Implement FileCopy (RING0 x86 x64)

1.1The kernel does not accept a string file path and must fill in a object_attributes structure. This structure, initialized in initializeobjectattributes typedefstruct_object_attributes {ULONG Length;  HANDLE rootdirectory;                Punicode_string ObjectName; //PathULONG Attributes;  PVOID SecurityDescriptor; PVOID Securityqualityofservice;} Object_attributes,*pobject_attributes;typedef CONST object_attributes*pcobject_attributes;                            VOID initializeobjectattributes (out Pobject_attributes initializedattributes, in Punicode_string ObjectName, //PathIn ULONG Attributes,//obj_case_insensitive| Obj_kernel_handle Ignore case | Open kernel handlein HANDLE rootdirectory, in Psecurity_descriptor securitydescriptor//The kernel handle is opened to null    ); NTSTATUS ZwCreateFile (__out phandle filehandle, __in access_mask desiredaccess, //permission to apply Generic_all__in pobject_attributes objectattributes, __out pio_status_block Iostatusblock,//__in_opt Plarge_integer allocationsize, __in ulong fileattributes, __in ulong shareaccess, __in ULONG Createdisposition, __in ulong createoptions, __in_opt PVOID eabuffer, __in ulong ealength); if createoption s with file_no_intermediate_buffering createoptions means that the disk is not directly manipulated through the buffer, so each operation reads and writes must be aligned with the disk sector size (typically 512 bytes), otherwise an error is returned, the typedef struct_io_status_block {union {NTSTATUS STATUS; //success is status_successPVOID Pointer;    } dummyunionname;            ULONG_PTR Information; //more information to return} io_status_block, *Pio_status_block; NTSTATUS zwreadfile (in HANDLE filehandle, in HANDLE Event OPTIONAL,//when used for asynchronous completionIn Pio_apc_routine Apcroutine OPTIONAL,//callback routines when asynchronous completionIn PVOID apccontext OPTIONAL, out Pio_status_block Iostatusblock, out PVOID Buffer, //buffersIn ULONG Length,//buffer lengthIn Plarge_integer Byteoffset OPTIONAL,//in Pulong Key OPTIONAL); the actual length of the read is read in Iostatusblock.information return status_end_of_file NTSTATUS zwwrite File (in HANDLE filehandle, in HANDLE Event OPTIONAL, in Pio_apc_routine apcroutine OPTIONAL, in PVOID A Pccontext OPTIONAL, out Pio_status_block iostatusblock, in PVOID Buffer, in ULONG Length, in Plarge_intege R Byteoffset OPTIONAL, in Pulong Key OPTIONAL);

Here is the implementation code:

/**************************************************************************************** author:icqw* DATE: 2015-7-30* module:fileoption.h** Ioctrl Sample driver** description:* demonstrates communications between USER an D kernel.****************************************************************************************** Copyright (C) icqw.****************************************************************************************/#ifndef Cxx_fileoption_h#defineCxx_fileoption_h#include<ntifs.h>#include<devioctl.h>NTSTATUS driverentry (in Pdriver_object pdriverobj, in punicode_string pregistrystring); VOID driverunload (in Pdriver_object pdriverobj); HANDLE OpenFile (WCHAR*Wzfilepath); NTSTATUS ReadFile (HANDLE Hfile,char*Szbuffer,pulong Ullength,plarge_integer Offset); NTSTATUS WriteFile (HANDLE Hfile,char*Szbuffer,pulong Ullength,plarge_integer Offset); NTSTATUS FileCopy (WCHAR* wzdest,wchar*wzsour);#endif

#ifndef cxx_fileoption_h# include"FileOption.h"#endifntstatusdriverentry (in Pdriver_object driverobject, in punicode_string pregisterpath) {NTSTATUS status=status_success;//#if DBG//_asm int 3// //#endifDriverobject->driverunload =Driverunload; FileCopy (L"\\?? \\d:\\dest.txt", L"\\?? \\d:\\sour.txt"); Dbgprint ("[fileoption] DriverEntry success\r\n"); returnstatus_success;} NTSTATUS FileCopy (WCHAR* wzdest,wchar*wzsour) {HANDLE Hsourfile=OpenFile (Wzsour); HANDLE Hdestfile=OpenFile (wzdest); ULONG Ullength=0; CHAR* Szbuffer =NULL; NTSTATUS Status=status_unsuccessful; Large_integer Offset=    {0}; if(hsourfile==null| | hdestfile==NULL) {        returnstatus_unsuccessful; } szbuffer=    (Char*) ExAllocatePool (NonPagedPool,4*1024x768+1);  while(TRUE) {rtlzeromemory (szbuffer,4*1024x768+1); Ullength=4*1024x768; //ReadStatus =ReadFile (Hsourfile, Szbuffer,&Ullength,&Offset); if(!nt_success (Status)) {                 Break; }        //WriteStatus =WriteFile (Hdestfile, Szbuffer,&Ullength,&Offset); if(!nt_success (Status)) {             Break; }} dbgprint ("Copy success!");    Zwclose (Hsourfile);    Zwclose (Hdestfile); returnstatus_success;} HANDLE OpenFile (WCHAR*Wzfilepath)    {unicode_string uniname;    Object_attributes Ob; HANDLE hfile=NULL; NTSTATUS Status=status_unsuccessful; Io_status_block IoStatus=    {0}; Rtlinitunicodestring (&Uniname,wzfilepath); Initializeobjectattributes (&Ob,&Uniname, Obj_case_insensitive|obj_kernel_handle, NULL, NULL); Status= ZwCreateFile (&hfile, Generic_all|SYNCHRONIZE,&Ob,&IoStatus, NULL, File_attribute_normal, File_share_read, file_open_if, File_non_directory_file|file_random_access|File_synchronous_io_nonalert, NULL, 0); if(!nt_success (Status)) {        returnNULL; }    returnhfile;}//read the file ullength to read the actual lengthNTSTATUS ReadFile (HANDLE hfile,char*Szbuffer,pulong Ullength,plarge_integer Offset) {    //here withNTSTATUS Status =status_unsuccessful; Io_status_block IoStatus=    {0}; Status=zwreadfile (hfile, NULL, NULL, NUL L,&IoStatus, Szbuffer,*ullength, Offset, NULL); if(!nt_success (Status)) {        //status==status_end_of_file)                returnstatus_unsuccessful; }    *ullength =IoStatus.Information; returnStatus;;}//Write a fileNTSTATUS WriteFile (HANDLE hfile,char*Szbuffer,pulong Ullength,plarge_integer Offset) {NTSTATUS Status=status_unsuccessful; Io_status_block IoStatus=    {0}; Status=zwwritefile (hfile, NULL, NULL, NU LL,&IoStatus, Szbuffer,*ullength, Offset, NULL); if(!nt_success (Status)) {        returnstatus_unsuccessful;//!!!!    }    (*offset). QuadPart + = *ullength;//Offset Move    returnStatus;;} Voiddriverunload (in Pdriver_object pdriverobj) {dbgprint ("[fileoption] Unloaded success\r\n"); return;}

Implement FileCopy (RING0 x86 x64)