Utils: GetFileName, GetVolumeName

GilRan/GilRan.vcxproj

@@ -36,6 +36,7 @@
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="PreCreate.c" />
+    <ClCompile Include="Utils.c" />
     <ResourceCompile Include="GilRan.rc" />
     <ClCompile Include="GilRan.c" />
     <Inf Include="GilRan.inf" />
@@ -193,6 +194,7 @@
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="PreCreate.h" />
+    <ClInclude Include="Utils.h" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">

GilRan/GilRan.vcxproj.filters

@@ -30,6 +30,9 @@
     <ClCompile Include="PreCreate.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="Utils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="GilRan.rc">
@@ -40,5 +43,8 @@
     <ClInclude Include="PreCreate.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="Utils.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
 </Project>

GilRan/PreCreate.c

@@ -1,4 +1,10 @@
+#include <fltKernel.h>
+#include <dontuse.h>
+#include <suppress.h>
+#include <ntstrsafe.h>
+
 #include "PreCreate.h"
+#include "Utils.h"
 
 FLT_PREOP_CALLBACK_STATUS
 PreCreate(
@@ -7,50 +13,19 @@ PreCreate(
     _Flt_CompletionContext_Outptr_ PVOID *CompletionContext
 )
 {
-    UNREFERENCED_PARAMETER(FltObjects);
     UNREFERENCED_PARAMETER(CompletionContext);
 
     NTSTATUS status;
 
-    PFLT_FILE_NAME_INFORMATION pFileNameInformation;
-    status = FltGetFileNameInformation(Data, FLT_FILE_NAME_NORMALIZED | FLT_FILE_NAME_QUERY_DEFAULT, &pFileNameInformation);
-
-    UNICODE_STRING FileName, VolumeName;
-    if (NT_SUCCESS(status)) {
-        status = FltParseFileNameInformation(pFileNameInformation);
-
-        if (NT_SUCCESS(status)) {
-            FileName.Length = 0;
-            FileName.MaximumLength = NTSTRSAFE_UNICODE_STRING_MAX_CCH * sizeof(WCHAR);
-            FileName.Buffer = ExAllocatePoolWithTag(NonPagedPool, FileName.MaximumLength, 'FLIG');
-
-            if (FileName.Buffer != NULL) {
-                RtlUnicodeStringCopy(&FileName, &(pFileNameInformation->Name));
-
-                VolumeName.Length = 0;
-                VolumeName.MaximumLength = FltObjects->FileObject->FileName.MaximumLength + 2;
-
-                ULONG BufferSizeNeeded;
-                status = FltGetVolumeName(FltObjects->Volume, NULL, &BufferSizeNeeded);
-
-                if (status == STATUS_BUFFER_TOO_SMALL) {
-                    VolumeName.MaximumLength += (USHORT)BufferSizeNeeded;
-                }
-
-                VolumeName.Buffer = ExAllocatePoolWithTag(NonPagedPool, VolumeName.MaximumLength, 'VLIG');
-                if (VolumeName.Buffer != NULL) {
-                    status = FltGetVolumeName(FltObjects->Volume, &VolumeName, &BufferSizeNeeded);
-
-                    if (NT_SUCCESS(status)) {
-                        DbgPrintEx(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "FilePath: %ws%ws\n", VolumeName.Buffer, FileName.Buffer);
-                    }
-                    ExFreePoolWithTag(VolumeName.Buffer, 'VLIG');
-                }
-                ExFreePoolWithTag(FileName.Buffer, 'FLIG');
-            }
-        }
-        FltReleaseFileNameInformation(pFileNameInformation);
-    }
+    WCHAR FilePath[1024], VolumeName[1024];
+
+    status = GetFilePath(Data, FilePath);
+    if (!NT_SUCCESS(status)) return FLT_PREOP_COMPLETE;
+
+    status = GetVolumeName(FltObjects, VolumeName);
+    if (!NT_SUCCESS(status)) return FLT_PREOP_COMPLETE;
+
+    DbgPrintEx(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "FilePath: %ws%ws\n", VolumeName, FilePath);
 
     return FLT_PREOP_SUCCESS_NO_CALLBACK;
 }

GilRan/PreCreate.h

@@ -1,9 +1,4 @@
 #pragma once
-#include <fltKernel.h>
-#include <dontuse.h>
-#include <suppress.h>
-#include <ntstrsafe.h>
-
 FLT_PREOP_CALLBACK_STATUS
 PreCreate(
     _Inout_ PFLT_CALLBACK_DATA Data,

GilRan/Utils.c

@@ -0,0 +1,54 @@
+#include <fltKernel.h>
+#include <dontuse.h>
+#include <suppress.h>
+#include <ntstrsafe.h>
+#include "Utils.h"
+
+NTSTATUS GetFilePath(
+    _In_ PFLT_CALLBACK_DATA Data,
+    _Out_ PWCHAR pFilePath
+)
+{
+    PFLT_FILE_NAME_INFORMATION pFileNameInformation;
+    NTSTATUS status = FltGetFileNameInformation(Data, FLT_FILE_NAME_NORMALIZED | FLT_FILE_NAME_QUERY_DEFAULT, &pFileNameInformation);
+    if (!NT_SUCCESS(status)) return status;
+
+    status = FltParseFileNameInformation(pFileNameInformation);
+    if (!NT_SUCCESS(status)) return status;
+
+    wcscpy_s(pFilePath, pFileNameInformation->ParentDir.Length, pFileNameInformation->ParentDir.Buffer);
+
+    FltReleaseFileNameInformation(pFileNameInformation);
+
+    return STATUS_SUCCESS;
+}
+
+NTSTATUS GetVolumeName(
+    _In_ PCFLT_RELATED_OBJECTS FltObjects,
+    _Out_ PWCHAR pVolumeName
+)
+{
+    NTSTATUS status;
+
+    UNICODE_STRING VolumeName;
+    VolumeName.Length = 0;
+    VolumeName.MaximumLength = FltObjects->FileObject->FileName.MaximumLength + 2;
+
+    ULONG szBufferNeeded;
+    status = FltGetVolumeName(FltObjects->Volume, NULL, &szBufferNeeded);
+
+    if (status == STATUS_BUFFER_TOO_SMALL) {
+        VolumeName.MaximumLength += (USHORT)szBufferNeeded;
+    }
+
+    VolumeName.Buffer = ExAllocatePoolWithTag(NonPagedPool, VolumeName.MaximumLength, 'vLIG');
+    if (VolumeName.Buffer == NULL) return STATUS_UNSUCCESSFUL;
+
+    status = FltGetVolumeName(FltObjects->Volume, &VolumeName, &szBufferNeeded);
+    if (NT_SUCCESS(status)) {
+        wcscpy_s(pVolumeName, VolumeName.Length, VolumeName.Buffer);
+    }
+
+    ExFreePoolWithTag(VolumeName.Buffer, 'vLIG');
+    return status;
+}

GilRan/Utils.h

@@ -0,0 +1,10 @@
+#pragma once
+NTSTATUS GetFilePath(
+    _In_ PFLT_CALLBACK_DATA Data,
+    _Out_ PWCHAR pFilePath
+);
+
+NTSTATUS GetVolumeName(
+    _In_ PCFLT_RELATED_OBJECTS FltObjects,
+    _Out_ PWCHAR pVolumeName
+);