So-net無料ブログ作成

Filter Manager APIを使ってボリュームを列挙する例 [CodeTips]

年明け最初に上げようと思って、昨年末に用意していた内容を上げておきます。
ということは、「あけましておめでとうございます」ですね。明日から5月だというのに…(^^;


GitHubの説明などで 'FltMgr' (Filter Manager) APIと書いていますが、正確には"Filter Manager Support for Minifilter Drivers"の”User-Mode Library” (FltLib.dll) のAPI を使用しています。

Windowsにfltmcというコマンドがありますが、このサンプルではfltmcの instancesやvolumesオプションで表示される様な内容を取得する例を示します。fltmcがコマンド目的上フィルタドライバを中心にした情報の見せ方なのに対し、サンプルではボリュームを中心とした見せ方となってします。

なお、このサンプルは管理者モードで実行してください。

あと、すっかり当たり前に公開してしまったのですが、コード中、print_string()でUNICODE_STRINGを使用している箇所があります(どさくさに紛れて__based変数も)。ここは当然ながらUNICODE_STRINGは必ずしも必須ではありません(使用しない場合はこの部分を適切なC文字列の処理に変更してください)。表示したい内容がポインタとオフセット、レングスで与えられるため、手軽に処理する例としてこの様な使い方をしています。

Visual Studio 2010プロジェクト,Windows 7 WDK用 sourcesを含むすべての内容は GitHubに公開しています。

GitHub レポジトリ:
https://github.com/katsu-y/fsfltview

//
// fsfltview
//
// Sample: Using the filter manager for volume and filter instance enumeration.
//
// Note:   This code is need to run under administrator mode.
//
// Author: YAMASHITA Katsuhiro
//
#include <SDKDDKVer.h>

#include <stdio.h>
#include <stdlib.h>

#include <windows.h>
#include <fltuser.h>  // for FltMgr

#if 0
#include <winternl.h> // for UNICODE_STRING
#else
typedef struct _UNICODE_STRING {
    USHORT Length;
    USHORT MaximumLength;
    PWSTR  Buffer;
} UNICODE_STRING;
typedef UNICODE_STRING *PUNICODE_STRING;
#endif

#define _VOLUME_NAME_LENGTH 256

WORD g_wVersion = 0;

HRESULT
_FindFirst_VolumeInstance(
    PCWSTR pszVolumeName,
    INSTANCE_INFORMATION_CLASS dwInformationClass,
    LPVOID  *lpReturnedBuffer,
    LPHANDLE  lpVolumeInstanceFind
    )
{
    HRESULT hr;
    HANDLE hVolumeInstanceFind;
    DWORD BytesReturned;

    PVOID lpBuffer = NULL;
    DWORD dwBufferSize = 0;

    for(;;)
    {
        hr = FilterVolumeInstanceFindFirst(
                pszVolumeName,
                dwInformationClass,
                lpBuffer,
                dwBufferSize,
                &BytesReturned,
                &hVolumeInstanceFind
                );

        if( HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER )
        {
            if( lpBuffer )
                free(lpBuffer);
            lpBuffer = malloc(BytesReturned);
            if( lpBuffer == NULL )
            {
                hr = E_OUTOFMEMORY;
                break;
            }
            dwBufferSize = BytesReturned;

            continue;
        }
        else
        {
            break;
        }
    }

    if( hr == S_OK && lpBuffer != NULL )
    {
        *lpReturnedBuffer = lpBuffer;
        *lpVolumeInstanceFind = hVolumeInstanceFind;
    }
    else
    {
        *lpReturnedBuffer = NULL;
        *lpVolumeInstanceFind = NULL;

        if( lpBuffer != NULL )
            free(lpBuffer);
    }

    return hr;
}

HRESULT
_FindNext_VolumeInstance(
    HANDLE  hVolumeInstanceFind,
    INSTANCE_INFORMATION_CLASS dwInformationClass,
    LPVOID  *lpReturnedBuffer
    )
{
    HRESULT hr;
    DWORD BytesReturned;

