Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Sept/Oct 2019 Issue of The NT Insider available


Download PDF here: http://insider.osr.com/2019/ntinsider_2019_01.pdf

It’s a particularly BIG issue, too: 40 pages of technical goodness, ranging from WDF to Minifilters. Check it out.
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

How to use FltCreateFileEx open physical Disk

Jehoshua_JJehoshua_J Member Posts: 5
edited August 27 in NTFSD

i want to open physical disk to read MBR form and write something in here.But this disk have minifilter so i decide use FltCreateFile to open this disk. But i try use \\.\PhysicalDrive1 to path parameter the return status is STATUS_OBJECT_NAME_INVALID,and i try to use \??\PhysicalDrive1 or "\Device\Harddisk1\DR2" the return status is STATUS_INVALID_DEVICE_OBJECT_PARAMETER .could you help me
my code is here .When i set bypassThreadID and use zwcreateFile i can open the phydisk

` g_dwBypassThreadID = PsGetCurrentThreadId();
InitializeObjectAttributes(&oa, &pInstanceContext->ustrPhyDeviceName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, 0, 0);
ntStatus = ZwCreateFile(&hFileHandle, GENERIC_READ | GENERIC_WRITE, &oa, &IoStatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
g_dwBypassThreadID = 0;
if (STATUS_SUCCESS != ntStatus)
{
break;
}
if (hFileHandle != NULL)
{
ZwClose(hFileHandle);
hFileHandle = NULL;
}

    InitializeObjectAttributes(&oa, &pInstanceContext->ustrPhyDeviceName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, 0, 0);
    ntStatus = FltCreateFileEx(g_pFilterObj, pRetInstance, &hFileHandle, &pFileObject, GENERIC_READ | GENERIC_WRITE, &oa, &IoStatus, NULL, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT | FILE_WRITE_THROUGH | FILE_NO_INTERMEDIATE_BUFFERING, NULL, 0, 0);//
    if (STATUS_SUCCESS != ntStatus)
    {
        break;
    }`

Comments

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,054

    pRetInstance is NULL?

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,054

    The other thing to observe of course is that with the handle being open to the physical device nothing will be going down the file system stack and so it could be said that using FltXXXX operations is inappropriate.

    Just make sure to close FltCreate handles with FltClose and Zw handles with NtClose...

  • Jehoshua_JJehoshua_J Member Posts: 5

    @rod_widdowson said:
    pRetInstance is NULL?

    the pRetInstance in not NULL ,but i user volumename such as /??/E: get this instance,so i distrust this is volume instance not physical instance.i think maybe use physical instance can use it

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,054

    Having a filesystem instance when creating a handle to a physical volume makes no sense - they are on different stacks.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE