9,515
社区成员
发帖
与我相关
我的任务
分享通过关闭设备句柄,强制弹出移动硬盘失败,求大神解答
通过NtQuerySystemInformation等api找到File类型的句柄,
GetFileType判断为FILE_TYPE_DISK后,怎么确定这个句柄就是移动硬盘的设备句柄?我用了DeviceIoControl,GetFinalPathNameByHandle等api都返回句柄无效的错误
procexp看到 handle name 是/Device/00000086。
下面是部分代码:
// 遍历所有句柄,并找出文件句柄
for (ULONG i = 0; i < pInfo->NumberOfHandles; i++)
{
// 获取源进程的句柄
hSourceProcessHandle = OpenProcess(PROCESS_ALL_ACCESS|PROCESS_DUP_HANDLE|PROCESS_SUSPEND_RESUME, FALSE,pInfo->Information[i].ProcessId);
if(hSourceProcessHandle == NULL)
{
DWORD dwErrCode = GetLastError();
continue ;
}
// 转换句柄
if (!DuplicateHandle(hSourceProcessHandle, (HANDLE)pInfo->Information[i].Handle,
GetCurrentProcess(), &hNewHandle, 0, FALSE, DUPLICATE_SAME_ACCESS) )
{
CloseHandle(hSourceProcessHandle);
hSourceProcessHandle = NULL;
DWORD dwErrorCode = GetLastError();
continue;
}
// 判断是否为文件句柄
CHAR szBuf[1024] = {0};
//memset(&stTypeName,0,sizeof(stTypeName));
//dwRetLen = 0;
POBJECT_NAME_INFORMATION pTypeName = (POBJECT_NAME_INFORMATION)szBuf;
status = m_NtQueryObject( hNewHandle, ObjectTypeInformation, szBuf, sizeof(szBuf), &dwRetLen);
if(pTypeName->Name.Length <=0 || 0 != _wcsicmp((wchar_t *)pTypeName->Name.Buffer, L"File") )
{
CloseHandle(hNewHandle);
CloseHandle(hSourceProcessHandle);
hNewHandle = NULL;
hSourceProcessHandle = NULL;
continue;
}
DWORD dwFileType = GetFileType(hNewHandle);
if(dwFileType == FILE_TYPE_DISK)
{
// 找到了
// DWORD dwBytesReturned = 0;
// STORAGE_DEVICE_NUMBER st;
// memset(&st,0,sizeof(st));
// if(!DeviceIoControl(hNewHandle,IOCTL_STORAGE_GET_DEVICE_NUMBER,NULL,0,&st,sizeof(st),&dwBytesReturned,NULL))
// {
// DWORD dwErrCode = GetLastError();
// dlplog_info(g_log_handle,"DeviceIoControl error: %d",GetLastError());
// }
//
// STORAGE_DEVICE_NUMBER device_num;
// DWORD bytes_returned = 0;
// if (!DeviceIoControl((HANDLE)pInfo->Information[i].Handle, IOCTL_STORAGE_GET_DEVICE_NUMBER,NULL, 0,
// &device_num, sizeof(device_num),
// &bytes_returned, (LPOVERLAPPED) NULL))
// {
// DWORD dwErrCode = GetLastError();
// dlplog_info(g_log_handle,"DeviceIoControl error: %d",GetLastError());
// }
CHAR szFilePath[1024] = {0};
DWORD dwErrCode = GetFinalPathNameByHandle(hNewHandle,szFilePath,sizeof(szFilePath)-1,FILE_NAME_NORMALIZED);
dlplog_info(g_log_handle,"szFilePath=%s",szFilePath);
m_NtQueryVolumeInformationFile(hNewHandle,&IoStatus,&NmInfo.Info,sizeof(NM_INFO)-sizeof(HANDLE),FileFsDriverPathInformation);
}
}
CloseHandle(hNewHandle);
CloseHandle(hSourceProcessHandle);
hNewHandle = NULL;
hSourceProcessHandle = NULL;
continue;
GetFileType判断为FILE_TYPE_DISK后,怎么确定这个句柄就是移动硬盘的设备句柄?我用了DeviceIoControl,GetFinalPathNameByHandle等api都返回句柄无效的错误
procexp看到 handle name 是/Device/00000086。
下面是部分代码:
// 遍历所有句柄,并找出文件句柄
for (ULONG i = 0; i < pInfo->NumberOfHandles; i++)
{
// 获取源进程的句柄
hSourceProcessHandle = OpenProcess(PROCESS_ALL_ACCESS|PROCESS_DUP_HANDLE|PROCESS_SUSPEND_RESUME, FALSE,pInfo->Information[i].ProcessId);