    PVOID lpBuffer = NULL;
    DWORD dwBufferSize = 0;

    for(;;)
    {
        hr = FilterVolumeInstanceFindNext(
                hVolumeInstanceFind,
                dwInformationClass,
                lpBuffer,
                dwBufferSize,
                &BytesReturned
                );

        if( HRESULT_CODE(hr) == ERROR_INSUFFICIENT_BUFFER )
        {
            if( lpBuffer )
                free(lpBuffer);
            lpBuffer = malloc(BytesReturned);
            if( lpBuffer == NULL )
            {
                hr = E_OUTOFMEMORY;
                break;
            }
            dwBufferSize = BytesReturned;

            continue;
        }
        else
        {
            break;
        }
    }

    if( hr == S_OK && lpBuffer != NULL )
    {
        *lpReturnedBuffer = lpBuffer;
    }
    else
    {
        *lpReturnedBuffer = NULL;

        if( lpBuffer != NULL )
            free(lpBuffer);
    }
    return hr;
}

void print_string(PCSTR Title,PVOID pBuffer,USHORT offset,USHORT len)
{
    BYTE __based(pBuffer) *pBased = 0;
    UNICODE_STRING us;
    us.Length = len;
    us.MaximumLength = us.Length;
    us.Buffer = (PWSTR)(pBased + offset);
    printf("%s%wZ\n",Title,&us);
}

void EnumVolumeInstance(PCWSTR pszVolumeName)
{
    HRESULT hr;
    HANDLE hVolumeInstanceFind;
    INSTANCE_INFORMATION_CLASS InfoClass;
    PVOID pBuffer;

    if( g_wVersion >= _WIN32_WINNT_VISTA )
        InfoClass = InstanceAggregateStandardInformation;
    else
        InfoClass = InstanceFullInformation;

    hr = _FindFirst_VolumeInstance(pszVolumeName,InfoClass,
                (PVOID *)&pBuffer,&hVolumeInstanceFind);

    if( hr == S_OK )
    {
        do
        {
            if( g_wVersion >= _WIN32_WINNT_VISTA )
            {
                INSTANCE_AGGREGATE_STANDARD_INFORMATION *piasi 
                    = (INSTANCE_AGGREGATE_STANDARD_INFORMATION *)pBuffer;

                if( piasi->Flags == FLTFL_IASI_IS_MINIFILTER )
                {
                    print_string("\tInstance Name: ",piasi,
                        piasi->Type.MiniFilter.InstanceNameBufferOffset,
                        piasi->Type.MiniFilter.InstanceNameLength);

                    print_string("\tFilter Name  : ",piasi,
                        piasi->Type.MiniFilter.FilterNameBufferOffset,
                        piasi->Type.MiniFilter.FilterNameLength);

                    print_string("\tAltitude     : ",piasi,
                        piasi->Type.MiniFilter.AltitudeBufferOffset,
                        piasi->Type.MiniFilter.AltitudeLength);

                    printf("\n");
                }
                else if( piasi->Flags == FLTFL_IASI_IS_LEGACYFILTER )
                {
                    print_string("\tFilter Name  : ",piasi,
                        piasi->Type.LegacyFilter.FilterNameBufferOffset,
                        piasi->Type.LegacyFilter.FilterNameLength);

                    print_string("\tAltitude     : ",piasi,
                        piasi->Type.LegacyFilter.AltitudeBufferOffset,
                        piasi->Type.LegacyFilter.AltitudeLength);

                    printf("\n");
                }
            }
            else
            {
                INSTANCE_FULL_INFORMATION *pifi
                    = (INSTANCE_FULL_INFORMATION *)pBuffer;

                print_string("\tInstance Name: ",pifi,
                    pifi->InstanceNameBufferOffset,
                    pifi->InstanceNameLength);

                print_string("\tFilter Name  : ",pifi,
                    pifi->FilterNameBufferOffset,
                    pifi->FilterNameLength);

                print_string("\tAltitude     : ",pifi,
                    pifi->AltitudeBufferOffset,
                    pifi->AltitudeLength);

                printf("\n");
            }
            free(pBuffer);

            hr = _FindNext_VolumeInstance(hVolumeInstanceFind,
							InfoClass,(PVOID *)&pBuffer);
        }
        while( hr == S_OK );
    }
    else
    {
        printf("\tenum volume instance error: 0x%08X\n\n",hr);
    }
}

int __cdecl wmain(int /*argc*/, WCHAR* /*argv*/[])
{
    HRESULT hr;
    HANDLE hFilterFind;
    DWORD BytesReturned;

    WORD wVersion = LOWORD(GetVersion());
    g_wVersion = MAKEWORD(HIBYTE(wVersion),LOBYTE(wVersion));

    DWORD dwBufferSize = sizeof(FILTER_VOLUME_STANDARD_INFORMATION)
						 + (sizeof(WCHAR) * _VOLUME_NAME_LENGTH);
    FILTER_VOLUME_STANDARD_INFORMATION *lpBuffer =
						 (FILTER_VOLUME_STANDARD_INFORMATION *)malloc(dwBufferSize);
    if( lpBuffer == NULL )
        return -1;

    hr = FilterVolumeFindFirst(
                FilterVolumeStandardInformation,
                lpBuffer,
                dwBufferSize,
                &BytesReturned,
                &hFilterFind
                ); 

    if( hr == S_OK )
    {
        do
        {
            WCHAR sz[_VOLUME_NAME_LENGTH+1];
            WCHAR szDosDrive[MAX_PATH];

            memcpy(sz,lpBuffer->FilterVolumeName,lpBuffer->FilterVolumeNameLength);
            sz[ lpBuffer->FilterVolumeNameLength/sizeof(WCHAR) ] = UNICODE_NULL;

            if( FilterGetDosName(sz,szDosDrive,MAX_PATH) != S_OK )
            {
                szDosDrive[0] = 0;
            }

            if( szDosDrive[0] != L'\0' )
                printf("%S (%s:)\n",sz,szDosDrive);
            else
                printf("%S\n",sz);

            EnumVolumeInstance(sz);

            hr = FilterVolumeFindNext(
                        hFilterFind,
                        FilterVolumeStandardInformation,
                        lpBuffer,
                        dwBufferSize,
                        &BytesReturned
                        ); 
        }
        while( hr == S_OK );
    }
    else
    {
        printf("error: 0x%08X\n",hr);
    }

    free(lpBuffer);

    return 0;
}






nice!(0)  コメント(5)  トラックバック(0) 

nice! 0

コメント 5

GuestFauch

guest test post
<a href=" http://temresults2018.com/ ">bbcode</a>
<a href="http://temresults2018.com/">html</a>
http://temresults2018.com/ simple
by GuestFauch (2018-01-25 09:05) 

GuestFauch

guest test post
<a href=" http://temresults2018.com/ ">bbcode</a>
<a href="http://temresults2018.com/">html</a>
http://temresults2018.com/ simple
by GuestFauch (2018-02-04 03:57) 

