Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <ntifs.h>
- #define TAG_POOLTEST 'P'
- NTSTATUS ListDir() {
- //WCHAR Buffer[8192];
- PVOID Ptr;
- SIZE_T poolSize;
- UNICODE_STRING DirectoryName;
- OBJECT_ATTRIBUTES DirectoryAttributes;
- NTSTATUS Status;
- HANDLE DirectoryHandle;
- IO_STATUS_BLOCK Iosb;
- PFILE_BOTH_DIR_INFORMATION DirInformation;
- poolSize = 8192;
- Ptr = ExAllocatePoolWithTag(PagedPool, poolSize, TAG_POOLTEST);
- if (!Ptr) return STATUS_INSUFFICIENT_RESOURCES;
- RtlInitUnicodeString(&DirectoryName, L"\\??\\C:\\Windows");
- InitializeObjectAttributes(&DirectoryAttributes,
- &DirectoryName,
- OBJ_CASE_INSENSITIVE,
- 0, // absolute open, no relative directory handle
- 0); // no security descriptor necessary
- Status = ZwCreateFile(&DirectoryHandle,
- (FILE_LIST_DIRECTORY | SYNCHRONIZE),
- &DirectoryAttributes,
- &Iosb,
- 0,
- 0,
- FILE_SHARE_VALID_FLAGS, // FULL sharing
- FILE_OPEN, // MUST already exist
- (FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE), // MUST be a directory
- 0,
- 0);
- if (!NT_SUCCESS(Status)) {
- DbgPrint("%u Unable to open %S, error = 0x%x\n", DirectoryName.Length / sizeof(WCHAR), DirectoryName.Buffer, Status);
- return Status;
- }
- //
- // We pass NO NAME which is the same as *.*
- //
- Status = ZwQueryDirectoryFile(DirectoryHandle,
- NULL,
- NULL,
- // No APC routine
- NULL,
- // No APC context
- &Iosb,
- Ptr,
- poolSize,
- FileBothDirectoryInformation,
- TRUE,
- NULL,
- FALSE);
- if (!NT_SUCCESS(Status)) {
- DbgPrint("Unable to query directory contents, error 0x%x\n", Status);
- return Status;
- }
- DirInformation = (PFILE_BOTH_DIR_INFORMATION)poolSize;
- // Loop over all files
- for (;;) {
- //
- // Dump the full name of the file. We could dump the other information
- // here as well, but we'll keep the example shorter instead.
- //
- DbgPrint("%u %ws\n", DirInformation->FileNameLength / sizeof(WCHAR), &DirInformation->FileName[0]);
- //
- // If there is no offset in the entry, the buffer has been exhausted.
- //
- if (DirInformation->NextEntryOffset == 0) {
- // Re-fill buffer
- Status = ZwQueryDirectoryFile(DirectoryHandle,
- NULL,
- NULL,
- // No APC routine
- NULL,
- // No APC context
- &Iosb,
- Ptr,
- poolSize,
- FileBothDirectoryInformation,
- FALSE,
- NULL,
- FALSE);
- if (!NT_SUCCESS(Status)) {
- if (Status == STATUS_NO_MORE_FILES) break;
- DbgPrint("Unable to query directory contents, error 0x%x\n", Status);
- return Status;
- }
- DirInformation = (PFILE_BOTH_DIR_INFORMATION)poolSize;
- continue;
- }
- //
- // Advance to the next entry.
- //
- DirInformation = (PFILE_BOTH_DIR_INFORMATION)(((PUCHAR)DirInformation) + DirInformation->NextEntryOffset);
- }
- /*NtClose*/ZwClose(DirectoryHandle);
- ExFreePoolWithTag(Ptr, TAG_POOLTEST);
- return Status;
- }
- VOID /*NTAPI*/ DriverUnload(IN PDRIVER_OBJECT DriverObject) {
- DbgPrint("DriverUnload()!\\n");
- return;
- }
- /*__declspec (dllexport)*/ NTSTATUS /*NTAPI*/ DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING RegistryPath) {
- NTSTATUS NtStatus = STATUS_SUCCESS;
- pDriverObject->DriverUnload = /*(PDRIVER_UNLOAD)*/DriverUnload;
- DbgPrint("DriverEntry()!\\n");
- ListDir();
- return NtStatus;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement