So, if there was a thread on ZwOpenFile(), why not one on ZwCreateFile()?
Code is:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
WCHAR *ProgramLogFile = L"\??\Global\C:\somefile.log";
LARGE_INTEGER AllocationSize;
UNICODE_STRING LogFileName;
IO_STATUS_BLOCK IoStatusBlock;
OBJECT_ATTRIBUTES ObjectAttributes;
NTSTATUS Status;
//
// Open the Log File for writing.
//
RtlInitUnicodeString(&LogFileName, ProgramLogFile);
InitializeObjectAttributes(
&ObjectAttributes,
&LogFileName,
OBJ_CASE_INSENSITIVE | OBJ_PERMANENT | OBJ_OPENIF,
NULL,
NULL
);
AllocationSize.QuadPart = 64 * 1024;
Status = ZwCreateFile(
&LogFileHandle,
GENERIC_ALL | SYNCHRONIZE | FILE_ANY_ACCESS,
&ObjectAttributes,
&IoStatusBlock,
&AllocationSize,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_WRITE | FILE_SHARE_READ | FILE_SHARE_DELETE,
FILE_SUPERSEDE,
FILE_WRITE_THROUGH | FILE_SYNCHRONOUS_IO_NONALERT|
FILE_SEQUENTIAL_ONLY | FILE_NON_DIRECTORY_FILE,
NULL,
0
);
if (NT_ERROR(Status)) {
…
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Status returned is 0xC000000D (STATUS_INVALID_PARAMETER). *What* is the
invalid parameter? I have been tweaking them for a couple of hours now!
In the same piece of software, the following code using ZwOpenFile() works!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
WCHAR *ProgramInputFile = L"\??\Global\C:\somefile.dat"
HANDLE InputFile;
IO_STATUS_BLOCK IoStatusBlock;
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING ObjectName;
NTSTATUS Status;
RtlInitUnicodeString(&ObjectName, ProgramInputFile);
InitializeObjectAttributes(
&ObjectAttributes,
&ObjectName,
OBJ_CASE_INSENSITIVE,
NULL, NULL
);
Status = ZwOpenFile(
&InputFile,
GENERIC_ALL | SYNCHRONIZE,
&ObjectAttributes,
&IoStatusBlock,
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
FILE_RANDOM_ACCESS | FILE_SYNCHRONOUS_IO_NONALERT
);
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Why does the code with ZwOpenFile() work but the code with ZwCreateFile()
fail? What can I do to it to make it work? I no longer have any ideas.
Thanks,
–
Aram Hăvărneanu