Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class NDC : public IO_OBJECT
- {
- union {
- FILE_NOTIFY_INFORMATION fni;
- UCHAR buf[0x1000];
- };
- void Start()
- {
- HANDLE hFile;
- if (LockHandle(hFile))
- {
- if (IO_IRP* irp = new IO_IRP(this, 0, 0))
- {
- irp->CheckError(ReadDirectoryChangesW(hFile, buf, sizeof(buf), TRUE, FILE_NOTIFY_VALID_MASK, 0, irp, 0));
- }
- UnlockHandle();
- }
- }
- virtual void IOCompletionRoutine(CDataPacket* /*packet*/, DWORD /*Code*/, NTSTATUS status, ULONG_PTR dwNumberOfBytesTransfered, PVOID /*Pointer*/)
- {
- DbgPrint("IOCompletionRoutine(%u, %p)\n", status, dwNumberOfBytesTransfered);
- switch (status)
- {
- case NOERROR:
- union {
- PBYTE pb;
- PFILE_NOTIFY_INFORMATION pfni;
- };
- pfni = &fni;
- ULONG NextEntryOffset = 0;
- do
- {
- pb += NextEntryOffset;
- DbgPrint("[%u] %.*S\n", pfni->Action, pfni->FileNameLength / sizeof(WCHAR), pfni->FileName);
- } while (NextEntryOffset = pfni->NextEntryOffset);
- //Sleep(4000);// !!!
- case ERROR_NOTIFY_ENUM_DIR:
- Start();
- }
- }
- public:
- ULONG Create(PCWSTR psz)
- {
- HANDLE hFile = CreateFileW(psz, FILE_GENERIC_READ, FILE_SHARE_VALID_FLAGS, 0, OPEN_EXISTING,
- FILE_FLAG_OVERLAPPED | FILE_FLAG_BACKUP_SEMANTICS, 0);//
- if (hFile != INVALID_HANDLE_VALUE)
- {
- Assign(hFile);
- if (ULONG dwError = IO_IRP::BindIoCompletion(hFile))
- {
- return dwError;
- }
- Start();
- return NOERROR;
- }
- return GetLastError();
- }
- };
- void DemoSpy(PCWSTR szFile)
- {
- if (NDC* p = new NDC)
- {
- p->Create(szFile);
- MessageBoxW(0, 0, L"Start motitor and UI running", MB_ICONINFORMATION);
- p->Close();
- p->Release();
- MessageBoxW(0, 0, L"Stop monitor", MB_ICONINFORMATION);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
