Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- OBJECT_ATTRIBUTES oaBackup;
- // Initialize object attributes for the backup file
- InitializeObjectAttributes(
- &oaBackup,
- &backupPath, // backupPath contains the right string
- OBJ_KERNEL_HANDLE,
- NULL,
- NULL
- );
- // Create backup file
- status = FltCreateFile(
- Globals.Filter,
- FltObjects->Instance,
- &backupHandle,
- FILE_WRITE_DATA,
- &oaBackup,
- &iosbBackup,
- NULL,
- FILE_ATTRIBUTE_NORMAL,
- (ULONG) 0,
- FILE_SUPERSEDE,
- FILE_NON_DIRECTORY_FILE,
- NULL,
- (ULONG) 0,
- IO_IGNORE_SHARE_ACCESS_CHECK
- );
- // If the creation fails with error STATUS_OBJECT_PATH_NOT_FOUND this means that the
- // folder does not exists. Create the folder
- if (status == STATUS_OBJECT_PATH_NOT_FOUND){
- UNICODE_STRING previousFolder;
- // Creates a new string to hold the path without the final component
- previousFolder.MaximumLength = backupPath.Length - pFileNameInfo->FinalComponent.Length - sizeof(WCHAR);
- RWBAllocateUnicodeString(&previousFolder);
- RtlCopyMemory(
- previousFolder.Buffer,
- backupPath.Buffer,
- previousFolder.MaximumLength
- );
- previousFolder.Length = previousFolder.MaximumLength;
- // Creates the previous folders
- RWBRollPath(
- previousFolder,
- Globals.Filter,
- FltObjects->Instance
- );
- RWBFreeUnicodeString(&previousFolder);
- // Create backup file. This time should not fail
- status = FltCreateFile(
- Globals.Filter,
- FltObjects->Instance,
- &backupHandle,
- FILE_WRITE_DATA,
- &oaBackup,
- &iosbBackup,
- NULL,
- FILE_ATTRIBUTE_NORMAL,
- (ULONG)0,
- FILE_SUPERSEDE,
- FILE_NON_DIRECTORY_FILE,
- NULL,
- (ULONG)0,
- IO_IGNORE_SHARE_ACCESS_CHECK
- );
- }
- }
- RWBPreCreateCleanup:
- if (originalHandle != NULL)
- FltClose(&originalHandle);
- if (backupHandle != NULL)
- FltClose(&backupHandle);
- if (pFileNameInfo != NULL)
- FltReleaseFileNameInformation(pFileNameInfo);
- RWBFreeUnicodeString(&backupPath);
- // TODO: Check for object attributes release
- return FLT_PREOP_SUCCESS_WITH_CALLBACK;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement