睢
睢志强
Unregistered / Unconfirmed
GUEST, unregistred user!
我是想 HOOK WriteFile 这个 API,以实现一些功能。<br>由于 被 HOOK 程序启动太早,没办法 HOOK 到 CreateFile 。<br>所以想知道能不能根据句丙求出文件名。
T
tseug
Unregistered / Unconfirmed
GUEST, unregistred user!
给个思路<br>CreateFileMapping<br>MapViewOfFile<br>GetMappedFileName
0
0桁骀
Unregistered / Unconfirmed
GUEST, unregistred user!
CreateFile可以打开com口,驱动器……
L
linuxping
Unregistered / Unconfirmed
GUEST, unregistred user!
你可以换一个思路,比如:查找进程的方法...
M
Milpas
Unregistered / Unconfirmed
GUEST, unregistred user!
通过句柄取文件名,貌似不行<br>我想知道哪个进程在以独占方式打开文件....谁知道?
睢
睢志强
Unregistered / Unconfirmed
GUEST, unregistred user!
tseug <br> 你说的那是内存文件影射 你似乎没明白我的问题.<br><br>0桁骀 <br> 这个我晓得,只是参数里文件名的不同而已.我就是想知道那个参数.<br><br>linuxping<br> 那个进程打开了N个文件诶~~~ 我还是不知道....<br><br>Milpas<br> 不晓得看模块列表可行不?
睢
睢志强
Unregistered / Unconfirmed
GUEST, unregistred user!
找到一段 VC 的代码. 哪位兄弟帮翻译下?<br><br>#include <windows.h><br>#include <stdio.h><br>#include <tchar.h><br>#include <string.h><br>#include <psapi.h><br><br>#define BUFSIZE 512<br><br>BOOL GetFileNameFromHandle(HANDLE hFile) <br>{<br> BOOL bSuccess = FALSE;<br> TCHAR pszFilename[MAX_PATH+1];<br> HANDLE hFileMap;<br><br> // Get the file size.<br> DWORD dwFileSizeHi = 0;<br> DWORD dwFileSizeLo = GetFileSize(hFile, &dwFileSizeHi); <br><br> if( dwFileSizeLo == 0 && dwFileSizeHi == 0 )<br> {<br> printf("Cannot map a file with a length of zero./n"
;<br> return FALSE;<br> }<br><br> // Create a file mapping object.<br> hFileMap = CreateFileMapping(hFile, <br> NULL, <br> PAGE_READONLY,<br> 0, <br> 1,<br> NULL);<br><br> if (hFileMap) <br> {<br> // Create a file mapping to get the file name.<br> void* pMem = MapViewOfFile(hFileMap, FILE_MAP_READ, 0, 0, 1);<br><br> if (pMem) <br> {<br> if (GetMappedFileName (GetCurrentProcess(), <br> pMem, <br> pszFilename,<br> MAX_PATH)) <br> {<br><br> // Translate path with device name to drive letters.<br> TCHAR szTemp[BUFSIZE];<br> szTemp[0] = '/0';<br><br> if (GetLogicalDriveStrings(BUFSIZE-1, szTemp)) <br> {<br> TCHAR szName[MAX_PATH];<br> TCHAR szDrive[3] = TEXT(" :"<br> BOOL bFound = FALSE;<br> TCHAR* p = szTemp;<br><br> do <br> {<br> // Copy the drive letter to the template string<br> *szDrive = *p;<br><br> // Look up each device name<br> if (QueryDosDevice(szDrive, szName, BUFSIZE))<br> {<br> UINT uNameLen = _tcslen(szName);<br><br> if (uNameLen < MAX_PATH) <br> {<br> bFound = _tcsnicmp(pszFilename, szName, <br> uNameLen) == 0;<br><br> if (bFound) <br> {<br> // Reconstruct pszFilename using szTemp<br> // Replace device path with DOS path<br> TCHAR szTempFile[MAX_PATH];<br> _stprintf(szTempFile,<br> TEXT("%s%s",<br> szDrive,<br> pszFilename+uNameLen);<br> _tcsncpy(pszFilename, szTempFile, MAX_PATH);<br> }<br> }<br> }<br><br> // Go to the next NULL character.<br> while (*p++);<br> } while (!bFound && *p); // end of string<br> }<br> }<br> bSuccess = TRUE;<br> UnmapViewOfFile(pMem);<br> } <br><br> CloseHandle(hFileMap);<br> }<br> printf("File name is %s/n", pszFilename);<br> return(bSuccess);<br>}
;<br> return FALSE;<br> }<br><br> // Create a file mapping object.<br> hFileMap = CreateFileMapping(hFile, <br> NULL, <br> PAGE_READONLY,<br> 0, <br> 1,<br> NULL);<br><br> if (hFileMap) <br> {<br> // Create a file mapping to get the file name.<br> void* pMem = MapViewOfFile(hFileMap, FILE_MAP_READ, 0, 0, 1);<br><br> if (pMem) <br> {<br> if (GetMappedFileName (GetCurrentProcess(), <br> pMem, <br> pszFilename,<br> MAX_PATH)) <br> {<br><br> // Translate path with device name to drive letters.<br> TCHAR szTemp[BUFSIZE];<br> szTemp[0] = '/0';<br><br> if (GetLogicalDriveStrings(BUFSIZE-1, szTemp)) <br> {<br> TCHAR szName[MAX_PATH];<br> TCHAR szDrive[3] = TEXT(" :"<br> BOOL bFound = FALSE;<br> TCHAR* p = szTemp;<br><br> do <br> {<br> // Copy the drive letter to the template string<br> *szDrive = *p;<br><br> // Look up each device name<br> if (QueryDosDevice(szDrive, szName, BUFSIZE))<br> {<br> UINT uNameLen = _tcslen(szName);<br><br> if (uNameLen < MAX_PATH) <br> {<br> bFound = _tcsnicmp(pszFilename, szName, <br> uNameLen) == 0;<br><br> if (bFound) <br> {<br> // Reconstruct pszFilename using szTemp<br> // Replace device path with DOS path<br> TCHAR szTempFile[MAX_PATH];<br> _stprintf(szTempFile,<br> TEXT("%s%s",<br> szDrive,<br> pszFilename+uNameLen);<br> _tcsncpy(pszFilename, szTempFile, MAX_PATH);<br> }<br> }<br> }<br><br> // Go to the next NULL character.<br> while (*p++);<br> } while (!bFound && *p); // end of string<br> }<br> }<br> bSuccess = TRUE;<br> UnmapViewOfFile(pMem);<br> } <br><br> CloseHandle(hFileMap);<br> }<br> printf("File name is %s/n", pszFilename);<br> return(bSuccess);<br>}
T
tseug
Unregistered / Unconfirmed
GUEST, unregistred user!
