Hello,
I use the following to list the content of a directory in kernel mode and if has worked for me until now.
here is the code that does it.
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
RtlInitUnicodeString(&szFileName, directoryName);
InitializeObjectAttributes(&Oa,
&szFileName,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL);
status= ZwCreateFile(&hFile,
GENERIC_READ,
&Oa,
&Iosb,
0,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ, FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
if (!NT_SUCCESS(status))
{
return status;
}
pfbInfo = ExAllocatePoolWithTag(PagedPool, uSize, DIR_LIST_TAG);
if (pfbInfo == NULL)
{
ZwClose(hFile);
return STATUS_NO_MEMORY;
}
while (TRUE)
{
_retry:
RtlZeroMemory(pfbInfo, uSize);
status= ZwQueryDirectoryFile(hFile,
0,
NULL,
NULL,
&Iosb,
pfbInfo,
uSize,
FileBothDirectoryInformation,
FALSE,
NULL,
bIReStart);
if (STATUS_BUFFER_OVERFLOW == status)
{
ExFreePoolWithTag(pfbInfo, DIR_LIST_TAG);
uSize = uSize * 2;
pfbInfo = ExAllocatePoolWithTag(PagedPool, uSize, DIR_LIST_TAG);
if (pfbInfo == NULL)
{
ZwClose(hFile);
return STATUS_NO_MEMORY;
}
goto _retry;
}
else if (STATUS_NO_MORE_FILES == status)
{
ExFreePoolWithTag(pfbInfo, DIR_LIST_TAG);
ZwClose(hFile);
return STATUS_SUCCESS;
}
else if (STATUS_SUCCESS != status)
{
ExFreePoolWithTag(pfbInfo, DIR_LIST_TAG);
ZwClose(hFile);
return status;
}
if (bReStart)
{
bReStart= FALSE;
}
while (TRUE)
{
WCHAR *aux;
WCHAR * objectFileName = ExAllocatePoolWithTag(PagedPool, (pfbInfo->FileNameLength + sizeof(UNICODE_NULL)), DIR_LIST_TAG);
if (objectFileName )
{
RtlZeroMemory(objectFileName , (pfbInfo->FileNameLength + sizeof(WCHAR)));
RtlCopyMemory(objectFileName , pfbInfo->FileName, pfbInfo->FileNameLength);
…print objectFileName here…
ExFreePoolWithTag(objectFileName , DIR_LIST_TAG);
}
if (pfbInfo->NextEntryOffset == 0)
{
break;
}
pfbInfo += pfbInfo->NextEntryOffset;
}
}
ZwClose(hFile);
ExFreePoolWithTag(pfbInfo, DIR_LIST_TAG);
return status;
}
Hope this helps.