OBJECT_ATTRIBUTES oaBackup;// Initialize object attributes for the backup f

1. OBJECT_ATTRIBUTES oaBackup;
2. // Initialize object attributes for the backup file
3. InitializeObjectAttributes(
4. &oaBackup,
5. &backupPath, // backupPath contains the right string
6. OBJ_KERNEL_HANDLE,
7. NULL,
8. NULL
9. );
10.  
11. // Create backup file
12. status = FltCreateFile(
13. Globals.Filter,
14. FltObjects->Instance,
15. &backupHandle,
16. FILE_WRITE_DATA,
17. &oaBackup,
18. &iosbBackup,
19. NULL,
20. FILE_ATTRIBUTE_NORMAL,
21. (ULONG) 0,
22. FILE_SUPERSEDE,
23. FILE_NON_DIRECTORY_FILE,
24. NULL,
25. (ULONG) 0,
26. IO_IGNORE_SHARE_ACCESS_CHECK
27. );
28. // If the creation fails with error STATUS_OBJECT_PATH_NOT_FOUND this means that the
29. // folder does not exists. Create the folder
30. if (status == STATUS_OBJECT_PATH_NOT_FOUND){
31. UNICODE_STRING previousFolder;
32. // Creates a new string to hold the path without the final component
33. previousFolder.MaximumLength = backupPath.Length - pFileNameInfo->FinalComponent.Length - sizeof(WCHAR);
34. RWBAllocateUnicodeString(&previousFolder);
35. RtlCopyMemory(
36. previousFolder.Buffer,
37. backupPath.Buffer,
38. previousFolder.MaximumLength
39. );
40. previousFolder.Length = previousFolder.MaximumLength;
41. // Creates the previous folders
42. RWBRollPath(
43. previousFolder,
44. Globals.Filter,
45. FltObjects->Instance
46. );
47.  
48. RWBFreeUnicodeString(&previousFolder);
49.  
50. // Create backup file. This time should not fail
51. status = FltCreateFile(
52. Globals.Filter,
53. FltObjects->Instance,
54. &backupHandle,
55. FILE_WRITE_DATA,
56. &oaBackup,
57. &iosbBackup,
58. NULL,
59. FILE_ATTRIBUTE_NORMAL,
60. (ULONG)0,
61. FILE_SUPERSEDE,
62. FILE_NON_DIRECTORY_FILE,
63. NULL,
64. (ULONG)0,
65. IO_IGNORE_SHARE_ACCESS_CHECK
66. );
67. }
68.  
69.  
70. }
71. RWBPreCreateCleanup:
72.  
73. if (originalHandle != NULL)
74. FltClose(&originalHandle);
75.  
76. if (backupHandle != NULL)
77. FltClose(&backupHandle);
78.  
79. if (pFileNameInfo != NULL)
80. FltReleaseFileNameInformation(pFileNameInfo);
81.  
82. RWBFreeUnicodeString(&backupPath);
83.  
84.  
85. // TODO: Check for object attributes release
86.  
87. return FLT_PREOP_SUCCESS_WITH_CALLBACK;