*?10)?-1};
IO_STATUS_BLOCK?IoStatus?=?{0}?;
if?((Fileobject?==?NULL))
{
return?;
}
????Fcb?=?(PFSRTL_COMMON_FCB_HEADER)Fileobject->FsContext?;
if?(Fcb?==?NULL)
{
return?;
}
Acquire:
FsRtlEnterFileSystem()?;
if?(Fcb->Resource)
ResourceAcquired?=?ExAcquireResourceExclusiveLite(Fcb->Resource?TRUE)?;
if?(Fcb->PagingIoResource)
PagingIoResourceAcquired?=?ExAcquireResourceExclusive(Fcb->PagingIoResourceFALSE);
else
PagingIoResourceAcquired?=?TRUE?;
if?(!PagingIoResourceAcquired)
{
if?(Fcb->Resource)??ExReleaseResource(Fcb->Resource);
FsRtlExitFileSystem();
KeDelayExecutionThread(KernelModeFALSE&Delay50Milliseconds);
goto?Acquire;
}
if(Fileobject->SectionobjectPointer)
{
IoSetTopLevelIrp(?(PIRP)FSRTL_FSP_TOP_LEVEL_IRP?);
if?(bIsFlushCache)
{
CcFlushCache(?Fileobject->SectionobjectPointer?FileOffset?Length?&IoStatus?);
}
if(Fileobject->SectionobjectPointer->ImageSectionobject)
{
MmFlushImageSection(
Fileobject->SectionobjectPointer
MmFlushForWrite
)?;
}
if(Fileobject->SectionobjectPointer->DataSectionobject)
{?
PurgeRes?=?CcPurgeCacheSection(?Fileobject->SectionobjectPointer
NULL
0
FALSE?);????????????????????????????????????????????????????
}
??????????????????????????????????????
IoSetTopLevelIrp(NULL);???????????????????????????????????
}
if?(Fcb->PagingIoResource)
ExReleaseResourceLite(Fcb->PagingIoResource?);???????????????????????????????????????
if?(Fcb->Resource)
ExReleaseResourceLite(Fcb->Resource?);?????????????????????
FsRtlExitFileSystem()?;
} ?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
?????文件?????????13??2010-01-18?14:39??encryption_on-the-fly\Build.txt
?????文件???????2015??2010-01-18?14:07??encryption_on-the-fly\engine\cache.c
?????文件????????222??2010-01-18?10:36??encryption_on-the-fly\engine\cache.h
?????文件???????3498??2010-01-18?14:36??encryption_on-the-fly\engine\common.h
?????文件???????5759??2010-01-18?14:08??encryption_on-the-fly\engine\ctx.c
?????文件???????1186??2010-01-18?14:04??encryption_on-the-fly\engine\ctx.h
?????文件???????2481??2010-01-18?11:55??encryption_on-the-fly\engine\engine.inf
?????文件????????266??2009-08-19?09:48??encryption_on-the-fly\engine\engine.rc
?????文件??????14969??2010-01-18?14:09??encryption_on-the-fly\engine\file.c
?????文件???????3744??2010-01-18?10:38??encryption_on-the-fly\engine\file.h
?????文件?????121786??2008-01-19?13:16??encryption_on-the-fly\engine\fltKernel.h
?????文件???????1975??2010-01-18?14:35??encryption_on-the-fly\engine\key.c
?????文件????????528??2010-01-18?14:06??encryption_on-the-fly\engine\key.h
?????文件??????74208??2010-01-18?14:33??encryption_on-the-fly\engine\main.c
?????文件???????9158??2010-01-18?10:43??encryption_on-the-fly\engine\main.h
?????文件????????399??2009-10-11?09:40??encryption_on-the-fly\engine\makefile
?????文件???????4882??2010-01-18?14:10??encryption_on-the-fly\engine\message.c
?????文件????????861??2010-01-18?10:56??encryption_on-the-fly\engine\message.h
?????文件??????20007??2010-01-18?10:53??encryption_on-the-fly\engine\process.c
?????文件???????2227??2010-01-18?10:44??encryption_on-the-fly\engine\process.h
?????文件????????324??2010-01-18?10:31??encryption_on-the-fly\engine\sources
?????目錄??????????0??2010-01-18?14:39??encryption_on-the-fly\engine
?????文件????????944??2010-01-18?11:18??encryption_on-the-fly\include\error.h
?????文件???????3700??2010-01-18?14:06??encryption_on-the-fly\include\interface.h
?????文件???????1835??2010-01-18?10:41??encryption_on-the-fly\include\iocommon.h
?????目錄??????????0??2010-01-18?14:37??encryption_on-the-fly\include
?????目錄??????????0??2010-01-18?14:39??encryption_on-the-fly
-----------?---------??----------?-----??----
???????????????276987????????????????????27
............此處省略0個文件信息
- 上一篇:24口交換機源碼
- 下一篇:flutter移動電商實戰(zhàn).zip
評論
共有 條評論
川公網(wǎng)安備 51152502000135號