get devicename of a ntfs partition

Hi all,

This maybe is dump question, however if I get all the device objects that
are created by NTFS driver, how do I get the devicename like
\Device\Harddisk0\Partition0 ?
Do I need to enumerate \Device ? Or is there better solution ?

Thanks,

Jack(Wei-Chi) Cheng
Lexis-Nexis DCE Support Team
email: xxxxx@lexis-nexis.com
phone: 937-8656800 x 4028

> \Device\Harddisk0\Partition0 ?

Do I need to enumerate \Device ? Or is there better solution ?

AFAIK there was a documented Win32 function QueryDosDevice.

Max

Yes, I am aware of that function. In that case, I need to have an user
service to do the translation for the filter driver.

Thanks,

Jack

-----Original Message-----
From: Maxim S. Shatskih [SMTP:xxxxx@storagecraft.com]
Sent: Thursday, March 09, 2000 7:55 AM
To: File Systems Developers
Subject: [ntfsd] Re: get devicename of a ntfs partition

> \Device\Harddisk0\Partition0 ?
> Do I need to enumerate \Device ? Or is there better solution ?

AFAIK there was a documented Win32 function QueryDosDevice.

Max


You are currently subscribed to ntfsd as: xxxxx@lexis-nexis.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

No you don’t need that. Use ZwQuerySymbolicLinkObject ( see ddk docs)

Yes, I am aware of that function. In that case, I need to have an user
service to do the translation for the filter driver.

Thanks,

Jack

> -----Original Message-----
> From: Maxim S. Shatskih [SMTP:xxxxx@storagecraft.com]
> Sent: Thursday, March 09, 2000 7:55 AM
> To: File Systems Developers
> Subject: [ntfsd] Re: get devicename of a ntfs partition
>
> > \Device\Harddisk0\Partition0 ?
> > Do I need to enumerate \Device ? Or is there better solution ?
>
> AFAIK there was a documented Win32 function QueryDosDevice.
>
> Max
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@lexis-nexis.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)


You are currently subscribed to ntfsd as: xxxxx@Legato.COM
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

I do manage to find the usage of this call in the archive even though it is
not really documented ! In this regard, can anyone gives some hints on how
to figure out the parameters myself. I got some useful suggestions on my
previous email about named kernel objects. However, I did not know how to
get the correct parameters of those undocumented or unexported calls. I
guess I will be a less nuisance if I know how :slight_smile:

Thanks for the patience with me !

Jack

-----Original Message-----
From: Pashupati Kumar [SMTP:xxxxx@Legato.COM]
Sent: Thursday, March 09, 2000 10:57 AM
To: File Systems Developers
Subject: [ntfsd] Re: get devicename of a ntfs partition

No you don’t need that. Use ZwQuerySymbolicLinkObject ( see ddk docs)

> Yes, I am aware of that function. In that case, I need to have an user
> service to do the translation for the filter driver.
>
> Thanks,
>
> Jack
>
> > -----Original Message-----
> > From: Maxim S. Shatskih [SMTP:xxxxx@storagecraft.com]
> > Sent: Thursday, March 09, 2000 7:55 AM
> > To: File Systems Developers
> > Subject: [ntfsd] Re: get devicename of a ntfs partition
> >
> > > \Device\Harddisk0\Partition0 ?
> > > Do I need to enumerate \Device ? Or is there better solution ?
> >
> > AFAIK there was a documented Win32 function QueryDosDevice.
> >
> > Max
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@lexis-nexis.com
> > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
> —
> You are currently subscribed to ntfsd as: xxxxx@Legato.COM
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)


You are currently subscribed to ntfsd as: xxxxx@lexis-nexis.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

ZwQuerySymbolicLinkObject is documented. We didn’t manage to get it into the
NT4 DDK docs, but it is in the Windows 2000 DDK docs. Here’s a direct link:
http://www.microsoft.com/ddk/ddkdocs/win2k/k111_2rle.htm.

–Diane

-----Original Message-----
From: CHENG, WEI CHI (LNG) [mailto:xxxxx@lexis-nexis.com]
Sent: Thursday, March 09, 2000 8:47 AM
To: File Systems Developers
Subject: [ntfsd] Re: get devicename of a ntfs partition

I do manage to find the usage of this call in the archive even though it is
not really documented ! In this regard, can anyone gives some hints on how
to figure out the parameters myself. I got some useful suggestions on my
previous email about named kernel objects. However, I did not know how to
get the correct parameters of those undocumented or unexported calls. I
guess I will be a less nuisance if I know how :slight_smile:

Thanks for the patience with me !