ApokoaloFer

https://highendgamer.com/forums/index.php?threads/buy-xeloda-capecitabine-xeloda-capecitabine-cost.37659/ http://msevi.com/showthread.php?tid=75624 http://www.senna.ru/forum/viewtopic.php?f=4&t=52203 http://www.garrettwademan.com/crs/forum/index.php?topic=107246.new#new http://century21jinya.jp/sale/form.php http://swtorturk.net/forum/index.php?topic=206038.new#new http://skurbarporuba.xf.cz/viewpage.php?page_id=1 http://mta.advanced-gaming.org/lspd/index.php/topic,1157641.new.html#new http://test.xwab.mobi/viewtopic.php?f=41&t=329202 http://www.karnbhoom.club/index.php?topic=53388.new#new http://www.fck3bbs.com/thread-12243-1-1.html http://difmuhendislik.com/difforum/index.php?topic=662616.new#new http://bezdotykoweforum.pl/showthread.php?tid=122407 http://cpu.reboot.pro/viewtopic.php?f=7&t=941462 http://astra26.ru/add/ http://forum.healthcafe350.com/viewtopic.php?pid=104976#p104976 http://www.chaingangchase.com/user/AkipilosTub http://cpu.reboot.pro/viewtopic.php?f=7&t=941456 http://trollgh.com/forums/showthread.php?tid=124319 http://www.qyubbs.com/forum.php?mod=viewthread&tid=28190&pid=56849&page=972&extra=#pid56849 http://forum.teamtfem.se/viewtopic.php?f=12&t=173410 http://dopapod.com/forum/viewtopic.php?f=9&t=75438 https://externalurl.net/index.php?topic=151104.new#new http://midmissouri-airsoft.net/forum/viewtopic.php?f=1&t=723680&p=1189621#p1189621 http://rsosh7.ru/includes/guest/index.php?showforum=21 https://onionbit.com/forum/viewtopic.php?f=8&t=745716 http://taik-ken.ru/includes/guest/index.php?showforum=1 http://logicial.com/elforo/viewtopic.php?p=48953#48953 http://www.forum.pkmkembangjanggut.com/showthread.php?tid=32114 http://7780.tk/forum.php?mod=viewthread&tid=998&extra= http://www.niico.mc-gs.de/showthread.php?tid=158509&pid=196197#pid196197 http://5.135.255.224/index.php?topic=401363.new#new http://cychacks.com/index.php?topic=11827.new#new http://energylive.forumup.it/viewtopic.php?p=13595&mforum=energylive#13595 http://ar.forum.oasgames.com/viewtopic.php?f=6&t=935495&p=2684978#p2684978 http://wolfegames.com/forums/viewtopic.php?f=3&t=67669 http://nauc.info/forums/viewtopic.php?f=4&t=7623890 http://forum.houseofblackflame.com/viewtopic.php?f=2&t=228465 http://cncquilt.com/simplemachines/index.php?topic=130595.new#new http://www.brian-j-smith.com/forum/index.php?topic=116727.new#new http://karurusu.com/onsen/guest/index.php?showforum=11 http://hamptonwaters.org/smf/index.php?topic=133179.new#new http://retroseiko.co.uk/simple/index.php?topic=130715.new#new http://www.aquagalaxy.ru/ http://sammoy.ru/viewtopic.php?pid=398129#p398129 https://www.miportatil.org/viewtopic.php?f=4&t=818872 http://jasamarga.client.virtuco.co.id/discuz/forum.php?mod=viewthread&tid=1059&extra= http://forum.tutorgadgets.com/showthread.php?tid=8828&pid=304390#pid304390 http://sh8aa.com/vb/t11965-7868/#post231719 http://didacsoft.com/index.php/blog/with-small-image/item/105-making-this-the-first-true-generator-on-the-internet
by ApokoaloFer (2018-02-19 04:12) 