你上面的代码就和我的思路一样,我怎么没理解你的问题?[
][]
][]
A
appfirst
Unregistered / Unconfirmed
GUEST, unregistred user!
给你翻译了一下,测试通过。<br>function GetFileNameFromHandle(hFile:THandle):String;<br>Const<br> BUFSIZE=512;<br>Var<br> pszFilename:Array[0..BUFSIZE+1] of CHAR;<br> hFileMap:THandle;<br> //dwFileSizeHi
WORD;<br> //dwFileSizeLoWORD;<br> pMem
ointer;<br> szTemp:Array[0..MAX_PATH-1] of CHAR;<br> pChar;<br> Str:String;<br>begin<br> Result:='';<br> FillChar(pszFilename,sizeof(pszFilename),0);<br> hFileMap := CreateFileMapping(hFile,<br> nil,<br> PAGE_READONLY,<br> 0,<br> 1,<br> nil);<br><br> if hFileMap<>INVALID_HANDLE_VALUE then<br> begin<br> pMem := MapViewOfFile(hFileMap, FILE_MAP_READ, 0, 0, 1);<br> if Assigned(pMem) then<br> begin<br> if GetMappedFileName (GetCurrentProcess,<br> pMem,<br> pszFilename,<br> MAX_PATH)<>0 then<br> begin<br> Str:=StrPas(pszFileName);<br> if GetLogicalDriveStrings(BUFSIZE-1, @pszFileName)<>0 then<br> begin<br> p:=@pszFileName;<br> Repeat<br> Inc(p,2);<br> p^:=#0;<br> Dec(p,2);<br> FillChar(szTemp,sizeof(szTemp),0);<br> if QueryDosDevice(p, @szTemp, MAX_PATH)<>0 then<br> begin<br> if AnsiPos(szTemp,Str)<>0 then<br> begin<br> Result := p+AnsiReplaceStr(Str,szTemp,'');<br> Exit;<br> end;<br> end;<br> Inc(p,4);<br> Until p^=#0;<br> end;<br> end;<br> UnmapViewOfFile(pMem);<br> end;<br> CloseHandle(hFileMap);<br> end;<br>end;
WORD;<br> //dwFileSizeLoWORD;<br> pMemointer;<br> szTemp:Array[0..MAX_PATH-1] of CHAR;<br> pChar;<br> Str:String;<br>begin<br> Result:='';<br> FillChar(pszFilename,sizeof(pszFilename),0);<br> hFileMap := CreateFileMapping(hFile,<br> nil,<br> PAGE_READONLY,<br> 0,<br> 1,<br> nil);<br><br> if hFileMap<>INVALID_HANDLE_VALUE then<br> begin<br> pMem := MapViewOfFile(hFileMap, FILE_MAP_READ, 0, 0, 1);<br> if Assigned(pMem) then<br> begin<br> if GetMappedFileName (GetCurrentProcess,<br> pMem,<br> pszFilename,<br> MAX_PATH)<>0 then<br> begin<br> Str:=StrPas(pszFileName);<br> if GetLogicalDriveStrings(BUFSIZE-1, @pszFileName)<>0 then<br> begin<br> p:=@pszFileName;<br> Repeat<br> Inc(p,2);<br> p^:=#0;<br> Dec(p,2);<br> FillChar(szTemp,sizeof(szTemp),0);<br> if QueryDosDevice(p, @szTemp, MAX_PATH)<>0 then<br> begin<br> if AnsiPos(szTemp,Str)<>0 then<br> begin<br> Result := p+AnsiReplaceStr(Str,szTemp,'');<br> Exit;<br> end;<br> end;<br> Inc(p,4);<br> Until p^=#0;<br> end;<br> end;<br> UnmapViewOfFile(pMem);<br> end;<br> CloseHandle(hFileMap);<br> end;<br>end;
0
0桁骀
Unregistered / Unconfirmed
GUEST, unregistred user!
真快,uses psapi, StrUtils
睢
睢志强
Unregistered / Unconfirmed
GUEST, unregistred user!
tseug 果然强人,最开始没理解.