Jack

-----Original Message-----
From: Pashupati Kumar [SMTP:xxxxx@Legato.COM]
Sent: Thursday, March 09, 2000 10:57 AM
To: File Systems Developers
Subject: [ntfsd] Re: get devicename of a ntfs partition

No you don’t need that. Use ZwQuerySymbolicLinkObject ( see ddk docs)

> Yes, I am aware of that function. In that case, I need to have an user
> service to do the translation for the filter driver.
>
> Thanks,
>
> Jack
>
> > -----Original Message-----
> > From: Maxim S. Shatskih [SMTP:xxxxx@storagecraft.com]
> > Sent: Thursday, March 09, 2000 7:55 AM
> > To: File Systems Developers
> > Subject: [ntfsd] Re: get devicename of a ntfs partition
> >
> > > \Device\Harddisk0\Partition0 ?
> > > Do I need to enumerate \Device ? Or is there better solution ?
> >
> > AFAIK there was a documented Win32 function QueryDosDevice.
> >
> > Max
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@lexis-nexis.com
> > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
> —
> You are currently subscribed to ntfsd as: xxxxx@Legato.COM
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)


You are currently subscribed to ntfsd as: xxxxx@lexis-nexis.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)


You are currently subscribed to ntfsd as: xxxxx@exchange.microsoft.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Thanks you all for answering in regard to this ! I did mention that from a
previous post that ask about drive letter, there is a snippet of code that
show the usage. But the document make it more clear.

However, my real question is how do I know the parameters of those
undocumented functions(ObOpenObjectByName, ZwOpenEvent, ZwOpenMutex,
ZwOpenSemaphore)?

I know that I’ve read it somewhere that I should be able to find out how
many parameters. What does it take for you to figure out the actual meaning
of each parameter ?

This is really hard for a first year part-time file system filter novice.

Jack

-----Original Message-----
From: Diane Olsen [SMTP:xxxxx@Exchange.Microsoft.com]
Sent: Thursday, March 09, 2000 1:12 PM
To: File Systems Developers
Subject: [ntfsd] Re: get devicename of a ntfs partition

ZwQuerySymbolicLinkObject is documented. We didn’t manage to get it into
the NT4 DDK docs, but it is in the Windows 2000 DDK docs. Here’s a direct
link:

http:.
>
> --Diane
>
> -----Original Message-----
> From: CHENG, WEI CHI (LNG) [mailto:xxxxx]
> Sent: Thursday, March 09, 2000 8:47 AM
> To: File Systems Developers
> Subject: [ntfsd] Re: get devicename of a ntfs partition
>
>
> I do manage to find the usage of this call in the archive even though it
> is
> not really documented ! In this regard, can anyone gives some hints on how
>
> to figure out the parameters myself. I got some useful suggestions on my
> previous email about named kernel objects. However, I did not know how to
> get the correct parameters of those undocumented or unexported calls. I
> guess I will be a less nuisance if I know how :slight_smile:
>
> Thanks for the patience with me !
>
> Jack
>
> > -----Original Message-----
> > From: Pashupati Kumar [SMTP:xxxxx@Legato.COM]
> > Sent: Thursday, March 09, 2000 10:57 AM
> > To: File Systems Developers
> > Subject: [ntfsd] Re: get devicename of a ntfs partition
> >
> > No you don’t need that. Use ZwQuerySymbolicLinkObject ( see ddk docs)
> >
> >
> >
> > > Yes, I am aware of that function. In that case, I need to have an user
>
> > > service to do the translation for the filter driver.
> > >
> > > Thanks,
> > >
> > > Jack
> > >
> > > > -----Original Message-----
> > > > From: Maxim S. Shatskih [SMTP:xxxxx@storagecraft.com]
> > > > Sent: Thursday, March 09, 2000 7:55 AM
> > > > To: File Systems Developers
> > > > Subject: [ntfsd] Re: get devicename of a ntfs partition
> > > >
> > > > > \Device\Harddisk0\Partition0 ?
> > > > > Do I need to enumerate \Device ? Or is there better solution ?
> > > >
> > > > AFAIK there was a documented Win32 function QueryDosDevice.
> > > >
> > > > Max
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as:
> xxxxx@lexis-nexis.com
> > > > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
> > >
> > > —
> > > You are currently subscribed to ntfsd as: xxxxx@Legato.COM
> > > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@lexis-nexis.com
> > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
> —
> You are currently subscribed to ntfsd as: xxxxx@exchange.microsoft.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
></mailto:xxxxx></http:>

The undocumented functions such as ZwOpenEvent,ZwOpenMutex and
ZwOpenSemaphore are documented in a book “UnDocumented Windows NT” by Prasad
dabak,Sandeep Phadke and milind Borate.See the Section Appendix A where you
can find the information about these functions. They are defined here as
NtXXX calls which are same as ZwXXX calls.