ApokoaloFer

http://bbs.hear.99.com/showthread.php?p=4313716#post4313716 http://karurusu.com/onsen/guest/index.php?showforum=11 http://rsosh7.ru/includes/guest/index.php?showforum=21 http://t-gradcom.perm.ru/forum/index.php?topic=2574844.new#new http://aov-go.de/viewtopic.php?f=5&t=200139 http://wreckedified.com/phpBB3/viewtopic.php?f=7&t=28561 http://www.sscjqbbs.com/thread-2342-1-1.html http://forum.ogameautomizer.com/index.php/topic,342322.new.html#new http://radyo.sahibiburda.net/forum/index.php?topic=477838.new#new http://aov-go.de/viewtopic.php?f=5&t=200137 http://wwwforum.buyang.cz/viewtopic.php?f=5&t=36445 http://ftmboards.com/viewtopic.php?f=9&t=359448 http://spika-metal.ru/off/viewtopic.php?p=452065#452065 https://wberg.mine.nu/forum/viewtopic.php?f=3&t=485057 http://forum.lakshmi-food.ru/viewtopic.php?f=3&t=6971 http://radiolafamilia.net/radioforo/viewtopic.php?f=6&t=164269 http://panobcan.sk/forum/viewtopic.php?f=2&t=1221010 http://www.noznos.com/ivermectin-cost-for-guinea-pigs-is-ivermect-382353-1-1.html http://trollgh.com/forums/showthread.php?tid=124345 http://dietasarok.hu/index.php/component/kunena/otletlada/73556-enteral-buy-flagyl-enteral-flagyl-cheapest#74958 http://hatun.ru/forum/viewtopic.php?pid=706930#p706930 http://enteghal85.ir/showthread.php?tid=62956&pid=329285#pid329285 http://mbtibase.com/forum/index.php?topic=392622.new#new http://mokantis.lt.gibonas.serveriai.lt/forum/viewthread.php?thread_id=119025 http://hollywoodf-x.com/forum/viewtopic.php?f=2&t=1193095 http://www.psbgcommunity.com/showthread.php?tid=26765&pid=177874#pid177874 http://www.psbgcommunity.com/showthread.php?tid=45966&pid=177872#pid177872 http://www.webmasterdunyasi.club/forum/index.php?topic=8827.new#new http://www.selpo58.ru/includes/guest/index.php?showforum=4 http://asmrpg.com.br/topico/clonidine-overnight-buy-clonidine-online-alpha-agonist/ http://adosinformatica.com/index.php/component/kunena/bienvenido-mat/52533-buy-fulvicin-for-cats-buy-fulvicin#52938 https://dudewheresmydog.org/showthread.php?tid=118802&pid=535515#pid535515 https://assertionltd.co.uk/forums/showthread.php?tid=839656 http://msevi.com/showthread.php?tid=4038&pid=86961#pid86961 http://www.aghnam.com.sa/vb/newreply.php?p=4572856&noquote=1 https://externalurl.net/index.php?topic=151173.new#new http://www.hsm-fm.de/viewtopic.php?f=7&t=35896 http://forum.lineage.zone/thread-216688.html http://www.lampangmarket.com/index.php?topic=1989.new#new http://phanphoihoachat.vn/forum/index.php?threads/buy-glucovance-online-no-prescription-buy-glucovance-online.180115/ http://ig-life.de/viewtopic.php?f=11&t=1057335 http://odin.web-dortmund.de/forum/viewtopic.php?f=13&t=1049282 http://mou-zolotoy.ippk.ru/index.php?option=com_kunena&func=view&catid=3&id=1133944&Itemid=591#1133944 http://www.emmasupports.de/Forum/viewtopic.php?f=5&t=1774185 http://zoo70.ru/index.php?option=com_kunena&view=topic&catid=3&id=8350&Itemid=18#8351 http://gsf.freeforums.xxx/viewtopic.php?f=9&t=215391 http://sexualdysfunction.ru/css/guest/index.php?showforum=7 http://www.grauewelt.com/igor/forum/viewtopic.php?pid=522431#p522431 http://forum.polydust.com/viewtopic.php?f=4&t=293284 http://clubwv-tc.wz.cz/news.php
by ApokoaloFer (2018-02-19 04:43) 

