Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Volume open in kernel mode ?

Mark_S._EdwardsMark_S._Edwards Member Posts: 475
I'm a bit embarrassed on this one, I feel I should know the answer but I
can't find it anywhere.

I want to use ZwCreateFile() to open the volume of a drive in kernel
mode. No matter what I try, I can't get the right string to describe the path.

In user mode with CreateFile() I would simply use "\\\\.\\D:".

In kernel mode, I know the name of the device object associated with "D:"
so how do I construct a string to do the above ?

Everything I have tried that doesn't generate an error always ends up
opening the root directory coz the filename passed in IRP_MJ_CREATE is "\"
no matter that I don't have a trailing '\' in my path.

TIA,

Mark

Comments

  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    \\??\\d:



    > -----Original Message-----
    > From: [email protected]
    > [mailto:[email protected]]On Behalf Of Mark S. Edwards
    > Sent: Friday, February 25, 2000 10:05 AM
    > To: File Systems Developers Interest List
    > Subject: [ntfsd] Volume open in kernel mode ?
    >
    >
    > I'm a bit embarrassed on this one, I feel I should know the answer but I
    > can't find it anywhere.
    >
    > I want to use ZwCreateFile() to open the volume of a drive in kernel
    > mode. No matter what I try, I can't get the right string to
    > describe the path.
    >
    > In user mode with CreateFile() I would simply use "\\\\.\\D:".
    >
    > In kernel mode, I know the name of the device object associated with "D:"
    > so how do I construct a string to do the above ?
    >
    > Everything I have tried that doesn't generate an error always ends up
    > opening the root directory coz the filename passed in
    > IRP_MJ_CREATE is "\"
    > no matter that I don't have a trailing '\' in my path.
    >
    > TIA,
    >
    > Mark
    >
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    >
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Well if you know the device Object represnting your
    Drive, then there should be no problem.
    If u want to open say D:\foo.
    Then u can check the value u want to substitute by
    seeing the Objdir.
    Type this command at the Command Prompt and u will see
    Object Manager Directory contents.
    Now if u want to open say D:, then u can see the
    symbolic link.
    and that's it.
    I would be like this
    L"\\Device\\HardDisk0\\Partition0";
    Hope it helps.
    Gurpreet

    --- "Mark S. Edwards" <[email protected]> wrote:
    > I'm a bit embarrassed on this one, I feel I should
    > know the answer but I
    > can't find it anywhere.
    >
    > I want to use ZwCreateFile() to open the volume of a
    > drive in kernel
    > mode. No matter what I try, I can't get the right
    > string to describe the path.
    >
    > In user mode with CreateFile() I would simply use
    > "\\\\.\\D:".
    >
    > In kernel mode, I know the name of the device object
    > associated with "D:"
    > so how do I construct a string to do the above ?
    >
    > Everything I have tried that doesn't generate an
    > error always ends up
    > opening the root directory coz the filename passed
    > in IRP_MJ_CREATE is "\"
    > no matter that I don't have a trailing '\' in my
    > path.
    >
    > TIA,
    >
    > Mark
    >
    >
    > ---
    > You are currently subscribed to ntfsd as:
    > [email protected]
    > To unsubscribe send a blank email to
    > $subst('Email.Unsub')
    >
    >
    __________________________________________________
    Do You Yahoo!?
    Talk to your friends online with Yahoo! Messenger.
    http://im.yahoo.com
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    > Well if you know the device Object represnting your
    > Drive, then there should be no problem.
    > If u want to open say D:\foo.

    Open \??\D:

    Max
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    I am not pretty sure is it not the Object Manager that
    adds \??\ to D:\foo

    --- "Maxim S. Shatskih" <[email protected]>
    wrote:
    > > Well if you know the device Object represnting
    > your
    > > Drive, then there should be no problem.
    > > If u want to open say D:\foo.
    >
    > Open \??\D:
    >
    > Max
    >
    >
    > ---
    > You are currently subscribed to ntfsd as:
    > [email protected]
    > To unsubscribe send a blank email to
    > $subst('Email.Unsub')
    >
    >
    __________________________________________________
    Do You Yahoo!?
    Talk to your friends online with Yahoo! Messenger.
    http://im.yahoo.com
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    You must addd \??

