?? fstpm.h
字號:
/*++
Copyright (c) 2004 By LiGen , All right reserved
Module Name:
fstpm.h
Abstract:
head file of fstpm.cpp
Environment:
Windows XP, Compiler Ver > 13.00
Notes:
Revision History:
created: 16:7:2004
Author:
李根 13574849558@hnmcc.com
--*/
#ifndef FSTPM_H
#define FSTPM_H
extern "C"{
#include <NTDDK.h>
#include "ntifs.h"
#include <stdio.h>
}
#define TAGS 'mpt'
#define BYTE unsigned char
#define WORD unsigned short
#define BOOL LONG
// #define DBGHEAD() FsTPM_DbgPrint("FileSpy %s %s:%d -> :",__FUNCDNAME__,__FILE__,__LINE__)
#define DBGHEAD() KdPrint(("FsTPM %s:%d -> :",__FILE__ ,__LINE__ ))
#define FsTPM_DbgPrint(x) DBGHEAD();KdPrint(x)
// define our device types
typedef enum {
GUIINTERFACE,
STANDARD,
NPFS,
MSFS,
} FSTPM_DEVICE_TYPE, *PFSTPM_DEVICE_TYPE;
typedef struct _VCB{
PDEVICE_OBJECT RealDevice;
PDEVICE_OBJECT NextLowerDevice;
PVPB pVpb;
}VCB,*PVCB;
//
// A structure representing the instance information associated with
// a particular device
//
typedef struct _DEVICE_EXTENSION{
FSTPM_DEVICE_TYPE Type;
unsigned char LogicalDrive;
BOOLEAN Hooked;
VCB Vcb;
PDRIVER_OBJECT thisDriver;
} HOOK_EXTENSION, *PHOOK_EXTENSION;
#define MASK_ENCRYPT_PROTECT 0x1
#define MASK_STATIC_PROTECT 0x2
#define MASK_CHECK_PROTECT 0x4
#define IS_ENCRYPT_PROTECT(x) ((x) & MASK_ENCRYPT_PROTECT)
#define IS_STATIC_PROTECT(x) ((x) & MASK_STATIC_PROTECT)
#define IS_CHECK_PROTECT(x) ((x) & MASK_CHECK_PROTECT)
#define SET_ENCENCRYPT_PROTECT(x) ((x) | MASK_ENCRYPT_PROTECT)
#define SET_STATIC_PROTECT(x) ((x) | MASK_STATIC_PROTECT)
#define SET_CHECK_PROTECT(x) ((x) | MASK_CHECK_PROTECT)
#define CLEAR_ENCENCRYPT_PROTECT(x) ((x) & (~MASK_ENCRYPT_PROTECT))
#define CLEAR_STATIC_PROTECT(x) ((x) & (~MASK_STATIC_PROTECT))
#define CLEAR_CHECK_PROTECT(x) ((x) & (~MASK_CHECK_PROTECT))
#define HASH_LENGTH 20 // hash值的長度,以Byte為單位
typedef enum _ENCRYPTED_STATUS {
NotChecked, // 表示還沒有進行過是否是加密文件的檢查
Encrypted, // 表示已經進行過加密文件檢查,并確認已經加過密
NotEncrypted // 表示已經進行過加密文件檢查,并確認還沒有進行加密
}ENCRYPTED_STATUS;
//
// Maximum path length of pathname. This is larger than Win32 maxpath
// because network drives have leading paths
//
#define MAXPATHLEN 256
//
// 受保護文件的結構
//
typedef struct _FILE_PROTECT_LIST_ITEM* PFILE_PROTECT_LIST_ITEM;
typedef struct _FILE_PROTECT_LIST_ITEM
{
WCHAR ProtectedFileName[MAXPATHLEN];
LONG ProtectedFlag; // 保存一個掩碼值,表示對受保護的文件采用何種保護方法
BYTE Hash[ HASH_LENGTH ]; // 160bits Hash值
ENCRYPTED_STATUS Encrypted_Check_Status;
LONG FileRealLength; // 文件經過加密后,文件長度有可能變長,故,我們得維護真實的文件長度
}FILE_PROTECT_LIST_ITEM;
#define MAX_LIST_ITEM_NUM 100
typedef struct _TLIST
{
PFILE_PROTECT_LIST_ITEM *head;
ULONG MaxNum;
ULONG Count;
FAST_MUTEX mutex;
}TLIST, *PTLIST;
#include "List.h"
#define ENCRYPT_KEY_MAX_LENGTH 256
//
// 驅動程序控制塊,標示當前驅動的保護狀態
//
typedef struct _FSTPM_CONTROL_BLOCK
{
TLIST FileProtectList;
BOOL EnableEncryptProtect;
BOOL EnableStaticProtect;
BOOL EnableCheckProtect;
BYTE EncryptKey[ ENCRYPT_KEY_MAX_LENGTH ];
ULONG KeyLength;
}FSTPM_CONTROL_BLOCK, *PFSTPM_CONTROL_BLOCK;
//
// Max length of NT process name
//
#define NT_PROCNAMELEN 256
#define SYSNAME "System"
//
// define max tranfer size at a time
#define MAX_TRANSFER_SIZE (0x10000)
NTSTATUS CreateDevice (
IN PDRIVER_OBJECT pDriverObject
) ;
VOID FsTPMUnload (
IN PDRIVER_OBJECT pDriverObject
) ;
NTSTATUS
FsTPMDispatch(
IN PDEVICE_OBJECT pDeviceObject,
IN PIRP pIrp
);
VOID
ReadParamFromReg (
IN PUNICODE_STRING RegistryPath,
IN PDRIVER_OBJECT DriverObject
);
extern "C"{
NTSYSAPI
NTSTATUS
NTAPI
NtClose(
IN HANDLE Handle
);
NTKERNELAPI
NTSTATUS
SeDeleteAccessState(
IN PACCESS_STATE AccessState
);
}
#endif
extern "C"{
#include "Controlcode.h"
#include "HookDevice.h"
#include "DebugPrint.h"
#include "FASTIO.h"
#include "FSTPMString.h"
#include "Global.h"
#include "SpecialIOFunction.h"
#include "hash.h"
#include "Create.h"
#include "Setinformation.h"
#include "write.h"
#include "read.h"
#include "queryInformation.h"
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -