我想隐藏文件(在我的程序中)。我决定使用NtQueryDirectoryFile。但文件没有隐藏,代码不起作用。我没有使用驱动程序,我使用用户模式。请有人帮帮我吗?
代码段:
typedef NTSTATUS (WINAPI * NTQUERYDIRECTORYFILE) (IN HANDLE FileHandle,IN HANDLE Event OPTIONAL,IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,IN PVOID ApcContext OPTIONAL,OUT PIO_STATUS_BLOCK IoStatusBlock,OUT PVOID FileInformation,IN ULONG FileInformationLength,IN MYFILE_INFORMATION_CLASS FileInformationClass,IN BOOLEAN ReturnSingleEntry,IN PUNICODE_STRING FileName OPTIONAL,IN BOOLEAN RestartScan);
NTQUERYDIRECTORYFILE OriginalNtQueryDirectoryFile;
#define STATUS_NO_SUCH_FILE 0xC000000F
NTSTATUS
HookedNtQueryDirectoryFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG FileInformationLength,
IN MYFILE_INFORMATION_CLASS FileInformationClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartScan)
{
NTSTATUS status = OriginalNtQueryDirectoryFile(FileHandle,Event,ApcRoutine,ApcContext,IoStatusBlock,FileInformation,FileInformationLength,FileInformationClass,ReturnSingleEntry,FileName,RestartScan);
vector<wstring> listDataForHidding;
listDataForHidding.push_back(L"afile.txt");
listDataForHidding.push_back(L"bfile.txt");
listDataForHidding.push_back(L"cfile.txt");
listDataForHidding.push_back(L"dfile.txt");
if (NT_SUCCESS(status))
{
PMYFILE_DIRECTORY_INFORMATION FileDirectoryInfo, LastFileDirectoryInfo;
PMYFILE_FULL_DIR_INFORMATION LastFileFullDirectoryInfo, FileFullDirectoryInfo;
PMYFILE_BOTH_DIR_INFORMATION LastFileBothDirectoryInfo, FileBothDirectoryInfo;
PMYFILE_NAMES_INFORMATION LastFileNamesInfo, FileNamesInfo;
ULONG Offset = 0;
BOOL bNeedHide = FALSE;
switch (FileInformationClass)
{
case FileDirectoryInformation :
FileDirectoryInfo = NULL;
do
{
//FileDirectoryInfo = (PVOID)((ULONG)FileInformation + Offset);
FileDirectoryInfo = (PMYFILE_DIRECTORY_INFORMATION)((ULONG)FileInformation + Offset);
LastFileDirectoryInfo = FileDirectoryInfo;
wstring wstrCurrFileName = FileDirectoryInfo->FileName;
bNeedHide = FALSE;
for(size_t index = 0; index < listDataForHidding.size(); index ++)
{
if(wstrCurrFileName.find(listDataForHidding[index]) != wstring::npos)
{
bNeedHide = TRUE;
break;
}
}
//if (FileDirectoryInfo->FileName[0] == 0x5F00)
if(bNeedHide == TRUE)
{
if (!FileDirectoryInfo->NextEntryOffset)
{
if (LastFileDirectoryInfo) LastFileDirectoryInfo->NextEntryOffset = 0;
else status = STATUS_NO_SUCH_FILE;
return status;
} else
if (LastFileDirectoryInfo) LastFileDirectoryInfo->NextEntryOffset += FileDirectoryInfo->NextEntryOffset;
}
Offset += FileDirectoryInfo->NextEntryOffset;
} while (FileDirectoryInfo->NextEntryOffset);
break;
case FileFullDirectoryInformation :
FileFullDirectoryInfo = NULL;
do
{
LastFileFullDirectoryInfo = FileFullDirectoryInfo;
//FileFullDirectoryInfo = (PVOID)((ULONG)FileInformation + Offset);
FileFullDirectoryInfo = (PMYFILE_FULL_DIR_INFORMATION)((ULONG)FileInformation + Offset);
wstring wstrCurrFileName = FileDirectoryInfo->FileName;
bNeedHide = FALSE;
for(size_t index = 0; index < listDataForHidding.size(); index ++)
{
if(wstrCurrFileName.find(listDataForHidding[index]) != wstring::npos)
{
bNeedHide = TRUE;
break;
}
}
//if (FileFullDirectoryInfo->FileName[0] == 0x5F00)
if(bNeedHide == TRUE)
{
if (!FileFullDirectoryInfo->NextEntryOffset)
{
if (LastFileFullDirectoryInfo) LastFileFullDirectoryInfo->NextEntryOffset = 0;
else status = STATUS_NO_SUCH_FILE;
return status;
} else
if (LastFileFullDirectoryInfo) LastFileFullDirectoryInfo->NextEntryOffset += FileFullDirectoryInfo->NextEntryOffset;
}
Offset += FileFullDirectoryInfo->NextEntryOffset;
} while (FileFullDirectoryInfo->NextEntryOffset);
break;
case FileBothDirectoryInformation :
FileBothDirectoryInfo = NULL;
do
{
LastFileBothDirectoryInfo = FileBothDirectoryInfo;
//FileBothDirectoryInfo = (PVOID)((ULONG)FileInformation + Offset);
FileBothDirectoryInfo = (PMYFILE_BOTH_DIR_INFORMATION)((ULONG)FileInformation + Offset);
wstring wstrCurrFileName = FileDirectoryInfo->FileName;
bNeedHide = FALSE;
for(size_t index = 0; index < listDataForHidding.size(); index ++)
{
if(FileBothDirectoryInfo->FileNameLength > 1 && wstrCurrFileName.find(listDataForHidding[index]) != wstring::npos)
{
bNeedHide = TRUE;
break;
}
}
//if (FileBothDirectoryInfo->FileNameLength > 1 && FileBothDirectoryInfo->FileName[0] == 0x5F00)
if(bNeedHide == TRUE)
{
if (!FileBothDirectoryInfo->NextEntryOffset)
{
if (LastFileBothDirectoryInfo) LastFileBothDirectoryInfo->NextEntryOffset = 0;
else status = STATUS_NO_SUCH_FILE;
return status;
} else
if (LastFileBothDirectoryInfo) LastFileBothDirectoryInfo->NextEntryOffset += FileBothDirectoryInfo->NextEntryOffset;
}
Offset += FileBothDirectoryInfo->NextEntryOffset;
} while (FileBothDirectoryInfo->NextEntryOffset);
break;
case FileNamesInformation :
FileNamesInfo = NULL;
do
{
LastFileNamesInfo = FileNamesInfo;
//FileNamesInfo = (PVOID)((ULONG)FileInformation + Offset);
FileNamesInfo = (PMYFILE_NAMES_INFORMATION)((ULONG)FileInformation + Offset);
wstring wstrCurrFileName = FileDirectoryInfo->FileName;
bNeedHide = FALSE;
for(size_t index = 0; index < listDataForHidding.size(); index ++)
{
if(wstrCurrFileName.find(listDataForHidding[index]) != wstring::npos)
{
bNeedHide = TRUE;
break;
}
}
//if (FileNamesInfo->FileName[0] == 0x5F00)
if(bNeedHide == TRUE)
{
if (!FileNamesInfo->NextEntryOffset)
{
if(LastFileNamesInfo) LastFileNamesInfo->NextEntryOffset = 0;
else status = STATUS_NO_SUCH_FILE;
return status;
} else
if (LastFileNamesInfo) LastFileNamesInfo->NextEntryOffset += FileNamesInfo->NextEntryOffset;
}
Offset += FileNamesInfo->NextEntryOffset;
} while (FileNamesInfo->NextEntryOffset);
break;
}
}
return status;
}