I’m not able to open/create a CLFS log file using ClfsCreateLogFile because it is failing with an object path not found error (0xC000003A). The documentation makes it look simple; you specify “log:” or “log::” followed by the physical log file path and name. In my case, I’m creating a dedicated log so I’m using “log:”. I then give the path and name for the log.
In my case, I’m creating a log named “MyDrvLg” in C:\ so the log file name would be: “log:c:\MyDrvLg” but that’s failing with the error mentioned. I tried some combinations but they either fail with the object path not found or an invalid parameter error. Here are some variations I’ve tried with no luck:
Does anyone know exactly what CLFS is looking for? Again, the docs make it sound pretty simple but I’m just missing some finesse, at least, I’m assuming that.
I’ve never called it myself so I opened WinDbg and set a breakpoint on nt!ClfsCreateLogFile. From the function prototype the path is in the second argument, which is in RDX on my x64 target. Here are the formats I see for successful calls:
Looks to me like the example paths in the ClfsCreateLogFile documentation are user mode examples (i.e. they’re missing the starting ??).
Can’t help but note that I suspect you’ll be one of very few people to ever call this API outside of Microsoft. Not saying that’s a bad thing, but just a heads up
Thanks very much Scott! Yeah, the docs are obviously written for user-mode. From my experimentation, I did try "??" and also “\Device\HarddiskVolumeNnn” (where ‘Nnn’ is the number of the volume for the log) but I didn’t put them both together correctly.
