I've recently met a scenario where I'm trying to open a file for reading from a mapped shared directory (
FltGetFileNameInformation/Unsafe (depending on whether I'm in a filesystem callback, or a loadimage / createprocess callback) to get the file name, and open it for some processing inside the kernel driver.
I see a difference depending on whether I'm using FLT_FILE_NAME_OPENED or FLT_FILE_NAME_NORMALIZED.
Using FLT_FILE_NAME_OPENED gets me
\device\mup\;LanmanRedirector\;Z:(LUID)\share\folder\file and then FltCreateFile with the Mup Instance works ok.
Using FLT_FILE_NAME_NORMALIZED gets me
\device\mup\share\folder\file and then FltCreateFile with the Mup Instance fails with
This does not seem to be a permissions issue, since
1. I'm in the context of the process that has access the file in question, and when I'm not, I'm impersonating correctly
2. the error is NOT ACCESS_DENIED /STATUS_LOGON_FAILURE
Anyone cares to help me figure out what's up?
I've ran previous tests by accessing a remote folder directly, without mapping it, and had no issues accessing the normalized paths.
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Developing Minifilters||29 July 2019||OSR Seminar Space|
|Writing WDF Drivers||23 Sept 2019||OSR Seminar Space|
|Kernel Debugging||21 Oct 2019||OSR Seminar Space|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|