    > -----Original Message-----
    > From: [email protected]
    > [mailto:[email protected]]On Behalf Of Gurpreet Anand
    > Sent: Saturday, February 26, 2000 11:08 AM
    > To: File Systems Developers Interest List
    > Subject: [ntfsd] Re: Volume open in kernel mode ?
    >
    >
    > I am not pretty sure is it not the Object Manager that
    > adds \??\ to D:\foo
    >
    > --- "Maxim S. Shatskih" <[email protected]>
    > wrote:
    > > > Well if you know the device Object represnting
    > > your
    > > > Drive, then there should be no problem.
    > > > If u want to open say D:\foo.
    > >
    > > Open \??\D:
    > >
    > > Max
    > >
    > >
    > > ---
    > > You are currently subscribed to ntfsd as:
    > > [email protected]
    > > To unsubscribe send a blank email to
    > > $subst('Email.Unsub')
    > >
    > >
    > __________________________________________________
    > Do You Yahoo!?
    > Talk to your friends online with Yahoo! Messenger.
    > http://im.yahoo.com
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    >
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Win32 subsystem adds \??\.

    -----Original Message-----
    From: Gurpreet Anand [SMTP:[email protected]]
    Sent: Sunday, February 27, 2000 12:38 AM
    To: File Systems Developers Interest List
    Subject: [ntfsd] Re: Volume open in kernel mode ?

    I am not pretty sure is it not the Object Manager that
    adds \??\ to D:\foo

    --- "Maxim S. Shatskih" <[email protected]>
    wrote:
    > > Well if you know the device Object represnting
    > your
    > > Drive, then there should be no problem.
    > > If u want to open say D:\foo.
    >
    > Open \??\D:
    >
    > Max
    >
    >
    > ---
    > You are currently subscribed to ntfsd as:
    > [email protected]
    > To unsubscribe send a blank email to
    > $subst('Email.Unsub')
    >
    >
    __________________________________________________
    Do You Yahoo!?
    Talk to your friends online with Yahoo! Messenger.
    http://im.yahoo.com

    ---
    You are currently subscribed to ntfsd as: [email protected]
    To unsubscribe send a blank email to $subst('Email.Unsub')
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Yeah I got it.
    Thanks for correcting me.

    --- "Sajeev.S" <[email protected]> wrote:
    > Win32 subsystem adds \??\.
    >
    > -----Original Message-----
    > From: Gurpreet Anand
    > [SMTP:[email protected]]
    > Sent: Sunday, February 27, 2000 12:38 AM
    > To: File Systems Developers Interest List
    > Subject: [ntfsd] Re: Volume open in kernel mode ?
    >
    > I am not pretty sure is it not the Object Manager
    > that
    > adds \??\ to D:\foo
    >
    > --- "Maxim S. Shatskih" <[email protected]>
    > wrote:
    > > > Well if you know the device Object represnting
    > > your
    > > > Drive, then there should be no problem.
    > > > If u want to open say D:\foo.
    > >
    > > Open \??\D:
    > >
    > > Max
    > >
    > >
    > > ---
    > > You are currently subscribed to ntfsd as:
    > > [email protected]
    > > To unsubscribe send a blank email to
    > > $subst('Email.Unsub')
    > >
    > >
    > __________________________________________________
    > Do You Yahoo!?
    > Talk to your friends online with Yahoo! Messenger.
    > http://im.yahoo.com
    >
    > ---
    > You are currently subscribed to ntfsd as:
    > [email protected]
    > To unsubscribe send a blank email to
    > $subst('Email.Unsub')
    >
    > ---
    > You are currently subscribed to ntfsd as:
    > [email protected]
    > To unsubscribe send a blank email to
    > $subst('Email.Unsub')
    >
    >
    __________________________________________________
    Do You Yahoo!?
    Talk to your friends online with Yahoo! Messenger.
    http://im.yahoo.com
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 9-13 Sept 2024 Live, Online
Developing Minifilters 15-19 July 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 20-24 May 2024 Live, Online