來自:
https://blog.csdn.net/apxar/article/details/10517475
有倆個問題 第一參數一定要用UNICODE_STRING或者PUNICODE_STRING(這裏第一個爲什麼沒變因爲那是我自己創建路徑本來用的是wchar就不會出現錯)原因會拷貝時出現在亂拷貝如一個目錄有xxx.exe xxx.exe* 它有可能找不到文件有可能拷貝的是後面那個因爲傳進來的有亂碼它匹配哪個是哪個沒匹配到報0xc00000033 第二讀文件權限太多 讀文件GENERIC_ALL權限修改成GENERIC_READ 寫修改成對應的文件。
第一個問題截圖 (把0大小的文件刪除又會拷貝成功 同時是概率性的 說明是亂碼問題概率性匹配 )
第二就是直接打開失敗
修改後 也可以第一個參數也修改
BOOLEAN MyZwCopyFile(PCWSTR desFile, UNICODE_STRING srcFile)
{
HANDLE readFileHandle;
HANDLE writeFileHandle;
OBJECT_ATTRIBUTES ObjectAttributes;
OBJECT_ATTRIBUTES ObjectAttributes1;
UNICODE_STRING readFilePath = srcFile;
UNICODE_STRING writeFilePath;
IO_STATUS_BLOCK IoStatusBlock;
NTSTATUS status;
PVOID saveBuffer = NULL;
LARGE_INTEGER byteOffset;
ULONG length = 0;
byteOffset.QuadPart = 0;
//RtlInitUnicodeString(&readFilePath, srcFile);
RtlInitUnicodeString(&writeFilePath, desFile);
saveBuffer = ExAllocatePoolWithTag(PagedPool, 1000, "tag1");
InitializeObjectAttributes(&ObjectAttributes, &readFilePath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
InitializeObjectAttributes(&ObjectAttributes1, &writeFilePath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
status = ZwCreateFile(&readFileHandle, GENERIC_READ, &ObjectAttributes, &IoStatusBlock, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ, FILE_OPEN_IF, FILE_NON_DIRECTORY_FILE | FILE_RANDOM_ACCESS | FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
if (!NT_SUCCESS(status))
{
DbgPrint("ZwCreateFile readFileHandle failed and status is 0X%x , filepath %S\n" ,status, srcFile);
DbgPrint("ZwCreateFile readFileHandle failed and status is 0X%x , filepath %ws\n", status, srcFile);
DbgPrint("ZwCreateFile readFileHandle failed and status is 0X%x , filepath %wZ\n", status, srcFile);
if (readFileHandle != NULL)
ZwClose(readFileHandle);
if (saveBuffer != NULL)
ExFreePool(saveBuffer);
return FALSE;
}
status = ZwCreateFile(&writeFileHandle, GENERIC_WRITE, &ObjectAttributes1, &IoStatusBlock, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ, FILE_OPEN_IF, FILE_NON_DIRECTORY_FILE | FILE_RANDOM_ACCESS | FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
if (!NT_SUCCESS(status))
{
if (readFileHandle != NULL)
ZwClose(readFileHandle);
if (writeFileHandle != NULL)
ZwClose(writeFileHandle);
if (saveBuffer != NULL)
ExFreePool(saveBuffer);
DbgPrint("writeFileHandle failed and status is 0X%x ,filepath %S\n", status, desFile);
DbgPrint("writeFileHandle failed and status is 0X%x ,filepath %ws\n", status, desFile);
DbgPrint("writeFileHandle failed and status is 0X%x ,filepath %wZ\n", status, desFile);
return FALSE;
}
do
{
length = 1000;
status = ZwReadFile(readFileHandle, NULL, NULL, NULL, &IoStatusBlock, saveBuffer, length, &byteOffset, NULL);//讀取數據
if (!NT_SUCCESS(status))
{
if (status == STATUS_END_OF_FILE)
DbgPrint("ZwReadFile readFileHandle read File End");
if (readFileHandle != NULL)
ZwClose(readFileHandle);
if (writeFileHandle != NULL)
ZwClose(writeFileHandle);
if (saveBuffer != NULL)
ExFreePool(saveBuffer);
return FALSE;
}
length = IoStatusBlock.Information;
status = ZwWriteFile(writeFileHandle, NULL, NULL, NULL, &IoStatusBlock, saveBuffer, length, &byteOffset, NULL);
if (!NT_SUCCESS(status))
{
DbgPrint("ZwWriteFile writeFileHandle Can not write File ");
if (readFileHandle != NULL)
ZwClose(readFileHandle);
if (writeFileHandle != NULL)
ZwClose(writeFileHandle);
if (saveBuffer != NULL)
ExFreePool(saveBuffer);
return FALSE;
}
byteOffset.QuadPart += length;
} while (1);
if (readFileHandle != NULL)
ZwClose(readFileHandle);
if (writeFileHandle != NULL)
ZwClose(writeFileHandle);
if (saveBuffer != NULL)
ExFreePool(saveBuffer);
return TRUE;
}