Here are the parameters of these calls.
NTSYSAPI NTSTATUS NtOpenEvent(OUT PHANDLE hEvent,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES
ObjectAttributes);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenMutant(
OUT PHANDLE hMutex,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenSemaphore(
OUT PHANDLE hSemaphore,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);

For details of these parameters refer the above book or the CD-ROM along
with the book.

Thanks
Prakash Bilodi
----- Original Message -----
From: CHENG, WEI CHI (LNG)
To: File Systems Developers
Sent: Friday, March 10, 2000 8:01 AM
Subject: [ntfsd] Re: get devicename of a ntfs partition

> Thanks you all for answering in regard to this ! I did mention that from a
> previous post that ask about drive letter, there is a snippet of code that
> show the usage. But the document make it more clear.
>
> However, my real question is how do I know the parameters of those
> undocumented functions(ObOpenObjectByName, ZwOpenEvent, ZwOpenMutex,
> ZwOpenSemaphore)?
>
> I know that I’ve read it somewhere that I should be able to find out how
> many parameters. What does it take for you to figure out the actual
meaning
> of each parameter ?
>
> This is really hard for a first year part-time file system filter novice.
>
> Jack
>
> > -----Original Message-----
> > From: Diane Olsen [SMTP:xxxxx@Exchange.Microsoft.com]
> > Sent: Thursday, March 09, 2000 1:12 PM
> > To: File Systems Developers
> > Subject: [ntfsd] Re: get devicename of a ntfs partition
> >
> > ZwQuerySymbolicLinkObject is documented. We didn’t manage to get it into
> > the NT4 DDK docs, but it is in the Windows 2000 DDK docs. Here’s a
direct
> > link:
> >
> > http:.
> >
> > --Diane
> >
> > -----Original Message-----
> > From: CHENG, WEI CHI (LNG) [mailto:xxxxx]
> > Sent: Thursday, March 09, 2000 8:47 AM
> > To: File Systems Developers
> > Subject: [ntfsd] Re: get devicename of a ntfs partition
> >
> >
> > I do manage to find the usage of this call in the archive even though it
> > is
> > not really documented ! In this regard, can anyone gives some hints on
how
> >
> > to figure out the parameters myself. I got some useful suggestions on my
> > previous email about named kernel objects. However, I did not know how
to
> > get the correct parameters of those undocumented or unexported calls. I
> > guess I will be a less nuisance if I know how :slight_smile:
> >
> > Thanks for the patience with me !
> >
> > Jack
> >
> > > -----Original Message-----
> > > From: Pashupati Kumar [SMTP:xxxxx@Legato.COM]
> > > Sent: Thursday, March 09, 2000 10:57 AM
> > > To: File Systems Developers
> > > Subject: [ntfsd] Re: get devicename of a ntfs partition
> > >
> > > No you don’t need that. Use ZwQuerySymbolicLinkObject ( see ddk docs)
> > >
> > >
> > >
> > > > Yes, I am aware of that function. In that case, I need to have an
user
> >
> > > > service to do the translation for the filter driver.
> > > >
> > > > Thanks,
> > > >
> > > > Jack
> > > >
> > > > > -----Original Message-----
> > > > > From: Maxim S. Shatskih [SMTP:xxxxx@storagecraft.com]
> > > > > Sent: Thursday, March 09, 2000 7:55 AM
> > > > > To: File Systems Developers
> > > > > Subject: [ntfsd] Re: get devicename of a ntfs partition
> > > > >
> > > > > > \Device\Harddisk0\Partition0 ?
> > > > > > Do I need to enumerate \Device ? Or is there better solution ?
> > > > >
> > > > > AFAIK there was a documented Win32 function QueryDosDevice.
> > > > >
> > > > > Max
> > > > >
> > > > >
> > > > > —
> > > > > You are currently subscribed to ntfsd as:
> > xxxxx@lexis-nexis.com
> > > > > To unsubscribe send a blank email to
$subst(‘Email.Unsub’)
> >
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as: xxxxx@Legato.COM
> > > > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> > >
> > >
> > > —
> > > You are currently subscribed to ntfsd as: xxxxx@lexis-nexis.com
> > > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@exchange.microsoft.com
> > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> >
>
> —
> You are currently subscribed to ntfsd as: xxxxx@interactivesi.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
></mailto:xxxxx></http:>

Thanks, this is exactly what I need ! Book order is placed and should get it
in short time.

Jack

-----Original Message-----
From: Prakash Bilodi [SMTP:xxxxx@interactivesi.com]
Sent: Friday, March 10, 2000 9:43 AM
To: File Systems Developers
Subject: [ntfsd] Re: get devicename of a ntfs partition

The undocumented functions such as ZwOpenEvent,ZwOpenMutex and
ZwOpenSemaphore are documented in a book “UnDocumented Windows NT” by
Prasad
dabak,Sandeep Phadke and milind Borate.See the Section Appendix A where
you
can find the information about these functions. They are defined here as
NtXXX calls which are same as ZwXXX calls.