if(hSourceProcessHandle == NULL)
{
DWORD dwErrCode = GetLastError();
continue ;
}
// 转换句柄
if (!DuplicateHandle(hSourceProcessHandle, (HANDLE)pInfo->Information[i].Handle,
GetCurrentProcess(), &hNewHandle, 0, FALSE, DUPLICATE_SAME_ACCESS) )
{
CloseHandle(hSourceProcessHandle);
hSourceProcessHandle = NULL;
DWORD dwErrorCode = GetLastError();
continue;
}
// 判断是否为文件句柄
CHAR szBuf[1024] = {0};
//memset(&stTypeName,0,sizeof(stTypeName));
//dwRetLen = 0;
POBJECT_NAME_INFORMATION pTypeName = (POBJECT_NAME_INFORMATION)szBuf;
status = m_NtQueryObject( hNewHandle, ObjectTypeInformation, szBuf, sizeof(szBuf), &dwRetLen);
if(pTypeName->Name.Length <=0 || 0 != _wcsicmp((wchar_t *)pTypeName->Name.Buffer, L"File") )
{
CloseHandle(hNewHandle);
CloseHandle(hSourceProcessHandle);
hNewHandle = NULL;
hSourceProcessHandle = NULL;
continue;
}
DWORD dwFileType = GetFileType(hNewHandle);
if(dwFileType == FILE_TYPE_DISK)
{
// 找到了
// DWORD dwBytesReturned = 0;
// STORAGE_DEVICE_NUMBER st;
// memset(&st,0,sizeof(st));
// if(!DeviceIoControl(hNewHandle,IOCTL_STORAGE_GET_DEVICE_NUMBER,NULL,0,&st,sizeof(st),&dwBytesReturned,NULL))
// {
// DWORD dwErrCode = GetLastError();
// dlplog_info(g_log_handle,"DeviceIoControl error: %d",GetLastError());
// }
//
// STORAGE_DEVICE_NUMBER device_num;
// DWORD bytes_returned = 0;
// if (!DeviceIoControl((HANDLE)pInfo->Information[i].Handle, IOCTL_STORAGE_GET_DEVICE_NUMBER,NULL, 0,
// &device_num, sizeof(device_num),
// &bytes_returned, (LPOVERLAPPED) NULL))
// {
// DWORD dwErrCode = GetLastError();
// dlplog_info(g_log_handle,"DeviceIoControl error: %d",GetLastError());
// }
CHAR szFilePath[1024] = {0};
DWORD dwErrCode = GetFinalPathNameByHandle(hNewHandle,szFilePath,sizeof(szFilePath)-1,FILE_NAME_NORMALIZED);
dlplog_info(g_log_handle,"szFilePath=%s",szFilePath);
m_NtQueryVolumeInformationFile(hNewHandle,&IoStatus,&NmInfo.Info,sizeof(NM_INFO)-sizeof(HANDLE),FileFsDriverPathInformation);
}
}
CloseHandle(hNewHandle);
CloseHandle(hSourceProcessHandle);
hNewHandle = NULL;
hSourceProcessHandle = NULL;
continue;
...全文
请发表友善的回复…
发表回复
clever101 2019-05-05
- 打赏
- 举报
楼主,到底如何获取移动硬盘的句柄呢?
wangsss33 2018-02-26
- 打赏
- 举报
肯定没坏,已经找到了handle name 是/Device/00000086的句柄是一个符号链接句柄,用那些API自然是无效句柄了
wangsss33 2018-02-26
- 打赏
- 举报
问题基本解决了。
问题中提到的句柄/Device/00000086,是一个符号链接的句柄。枚举符号链接可以找到,设备名,再判断设备是否为移动硬盘。
在解决问题过程中发现一条捷径,可以在枚举设备信息中获取设备的的SPDRP_PHYSICAL_DEVICE_OBJECT_NAME,我获取到的值就是/Device/00000086。
可爱的芒果酱 2018-02-24
- 打赏
- 举报
可能是移动硬盘坏掉了,换一个试试
wangsss33 2018-02-24
- 打赏
- 举报
没人解答???
wangsss33 2018-02-23
- 打赏
- 举报
c/c++,枚举硬盘后能直接将移动硬盘弹出?我现在的思路是将属于移动硬盘的File类型的句柄全部关闭后用DeviceIOControl弹出设备。而获取到一个设备句柄后无法判断出是否属于移动硬盘的。
wangsss33 2018-02-23
- 打赏
- 举报
c/c++,枚举硬盘后能直接将移动硬盘弹出?我现在的思路是将属于移动硬盘的File类型的句柄全部关闭后用DeviceIOControl弹出设备。而获取到一个设备句柄后无法判断出是否属于移动硬盘的。
aabbabababaa 2018-02-23
- 打赏
- 举报
什么开发语言啊?杖举全部硬盘看,有没显示了。。。
