Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > comp.os.ms-windows.programmer.nt.kernel-mode > #32
| Newsgroups | comp.os.ms-windows.programmer.nt.kernel-mode |
|---|---|
| Date | 2013-06-21 05:52 -0700 |
| Message-ID | <28796398-c5f9-4f53-b3f5-ea66ea88d063@googlegroups.com> (permalink) |
| Subject | List the files of a Directory in Kernel Mode |
| From | Ansh David <ansh1990@gmail.com> |
this is a code i wrote to list files in a directory.....
errors occurred when i included the <ntifs.h> header file to use ZwQueryDirectoryFile()
CODE SNIPPET==============================================================
`#include <wdm.h>
#include <windef.h>
#include <ntddk.h>
#include <Ntifs.h>
#include <fltkernel.h>
//===========================================================================
DRIVER_INITIALIZE DriverEntry;
DRIVER_UNLOAD Unload;
NTSTATUS status, QDFstatus;
//===========================================================================
NTSTATUS DriverEntry(
__in struct _DRIVER_OBJECT *DriverObject,
__in PUNICODE_STRING RegistryPath
)
{
HANDLE hdir;
UNICODE_STRING DirPath = RTL_CONSTANT_STRING( L"\\??\\C:\\" );
OBJECT_ATTRIBUTES objattr = {0};
IO_STATUS_BLOCK iostatusblock = {};
FILE_BOTH_DIR_INFORMATION *pbInfo = NULL;
UINT uSize = sizeof(FILE_BOTH_DIR_INFORMATION);
BOOLEAN bIsStarted = TRUE;
InitializeObjectAttributes(&objattr, &DirPath, OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE, NULL,NULL);
DbgPrint("\n\ndriver loaded");
status = ZwCreateFile(
&hdir,
FILE_LIST_DIRECTORY, // | GENERIC_READ | SYNCHRONIZE, //FILE_LIST_DIRECTORY,
&objattr,
&iostatusblock,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ, //FILE_SHARE_READ,
FILE_OPEN, //FILE_ATTRIBUTE_READONLY,
FILE_DIRECTORY_FILE, // | FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE, //FILE_DIRECTORY_FILE,
NULL,
0
);
if (status != STATUS_SUCCESS)
{
DbgPrint("\nZwCreateFile error::%X", status);
ZwClose(hdir);
goto Break;
goto end;
}
else //parent else
{
DbgPrint("\nZwCreateFile success");
pbInfo = (FILE_BOTH_DIR_INFORMATION*)ExAllocatePoolWithTag(PagedPool, uSize, '0000');
if (pbInfo == NULL)
{
DbgPrint("\npointer to fileinfo failed");
ZwClose(hdir);
goto Break;
}
while(TRUE) //parent while
{
dir_search:
RtlZeroMemory(pbInfo, uSize);
QDFstatus = ZwQueryDirectoryFile(
hdir,
0,
NULL,
NULL,
&iostatusblock,
&pbInfo,
uSize,
FileDirectoryInformation,
FALSE,
NULL,
bIsStarted);
if (QDFstatus == STATUS_BUFFER_OVERFLOW)
{
ExFreePoolWithTag(pbInfo, '000');
uSize = uSize * 2;
pbInfo = (FILE_BOTH_DIR_INFORMATION*)ExAllocatePoolWithTag(PagedPool, uSize, '0000');
if (pbInfo == NULL)
{
DbgPrint("\nQDFstatus pointer to fileinfo failed");
ZwClose(hdir);
return STATUS_NO_MEMORY;
}
goto dir_search;
}
else if( QDFstatus == STATUS_NO_MORE_FILES )
{
DbgPrint("\nno more files in directory");
ExFreePoolWithTag(pbInfo, '000');
ZwClose(hdir);
goto Break;
}
else if( QDFstatus != STATUS_SUCCESS )
{
DbgPrint("\nQDFstatus Failed");
ExFreePoolWithTag(pbInfo, '000');
ZwClose(hdir);
goto Break;
}
if (bIsStarted)
{
bIsStarted = FALSE;
}
DbgPrint("\nFILENAMES IN C://");
while (TRUE) //child while
{
WCHAR *FileName = (WCHAR*)ExAllocatePoolWithTag(PagedPool,(pbInfo->FileNameLength + sizeof(WCHAR)), '0001');
if(FileName)
{
RtlZeroMemory(FileName, (pbInfo->FileNameLength + sizeof(WCHAR)));
RtlCopyMemory(FileName, pbInfo->FileName, pbInfo->FileNameLength);
DbgPrint("\n%s", FileName);
ExFreePoolWithTag(FileName, '000');
if (pbInfo->NextEntryOffset == 0)
{
break;
}
pbInfo += pbInfo->NextEntryOffset;
}
} //child while
} //end parent while
} //end parent else
Break:
end:
DriverObject->DriverUnload = Unload;
return STATUS_SUCCESS;
}
//===========================================================================
VOID Unload(
__in struct _DRIVER_OBJECT *DriverObject
)
{
DbgPrint("\ndriver unloaded");
//return STATUS_SUCCESS;
}
ERRORS==============================================================
C:\simple_driver\driver\driver>build -cefbw
path contains nonexistant d:\embarcadero\rad studio\9.0\bin, removing
path contains nonexistant c:\users\public\documents\rad studio\9.0\bpl, removing
path contains nonexistant d:\embarcadero\rad studio\9.0\bin64, removing
path contains nonexistant c:\users\public\documents\rad studio\9.0\bpl\win64, re
moving
BUILD: Compile and Link for x86
BUILD: Loading c:\winddk\7600.16385.1\build.dat...
BUILD: Computing Include file dependencies:
BUILD: Start time: Thu Jun 20 03:40:02 2013
BUILD: Examining c:\simple_driver\driver\driver directory for files to compile.
c:\simple_driver\driver\driver Invalidating OACR warning log for 'root:x86fr
e'
BUILD: Saving c:\winddk\7600.16385.1\build.dat...
BUILD: Compiling and Linking c:\simple_driver\driver\driver directory
Configuring OACR for 'root:x86fre' - <OACR on>
Compiling - code.c
1>errors in directory c:\simple_driver\driver\driver
1>c:\winddk\7600.16385.1\inc\api\winbase.h(247) : error C2016: C requires that a
struct or union has at least one member
1>c:\winddk\7600.16385.1\inc\api\winbase.h(247) : error C2061: syntax error : id