Here are the parameters of these calls.
NTSYSAPI NTSTATUS NtOpenEvent(OUT PHANDLE hEvent,
IN ACCESS_MASK
DesiredAccess,
IN POBJECT_ATTRIBUTES
ObjectAttributes);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenMutant(
OUT PHANDLE hMutex,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenSemaphore(
OUT PHANDLE hSemaphore,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);

For details of these parameters refer the above book or the CD-ROM along
with the book.

Thanks
Prakash Bilodi
----- Original Message -----
From: CHENG, WEI CHI (LNG)
> To: File Systems Developers
> Sent: Friday, March 10, 2000 8:01 AM
> Subject: [ntfsd] Re: get devicename of a ntfs partition
>
>
> > Thanks you all for answering in regard to this ! I did mention that from
> a
> > previous post that ask about drive letter, there is a snippet of code
> that
> > show the usage. But the document make it more clear.
> >
> > However, my real question is how do I know the parameters of those
> > undocumented functions(ObOpenObjectByName, ZwOpenEvent, ZwOpenMutex,
> > ZwOpenSemaphore)?
> >
> > I know that I’ve read it somewhere that I should be able to find out how
> > many parameters. What does it take for you to figure out the actual
> meaning
> > of each parameter ?
> >
> > This is really hard for a first year part-time file system filter
> novice.
> >
> > Jack
> >
> > > -----Original Message-----
> > > From: Diane Olsen [SMTP:xxxxx@Exchange.Microsoft.com]
> > > Sent: Thursday, March 09, 2000 1:12 PM
> > > To: File Systems Developers
> > > Subject: [ntfsd] Re: get devicename of a ntfs partition
> > >
> > > ZwQuerySymbolicLinkObject is documented. We didn’t manage to get it
> into
> > > the NT4 DDK docs, but it is in the Windows 2000 DDK docs. Here’s a
> direct
> > > link:
> > >
> > > http:.
> > >
> > > --Diane
> > >
> > > -----Original Message-----
> > > From: CHENG, WEI CHI (LNG) [mailto:xxxxx]
> > > Sent: Thursday, March 09, 2000 8:47 AM
> > > To: File Systems Developers
> > > Subject: [ntfsd] Re: get devicename of a ntfs partition
> > >
> > >
> > > I do manage to find the usage of this call in the archive even though
> it
> > > is
> > > not really documented ! In this regard, can anyone gives some hints on
> how
> > >
> > > to figure out the parameters myself. I got some useful suggestions on
> my
> > > previous email about named kernel objects. However, I did not know how
> to
> > > get the correct parameters of those undocumented or unexported calls.
> I
> > > guess I will be a less nuisance if I know how :slight_smile:
> > >
> > > Thanks for the patience with me !
> > >
> > > Jack
> > >
> > > > -----Original Message-----
> > > > From: Pashupati Kumar [SMTP:xxxxx@Legato.COM]
> > > > Sent: Thursday, March 09, 2000 10:57 AM
> > > > To: File Systems Developers
> > > > Subject: [ntfsd] Re: get devicename of a ntfs partition
> > > >
> > > > No you don’t need that. Use ZwQuerySymbolicLinkObject ( see ddk
> docs)
> > > >
> > > >
> > > >
> > > > > Yes, I am aware of that function. In that case, I need to have an
> user
> > >
> > > > > service to do the translation for the filter driver.
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Jack
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Maxim S. Shatskih [SMTP:xxxxx@storagecraft.com]
> > > > > > Sent: Thursday, March 09, 2000 7:55 AM
> > > > > > To: File Systems Developers
> > > > > > Subject: [ntfsd] Re: get devicename of a ntfs partition
> > > > > >
> > > > > > > \Device\Harddisk0\Partition0 ?
> > > > > > > Do I need to enumerate \Device ? Or is there better solution ?
> > > > > >
> > > > > > AFAIK there was a documented Win32 function QueryDosDevice.
> > > > > >
> > > > > > Max
> > > > > >
> > > > > >
> > > > > > —
> > > > > > You are currently subscribed to ntfsd as:
> > > xxxxx@lexis-nexis.com
> > > > > > To unsubscribe send a blank email to
> $subst(‘Email.Unsub’)
> > >
> > > > >
> > > > > —
> > > > > You are currently subscribed to ntfsd as: xxxxx@Legato.COM
> > > > > To unsubscribe send a blank email to
> $subst(‘Email.Unsub’)
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as:
> xxxxx@lexis-nexis.com
> > > > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> > >
> > > —
> > > You are currently subscribed to ntfsd as:
> xxxxx@exchange.microsoft.com
> > > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> > >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@interactivesi.com
> > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> >
> >
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@lexis-nexis.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)</mailto:xxxxx></http:>