学无先后,达者为师

网站首页 编程语言 正文

系统分区卷GUID

作者:ThatAllOver 更新时间: 2022-05-13 编程语言 
#define _CRT_SECURE_NO_WARNINGS
#include 
#include 
#include 

// https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/ne-wdm-_fsinfoclass

typedef enum _FSINFOCLASS {
	FileFsVolumeInformation = 1,
	FileFsLabelInformation,
	FileFsSizeInformation,
	FileFsDeviceInformation,
	FileFsAttributeInformation,
	FileFsControlInformation,
	FileFsFullSizeInformation,
	FileFsObjectIdInformation,
	FileFsDriverPathInformation,
	FileFsMaximumInformation
} FS_INFORMATION_CLASS, * PFS_INFORMATION_CLASS;

typedef NTSTATUS(*FZwSetVolumeInformationFile)(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);

typedef NTSTATUS(*FZwQueryVolumeInformationFile)(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);

int main(int argc, char* argv[])
{
	const wchar_t* device = L"\\\\.\\c:";

	HANDLE h = CreateFileW(device, 0x40000000, 3, 0, 3, 0x80, 0);
	if (h == INVALID_HANDLE_VALUE) return 0;
	printf("handle is %d \n", h);

	HMODULE m = GetModuleHandleW(L"ntdll.dll");
	if (!m) return 0;
	printf("module is %p \n", m);

	FZwSetVolumeInformationFile _ZwSetVolumeInformationFile = (FZwSetVolumeInformationFile)GetProcAddress(m, "ZwSetVolumeInformationFile");
	FZwQueryVolumeInformationFile _ZwQueryVolumeInformationFile = (FZwQueryVolumeInformationFile)GetProcAddress(m, "ZwQueryVolumeInformationFile");
	if (!_ZwSetVolumeInformationFile || !_ZwQueryVolumeInformationFile) return 0;
	printf("_ZwSetVolumeInformationFile %p \n", _ZwSetVolumeInformationFile);
	printf("_ZwQueryVolumeInformationFile %p \n", _ZwQueryVolumeInformationFile);

	NTSTATUS s;
	const int size = 1024 * 10;
	char* buf = new char[size];
	memset(buf, 0, size);
	IO_STATUS_BLOCK status{ 0 };

	typedef struct _FILE_FS_VOLUME_INFORMATION {
		LARGE_INTEGER VolumeCreationTime;
		ULONG VolumeSerialNumber;
		ULONG VolumeLabelLength;
		BOOLEAN SupportsObjects;
		WCHAR VolumeLabel[1];
	} FILE_FS_VOLUME_INFORMATION, * PFILE_FS_VOLUME_INFORMATION;
	s = _ZwQueryVolumeInformationFile(h, &status, buf, size, FileFsVolumeInformation);
	PFILE_FS_VOLUME_INFORMATION p1 = (PFILE_FS_VOLUME_INFORMATION)buf;
	p1->VolumeSerialNumber = 0;
	p1->VolumeLabel[0] = L'\0';
	s = _ZwSetVolumeInformationFile(h, &status, p1, size, FileFsVolumeInformation);
	printf("%p \n", s);

	typedef struct _FILE_FS_OBJECTID_INFORMATION {
		UCHAR ObjectId[16];
		UCHAR ExtendedInfo[48];
	} FILE_FS_OBJECTID_INFORMATION, * PFILE_FS_OBJECTID_INFORMATION;
	s = _ZwQueryVolumeInformationFile(h, &status, buf, size, FileFsObjectIdInformation);
	PFILE_FS_OBJECTID_INFORMATION p2 = (PFILE_FS_OBJECTID_INFORMATION)buf;
	p2->ObjectId[0] = 55;
	p2->ObjectId[1] = 55;
	p2->ObjectId[2] = 55;
	p2->ObjectId[3] = 55;
	p2->ObjectId[4] = 55;
	p2->ObjectId[5] = 55;
	p2->ObjectId[6] = 55;
	p2->ObjectId[7] = 55;
	s = _ZwSetVolumeInformationFile(h, &status, p2, size, FileFsObjectIdInformation);
	printf("%p \n", s);

	//typedef struct _FILE_FS_DRIVER_PATH_INFORMATION {
	//	BOOLEAN DriverInPath;
	//	ULONG   DriverNameLength;
	//	WCHAR   DriverName[1];
	//} FILE_FS_DRIVER_PATH_INFORMATION, * PFILE_FS_DRIVER_PATH_INFORMATION;
	//PFILE_FS_DRIVER_PATH_INFORMATION p3 = (PFILE_FS_DRIVER_PATH_INFORMATION)buf;
	//p3->DriverInPath = TRUE;
	//p3->DriverNameLength = 0x200;
	//wcscpy(p3->DriverName, L"\\\\?\\Volume{c6708e20-53cd-4265-a031-af74f04ca24b}");
	//s = _ZwQueryVolumeInformationFile(h, &status, buf, size, FileFsDriverPathInformation);

	CloseHandle(h);
	system("pause");
	return 0;
}

原文链接:https://blog.csdn.net/zzy1448331580/article/details/121879219

相关推荐

栏目分类
最近更新
Copyright © 2025   AB教程网    免责声明
本站部分资源收集于互联网、用户投稿,其版权归原作者所有,内容以共享、参考、学习为主,不存在任何商业目的。如有侵权请与本站联系,情况属实将予以删除!
本站由    提供CDN加速