public NTStatus QueryDirectory(out List <QueryDirectoryFileInformation> result, object handle, string fileName, FileInformationClass informationClass) { IO_STATUS_BLOCK ioStatusBlock; byte[] buffer = new byte[4096]; UNICODE_STRING fileNameStructure = new UNICODE_STRING(fileName); result = new List <QueryDirectoryFileInformation>(); bool restartScan = true; while (true) { NTStatus status = NtQueryDirectoryFile((IntPtr)handle, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, out ioStatusBlock, buffer, (uint)buffer.Length, (byte)informationClass, false, ref fileNameStructure, restartScan); if (status == NTStatus.STATUS_NO_MORE_FILES) { break; } else if (status != NTStatus.STATUS_SUCCESS) { return(status); } int numberOfBytesWritten = (int)ioStatusBlock.Information; buffer = ByteReader.ReadBytes(buffer, 0, numberOfBytesWritten); List <QueryDirectoryFileInformation> page = QueryDirectoryFileInformation.ReadFileInformationList(buffer, 0, informationClass); result.AddRange(page); restartScan = false; } fileNameStructure.Dispose(); return(NTStatus.STATUS_SUCCESS); }
private NTStatus CreateFile(out IntPtr handle, out FileStatus fileStatus, string nativePath, AccessMask desiredAccess, long allocationSize, FileAttributes fileAttributes, ShareAccess shareAccess, CreateDisposition createDisposition, CreateOptions createOptions) { UNICODE_STRING objectName = new UNICODE_STRING(nativePath); OBJECT_ATTRIBUTES objectAttributes = InitializeObjectAttributes(objectName); IO_STATUS_BLOCK ioStatusBlock; NTStatus status = NtCreateFile(out handle, (uint)desiredAccess, ref objectAttributes, out ioStatusBlock, ref allocationSize, fileAttributes, shareAccess, createDisposition, createOptions, IntPtr.Zero, 0); fileStatus = (FileStatus)ioStatusBlock.Information; return(status); }
private OBJECT_ATTRIBUTES InitializeObjectAttributes(UNICODE_STRING objectName) { OBJECT_ATTRIBUTES objectAttributes = new OBJECT_ATTRIBUTES(); objectAttributes.RootDirectory = IntPtr.Zero; objectAttributes.ObjectName = Marshal.AllocHGlobal(Marshal.SizeOf(objectName)); Marshal.StructureToPtr(objectName, objectAttributes.ObjectName, false); objectAttributes.SecurityDescriptor = IntPtr.Zero; objectAttributes.SecurityQualityOfService = IntPtr.Zero; objectAttributes.Length = Marshal.SizeOf(objectAttributes); return(objectAttributes); }
private static extern NTStatus NtQueryDirectoryFile(IntPtr handle, IntPtr evt, IntPtr apcRoutine, IntPtr apcContext, out IO_STATUS_BLOCK ioStatusBlock, byte[] fileInformation, uint length, uint fileInformationClass, bool returnSingleEntry, ref UNICODE_STRING fileName, bool restartScan);