ApokoaloFer

https://n3rd0rama.tk/showthread.php?tid=33666 http://steadfast.saltandlightrpchurch.org/viewtopic.php?f=12&t=154754 http://completegaming.com/viewtopic.php?f=5&t=446963 http://www.pronggames.com/forums/viewtopic.php?f=4&t=706313 http://laksanaberita.com/threads/somac-heartburn-relief-buy.63570/ http://qipai.cbt9.com/bbs/thread-3615-1-1.html http://marcobarberini.forumup.it/viewtopic.php?p=70097&mforum=marcobarberini#70097 http://amursignal.ru/phpBB3/viewtopic.php?f=3&t=28108 https://www.expertstakers.com/viewtopic.php?f=3&t=39920 http://marcobarberini.forumup.it/viewtopic.php?p=70096&mforum=marcobarberini#70096 http://www.party69.pl/showthread.php?tid=224853&pid=869765#pid869765 http://www.forum.adstoro.com/index.php?topic=440951.new#new http://luohanguo.cbt9.com/bbs/thread-4609-1-1.html http://art-radost.ru/forum/index.php?topic=158282.new#new http://gtmp-forum.cc/showthread.php?tid=198729&pid=221258#pid221258 http://gelik.ru/includes/guest/index.php?showforum=11 http://megatforums.tk/showthread.php?tid=3145&pid=3726#pid3726 http://swtorturk.net/forum/index.php?topic=206339.new#new http://nauc.info/forums/viewtopic.php?f=4&t=7624695 http://lbac.neotemplarios.com/mybb/showthread.php?tid=375176 https://askacommunist.org/viewtopic.php?f=8&t=993629 http://chinevaganti.forumup.it/viewtopic.php?p=3845&mforum=chinevaganti#3845 http://ilaxtown.forumup.it/viewtopic.php?p=85915&mforum=ilaxtown#85915 https://oneforum.ro/index.php?topic=7262.new#new http://msevi.com/showthread.php?tid=75688&pid=87013#pid87013 http://ronfezv4.com/smf/index.php?topic=357223.new#new http://gsf.freeforums.xxx/viewtopic.php?f=9&t=215469 http://socialtour.forumup.it/viewtopic.php?p=56334&mforum=socialtour#56334 https://drexel2122.com/forums/showthread.php?tid=514553 http://cpu.reboot.pro/viewtopic.php?f=7&t=941662 http://chip.mexanicka.ru/index.php?topic=61409.new#new http://www.turbo-speed.mojkgb.com/smf/index.php?topic=448287.new#new http://plantentellen.nl/forum http://forum.tutorgadgets.com/showthread.php?tid=101069&pid=304526#pid304526 http://forum.vulkanutbrott.se/viewtopic.php?f=4&t=371333 http://moes-throwdown.com/forums/viewtopic.php?f=13&t=2546024 http://lasertrack.ru/beam/viewtopic.php?f=3&t=25879 http://onceuponatimerpg.de/thread.php?threadid=38056&sid=51bdc204a9ca7865aed34c8753869d6e http://cr.discjockeyhammer.com/viewtopic.php?f=3&t=215011 http://radiolafamilia.net/radioforo/viewtopic.php?f=6&t=164330 http://car-gold-2018.co.uk/showthread.php?p=348530#post348530 http://www.cardiacs.org/forum/viewtopic.php?f=1&t=26385 http://caihongfupin.com/bbs/forum.php?mod=viewthread&tid=2211&pid=2582&page=36&extra=#pid2582 http://panobcan.sk/forum/viewtopic.php?f=2&t=1221150 http://opensourcerecycling.org/forum/viewtopic.php?f=6&t=141987 http://mbtibase.com/forum/index.php?topic=392787.new#new http://professionsportlimousin.fr/forum/viewtopic.php?f=3&t=269677 http://8dimensional.com/forum/viewtopic.php?f=19&t=37582 http://www.zhenjiawu.com/forum.php?mod=viewthread&tid=3006&extra= http://meteo-evolution-france.com/forum/viewtopic.php?f=5&t=256637
by ApokoaloFer (2018-02-19 05:15) 

コメントを書く

お名前:[必須]
URL:
コメント:
画像認証:
下の画像に表示されている文字を入力してください。

Facebook コメント

トラックバック 0

この広告は前回の更新から一定期間経過したブログに表示されています。更新すると自動で解除されます。