[第一部分]取全路徑
以下是獲取全路徑的所有函式【string操作參見字串操作的乙個庫unicode.lib】
//// record: add by lwf :07-07-25
// purpose: get symbolic target unicode string
//pvoid
spygetsymbolicunistr(
punicode_string symbolic
)rtlinitemptyunicodestring(&target, buf, 8 * sizeof(wchar));
status = zwquerysymboliclinkobject(
linkhandle,
&target,
&length);
if( status == status_buffer_too_small)
rtlinitemptyunicodestring( &target, dbuf, length + 2);
status = zwquerysymboliclinkobject(
linkhandle,
&target,
&length);
}if(nt_success(status))
if(null != dbuf)
zwclose(linkhandle);
return targetret;}//
// record: add by lwf :07-07-25
// purpose: get dos name
//pvoid
spygetsymbolictarget(
wchar* symbolic
)sym = allocstrwithwidestr(symbolic);
if( null == sym )
ret = spygetsymbolicunistr(getstrunistr(sym));
freestr(sym);
return ret;}//
// record: add by lwf :07-07-24
// purpose: get dos name
//pvoid
spyvolumenametodosname(
wchar* name);
unicode_string volname;
wchar c;
if(null == name)
rtlinitunicodestring(&volname, name);
for( c = l'a' ; c < ('z'+1); ++c )
if(mytarget != null)
}if(c == 'z'+1)
else
}//// record: add by lwf :07-07-24
// purpose: get dos name
//pvoid
spyqueryobjname(
pvoid obj
)else}//
// record: add by lwf :07-07-24
// purpose: get dos name
//pvoid
spygetdosname(
pdevice_object dev
)ret = spyvolumenametodosname(getstrbuf(volname));
freestr(volname);
return ret;}//
// record: add by lwf :07-07-24
// purpose: get volume name
//ntstatus
spygetvolumename(
pfile_object fileobject,
punicode_string volname
)rtlcopyunicodestring(volname,getstrunistr(pdosname) );
freestr(pdosname);
return status; }//
// record: add by lwf :07-07-23
// purpose: get object name
//void
spygetobjectname(
pvoid obj,
punicode_string name
)else
}//// record: add by lwf : 07-07-23
// purpose: get file name
//ntstatus
spygetfilename(
in pfile_object fileobject,
punicode_string name
)len = temp.length / sizeof(wchar);
p = temp.buffer;
p = wcschr( (const wchar*)(((unicode_string*)(&temp))->buffer), l'//');
if( p == null || ++p >= ((unicode_string*)(&temp))->buffer + len)
p = wcschr( p, l'//');
if( p == null || ++p >= ((unicode_string*)(&temp))->buffer + len)
p = wcschr( p, l'//');
if( p == null || (p+1) >= ((unicode_string*)(&temp))->buffer + len)
if(name->maximumlength <= wcslen( p )*sizeof(wchar))
name->length = wcslen( p ) * sizeof(wchar);
wcscpy( name->buffer , p);
return true;
}[第二部分]在何處取
由於在create irp時,收到的請求是最真實的(沒有被篡改過),因此我們在spycreate完成時呼叫取全路徑函式,達到獲取全路徑的目的
ntstatus
spycreate (
in pdevice_object deviceobject,
in pirp irp
)assert( is_filespy_device_object( deviceobject ) );
keinitializeevent( &waitevent, notificationevent, false );
iocopycurrentirpstacklocationtonext( irp );
iosetcompletionroutine(
irp,
spycreatecompletion,
&waitevent,
true,
true,
true );
status = iocalldriver(((pfilespy_device_extension)deviceobject->deviceextension)->nlextheader.attachedtodeviceobject,
irp );
if (status_pending == status)
assert(kereadstateevent(&waitevent) ||
!nt_success(irp->iostatus.status));
fileobject = irpsp->fileobject;
block = spygetfullpath(fileobject);
pdbgstr =unicodetoansi(getstrunistr(block));
dprintf("[filespy.sys]majorfunction:spycreate: [%s]", pdbgstr);
freestr(block);
status = irp->iostatus.status;
iocompleterequest( irp, io_no_increment );
return status;
}[第三部分]中文列印
寫個支援中文的列印函式
由於dbgprint遇到中文字元的unicode_string時會截斷,因此我們轉成ansi_string裡列印
pchar unicodetoansi (
in punicode_string punicodestring
)//string的buffer不為空
if(punicodestring->buffer == null)
dbgstr.length = 0;
dbgstr.maximumlength = max_length;
rtlzeromemory(dbgstr.buffer, max_length);
//轉buffer
獲取模組檔案路徑名
獲取模組檔案路徑名 static bool getmodulepathname cstdstring strmodulepathname zeromemory szdrive,sizeof szdrive zeromemory szdir,sizeof szdir zeromemory szfile...
Python 獲取路徑名和檔名
os.path.dirname 和os.path.abspath 的區別 dirname是獲取的檔案所在目錄的路徑 abspath是獲取的檔案的絕對路徑 但是,當dirname括號內是相對路徑的時候,他返回是空,什麼都沒有 而如果abspath執行的話,如果檔案在當前目錄下有,他就返回,如果沒有,他...
python 檔案路徑名,檔名,字尾名的操作
需要使用路徑名來獲取檔名,目錄名,絕對路徑等等。使用os.path 模組中的函式來操作路徑名。下面是乙個互動式例子來演示一些關鍵的特性 import os path users beazley data data.csv get the last component of the path os.p...