SFILTER Dynamic Plus Mipple Summary

xiaoxiao2021-03-06  51

After a few days, I finally decided to solve the dynamic plus of IFS.

In order to be no longer halo, summarize as follows:

1. Encrypt in sfWrite (IRP_MJ_WRITE) instead of completing the routine,

Decrypt in sfread (IRP_MJ_READ) instead of completion routines,

3. Just handle IRP_NOCACHE | IRP_PAGING_IO | IRP_SYNCHRONOUS_PAGING_IO

2. Encryption Simple Process:

a. Get buffer address from Windows,

IF (IRP-> MDLADDRESS)

{

SysdataBuf = MmgetsystemAddressFormdlsafe (IRP-> MDLDRESS, NORMALPAGEPRIORIRIRITY);

}

Else

{

SysdataBuf = IRP-> UserBuffer;

}

b. Save the plain text sysdatabuf in sysdatabase, SYSDATABUFFIRST

c. Encrypt SysdataBuf with your powerful algorithm - >> mybuf

d. Put mybuf copy to sysdatabuf,

E.IocallDriver Put the secret to the Double, write to Harddisk.

f. Recovery of Memory's plaintext RTLCopyMemory (sysdatabuf, sysdatabase;) ;.

3. Decryption approach:

A.iocallDriver reads to ciphertext

B, decryption

C. IOCOMPLETEREQUEST

My development environment:

IFS2600, Sfilter's code is for XP SP1

转载请注明原文地址:https://www.9cbs.com/read-117071.html

New Post(0)