entifier 'DWORD'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(248) : error C2061: syntax error : id
entifier 'OffsetHigh'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(248) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(249) : error C2059: syntax error : '}
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(251) : error C2059: syntax error : '}
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(254) : error C2059: syntax error : '}
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(258) : error C2061: syntax error : id
entifier 'LPOVERLAPPED'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(259) : error C2365: 'Internal' : rede
finition; previous definition was 'enumerator'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(260) : error C2061: syntax error : id
entifier 'dwNumberOfBytesTransferred'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(260) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(261) : error C2059: syntax error : '}
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(264) : error C2016: C requires that a
struct or union has at least one member
1>c:\winddk\7600.16385.1\inc\api\winbase.h(264) : error C2061: syntax error : id
entifier 'DWORD'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(265) : error C2061: syntax error : id
entifier 'lpSecurityDescriptor'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(265) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(266) : error C2061: syntax error : id
entifier 'bInheritHandle'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(266) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(267) : error C2059: syntax error : '}
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(272) : error C2061: syntax error : id
entifier 'DWORD'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(273) : error C2061: syntax error : id
entifier 'dwThreadId'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(273) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(274) : error C2059: syntax error : '}
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(284) : error C2016: C requires that a
struct or union has at least one member
1>c:\winddk\7600.16385.1\inc\api\winbase.h(284) : error C2061: syntax error : id
entifier 'DWORD'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(285) : error C2061: syntax error : id
entifier 'dwHighDateTime'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(285) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(286) : error C2059: syntax error : '}
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(295) : error C2016: C requires that a
struct or union has at least one member
1>c:\winddk\7600.16385.1\inc\api\winbase.h(295) : error C2061: syntax error : id
entifier 'WORD'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(296) : error C2061: syntax error : id
entifier 'wMonth'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(296) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(297) : error C2061: syntax error : id
entifier 'wDayOfWeek'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(297) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(298) : error C2061: syntax error : id
entifier 'wDay'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(298) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(299) : error C2061: syntax error : id
entifier 'wHour'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(299) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(300) : error C2061: syntax error : id
entifier 'wMinute'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(300) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(301) : error C2061: syntax error : id
entifier 'wSecond'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(301) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(302) : error C2061: syntax error : id
entifier 'wMilliseconds'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(302) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(303) : error C2059: syntax error : '}
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(306) : error C2143: syntax error : mi
ssing ')' before '*'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(306) : error C2143: syntax error : mi
ssing '{' before '*'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(306) : error C2059: syntax error : ')
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(307) : error C2146: syntax error : mi
ssing ')' before identifier 'lpThreadParameter'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(307) : error C2061: syntax error : id
entifier 'lpThreadParameter'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(307) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(308) : error C2059: syntax error : ')
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(309) : error C2061: syntax error : id
entifier 'LPTHREAD_START_ROUTINE'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(309) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(312) : error C2143: syntax error : mi
