Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


How to obtain drive letter from a device object?

OSR_Community_UserOSR_Community_User Member Posts: 110,217
in NTFSD
I use a Rajeev Nagar's like Filter and in SFilterAttachTarget I want to get
the drive letter (if possible ) which corresponds to
PtrTargetDeviceObject.How can I do that?(In fact how can I obtain a name
for a DEVICE_OBJECT?I use IoGetDeviceObjectPointer but it beheave
strange.Do u know other ways?)
· Share on Facebook

Comments

  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    To get object Name, somebody told me to use ObQueryNameString, but I
    couldn't link my driver to that function and to get drive letter you could
    use ZwOpenSymbolicLinkObject and ZwQuerySymbolicLinkObject, but I
    couldn't link link to them neither. So by this way I am asking whether
    somebody knows why I can't link to this functions?

    On Mon, 15 May 2000 [email protected] wrote:

    > I use a Rajeev Nagar's like Filter and in SFilterAttachTarget I want to get
    > the drive letter (if possible ) which corresponds to
    > PtrTargetDeviceObject.How can I do that?(In fact how can I obtain a name
    > for a DEVICE_OBJECT?I use IoGetDeviceObjectPointer but it beheave
    > strange.Do u know other ways?)
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    · Share on Facebook
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Hello,

    There shouldn't be any problem linking to these
    functions.
    They are all exported by NTOSKRNL.EXE. Just declare
    the
    prototypes as follows and you can use it.

    typedef struct ObjectNameInfo_t {
    UNICODE_STRING ObjectName;
    WCHAR ObjectNameBuffer[1];
    } OBJECT_NAME_INFO, *POBJECT_NAME_INFO;

    NTSYSAPI
    NTSTATUS
    NTAPI
    ObQueryNameString(PVOID pObject,
    POBJECT_NAME_INFO pObjectNameBuffer,
    ULONG pObjectNameBufferSize,
    PULONG BytesReturned);

    NTSYSAPI
    NTSTATUS
    NTAPI
    ZwOpenSymbolicLinkObject(
    OUT PHANDLE hSymbolicLink,
    IN ACCESS_MASK AccessMask,
    IN POBJECT_ATTRIBUTES ObjectAttributes
    );

    NTSYSAPI
    NTSTATUS
    NTAPI
    ZwQuerySymbolicLinkObject(
    IN HANDLE hSymbolicLink,
    IN OUT PUNICODE_STRING ObjectName,
    OUT PULONG BytesReturned
    );


    Note: For using ObQueryNameString function.

    Make sure that you pass sufficient size buffer.

    e.g

    char Buffer[1024];
    NTSTATUS rc;
    ULONG BytesReturned;
    POBJECT_NAME_INFO pObjectNameBuffer;

    pObjectNameBuffer=(POBJECT_NAME_INFO)Buffer;
    rc=ObQueryNameString(pObject,
    pObjectNameBuffer,
    sizeof(Buffer),
    &BytesReturned);

    If the size of the buffer is insufficient, the
    function will
    return STATUS_INFO_LENGTH_MISMATCH and BytesReturned
    will
    contain size of the buffer required to hold the name.
    You
    can pass pObjectNameBufferSize value of 0 to find out
    the
    buffer size requirements dynamically.

    Alternatively, if you have handle to the object
    instead of
    pointer to object, you can use NtQueryObject function
    with
    information class 1.

    -Prasad



    --- Ratmil Torres Vargas <[email protected]>
    wrote:
    > To get object Name, somebody told me to use
    > ObQueryNameString, but I
    > couldn't link my driver to that function and to get
    > drive letter you could
    > use ZwOpenSymbolicLinkObject and
    > ZwQuerySymbolicLinkObject, but I
    > couldn't link link to them neither. So by this way I
    > am asking whether
    > somebody knows why I can't link to this functions?
    >
    >
    > On Mon, 15 May 2000 [email protected] wrote:
    >
    > > I use a Rajeev Nagar's like Filter and in
    > SFilterAttachTarget I want to get
    > > the drive letter (if possible ) which corresponds
    > to
    > > PtrTargetDeviceObject.How can I do that?(In fact
    > how can I obtain a name
    > > for a DEVICE_OBJECT?I use IoGetDeviceObjectPointer
    > but it beheave
    > > strange.Do u know other ways?)
    > >
    > > ---
    > > You are currently subscribed to ntfsd as:
    > [email protected]
    > > To unsubscribe send a blank email to
    > $subst('Email.Unsub')
    > >
    >
    >
    >
    > ---
    > You are currently subscribed to ntfsd as:
    > [email protected]
    > To unsubscribe send a blank email to
    > $subst('Email.Unsub')
    >


    =====
    Prasad S. Dabak
    Director of Engineering, Windows NT/2000 Division
    Cybermedia Software Private Limited
    http://www.cybermedia.co.in
    Co-author of the book "Undocumented Windows NT"
    ISBN 0764545698

    __________________________________________________
    Do You Yahoo!?
    Send instant messages & get email alerts with Yahoo! Messenger.
    http://im.yahoo.com/
    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Internals & Software Drivers 25 Jan 2021 LIVE ONLINE
Developing Minifilters 8 March 2021 LIVE ONLINE

Categories