ssing ')' before '*'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(312) : error C2143: syntax error : mi
ssing '{' before '*'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(312) : error C2059: syntax error : ')
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(313) : error C2146: syntax error : mi
ssing ')' before identifier 'lpFiberParameter'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(313) : error C2061: syntax error : id
entifier 'lpFiberParameter'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(313) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(314) : error C2059: syntax error : ')
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(315) : error C2061: syntax error : id
entifier 'LPFIBER_START_ROUTINE'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(315) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(318) : error C2061: syntax error : id
entifier 'CRITICAL_SECTION'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(318) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(319) : error C2061: syntax error : id
entifier 'PCRITICAL_SECTION'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(319) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(320) : error C2061: syntax error : id
entifier 'LPCRITICAL_SECTION'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(320) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(322) : error C2061: syntax error : id
entifier 'CRITICAL_SECTION_DEBUG'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(322) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(323) : error C2061: syntax error : id
entifier 'PCRITICAL_SECTION_DEBUG'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(323) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(324) : error C2061: syntax error : id
entifier 'LPCRITICAL_SECTION_DEBUG'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(324) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(362) : error C2143: syntax error : mi
ssing ')' before '*'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(362) : error C2143: syntax error : mi
ssing '{' before '*'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(362) : error C2059: syntax error : ')
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(371) : error C2061: syntax error : id
entifier 'InitOnceInitialize'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(371) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(372) : error C2059: syntax error : 't
ype'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(377) : error C2061: syntax error : id
entifier 'WINAPI'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(377) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(380) : error C2146: syntax error : mi
ssing ')' before identifier 'InitFn'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(380) : error C2081: 'PINIT_ONCE_FN' :
name in formal parameter list illegal
1>c:\winddk\7600.16385.1\inc\api\winbase.h(380) : error C2061: syntax error : id
entifier 'InitFn'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(380) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(380) : error C2059: syntax error : ',
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(383) : error C2059: syntax error : ')
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(387) : error C2061: syntax error : id
entifier 'WINAPI'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(387) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(390) : error C2146: syntax error : mi
ssing ')' before identifier 'dwFlags'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(390) : error C2081: 'DWORD' : name in
formal parameter list illegal
1>c:\winddk\7600.16385.1\inc\api\winbase.h(390) : error C2061: syntax error : id
entifier 'dwFlags'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(390) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(390) : error C2059: syntax error : ',
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(393) : error C2059: syntax error : ')
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(397) : error C2061: syntax error : id
entifier 'WINAPI'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(397) : error C2059: syntax error : ';
'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(400) : error C2146: syntax error : mi
ssing ')' before identifier 'dwFlags'
1>c:\winddk\7600.16385.1\inc\api\winbase.h(400) : error C2081: 'DWORD' : name in
formal parameter list illegal
1>c:\winddk\7600.16385.1\inc\api\winbase.h(400) : error C1003: error count excee
ds 100; stopping compilation
Linking Executable - objfre_win7_x86\i386\driver.sys
1>link : error LNK1181: cannot open input file 'c:\simple_driver\driver\driver\o
bjfre_win7_x86\i386\code.obj'
BUILD: Finish time: Thu Jun 20 03:40:04 2013
BUILD: Done
3 files compiled - 4 Warnings - 102 Errors
1 executable built - 1 Error
`
Back to comp.os.ms-windows.programmer.nt.kernel-mode | Previous | Next | Find similar
List the files of a Directory in Kernel Mode Ansh David <ansh1990@gmail.com> - 2013-06-21 05:52 -0700
csiph-web