Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Volume open in kernel mode ?

Mark_S._EdwardsMark_S._Edwards Member Posts: 475
I'm a bit embarrassed on this one, I feel I should know the answer but I
can't find it anywhere.

I want to use ZwCreateFile() to open the volume of a drive in kernel
mode. No matter what I try, I can't get the right string to describe the path.

In user mode with CreateFile() I would simply use "\\\\.\\D:".

In kernel mode, I know the name of the device object associated with "D:"
so how do I construct a string to do the above ?

Everything I have tried that doesn't generate an error always ends up
opening the root directory coz the filename passed in IRP_MJ_CREATE is "\"
no matter that I don't have a trailing '\' in my path.

TIA,

Mark

Comments

  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    \\??\\d:



    > -----Original Message-----
    > From: [email protected]
    > [mailto:[email protected]]On Behalf Of Mark S. Edwards
    > Sent: Friday, February 25, 2000 10:05 AM
    > To: File Systems Developers Interest List
    > Subject: [ntfsd] Volume open in kernel mode ?
    >
    >
    > I'm a bit embarrassed on this one, I feel I should know the answer but I
    > can't find it anywhere.
    >
    > I want to use ZwCreateFile() to open the volume of a drive in kernel
    > mode. No matter what I try, I can't get the right string to
    > describe the path.
    >
    > In user mode with CreateFile() I would simply use "\\\\.\\D:".
    >
    > In kernel mode, I know the name of the device object associated with "D:"
    > so how do I construct a string to do the above ?
    >
    > Everything I have tried that doesn't generate an error always ends up
    > opening the root directory coz the filename passed in
    > IRP_MJ_CREATE is "\"
    > no matter that I don't have a trailing '\' in my path.
    >
    > TIA,
    >
    > Mark
    >
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    >
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Well if you know the device Object represnting your
    Drive, then there should be no problem.
    If u want to open say D:\foo.
    Then u can check the value u want to substitute by
    seeing the Objdir.
    Type this command at the Command Prompt and u will see
    Object Manager Directory contents.
    Now if u want to open say D:, then u can see the
    symbolic link.
    and that's it.
    I would be like this
    L"\\Device\\HardDisk0\\Partition0";
    Hope it helps.
    Gurpreet

    --- "Mark S. Edwards" <[email protected]> wrote:
    > I'm a bit embarrassed on this one, I feel I should
    > know the answer but I
    > can't find it anywhere.
    >
    > I want to use ZwCreateFile() to open the volume of a
    > drive in kernel
    > mode. No matter what I try, I can't get the right
    > string to describe the path.
    >
    > In user mode with CreateFile() I would simply use
    > "\\\\.\\D:".
    >
    > In kernel mode, I know the name of the device object
    > associated with "D:"
    > so how do I construct a string to do the above ?
    >
    > Everything I have tried that doesn't generate an
    > error always ends up
    > opening the root directory coz the filename passed
    > in IRP_MJ_CREATE is "\"
    > no matter that I don't have a trailing '\' in my
    > path.
    >
    > TIA,
    >
    > Mark
    >
    >
    > ---
    > You are currently subscribed to ntfsd as:
    > [email protected]
    > To unsubscribe send a blank email to
    > $subst('Email.Unsub')
    >
    >
    __________________________________________________
    Do You Yahoo!?
    Talk to your friends online with Yahoo! Messenger.
    http://im.yahoo.com
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    > Well if you know the device Object represnting your
    > Drive, then there should be no problem.
    > If u want to open say D:\foo.

    Open \??\D:

    Max
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    I am not pretty sure is it not the Object Manager that
    adds \??\ to D:\foo

    --- "Maxim S. Shatskih" <[email protected]>
    wrote:
    > > Well if you know the device Object represnting
    > your
    > > Drive, then there should be no problem.
    > > If u want to open say D:\foo.
    >
    > Open \??\D:
    >
    > Max
    >
    >
    > ---
    > You are currently subscribed to ntfsd as:
    > [email protected]
    > To unsubscribe send a blank email to
    > $subst('Email.Unsub')
    >
    >
    __________________________________________________
    Do You Yahoo!?
    Talk to your friends online with Yahoo! Messenger.
    http://im.yahoo.com
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    You must addd \??

    > -----Original Message-----
    > From: [email protected]
    > [mailto:[email protected]]On Behalf Of Gurpreet Anand
    > Sent: Saturday, February 26, 2000 11:08 AM
    > To: File Systems Developers Interest List
    > Subject: [ntfsd] Re: Volume open in kernel mode ?
    >
    >
    > I am not pretty sure is it not the Object Manager that
    > adds \??\ to D:\foo
    >
    > --- "Maxim S. Shatskih" <[email protected]>
    > wrote:
    > > > Well if you know the device Object represnting
    > > your
    > > > Drive, then there should be no problem.
    > > > If u want to open say D:\foo.
    > >
    > > Open \??\D:
    > >
    > > Max
    > >
    > >
    > > ---
    > > You are currently subscribed to ntfsd as:
    > > [email protected]
    > > To unsubscribe send a blank email to
    > > $subst('Email.Unsub')
    > >
    > >
    > __________________________________________________
    > Do You Yahoo!?
    > Talk to your friends online with Yahoo! Messenger.
    > http://im.yahoo.com
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    >
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Win32 subsystem adds \??\.

    -----Original Message-----
    From: Gurpreet Anand [SMTP:[email protected]]
    Sent: Sunday, February 27, 2000 12:38 AM
    To: File Systems Developers Interest List
    Subject: [ntfsd] Re: Volume open in kernel mode ?

    I am not pretty sure is it not the Object Manager that
    adds \??\ to D:\foo

    --- "Maxim S. Shatskih" <[email protected]>
    wrote:
    > > Well if you know the device Object represnting
    > your
    > > Drive, then there should be no problem.
    > > If u want to open say D:\foo.
    >
    > Open \??\D:
    >
    > Max
    >
    >
    > ---
    > You are currently subscribed to ntfsd as:
    > [email protected]
    > To unsubscribe send a blank email to
    > $subst('Email.Unsub')
    >
    >
    __________________________________________________
    Do You Yahoo!?
    Talk to your friends online with Yahoo! Messenger.
    http://im.yahoo.com

    ---
    You are currently subscribed to ntfsd as: [email protected]
    To unsubscribe send a blank email to $subst('Email.Unsub')
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Yeah I got it.
    Thanks for correcting me.

    --- "Sajeev.S" <[email protected]> wrote:
    > Win32 subsystem adds \??\.
    >
    > -----Original Message-----
    > From: Gurpreet Anand
    > [SMTP:[email protected]]
    > Sent: Sunday, February 27, 2000 12:38 AM
    > To: File Systems Developers Interest List
    > Subject: [ntfsd] Re: Volume open in kernel mode ?
    >
    > I am not pretty sure is it not the Object Manager
    > that
    > adds \??\ to D:\foo
    >
    > --- "Maxim S. Shatskih" <[email protected]>
    > wrote:
    > > > Well if you know the device Object represnting
    > > your
    > > > Drive, then there should be no problem.
    > > > If u want to open say D:\foo.
    > >
    > > Open \??\D:
    > >
    > > Max
    > >
    > >
    > > ---
    > > You are currently subscribed to ntfsd as:
    > > [email protected]
    > > To unsubscribe send a blank email to
    > > $subst('Email.Unsub')
    > >
    > >
    > __________________________________________________
    > Do You Yahoo!?
    > Talk to your friends online with Yahoo! Messenger.
    > http://im.yahoo.com
    >
    > ---
    > You are currently subscribed to ntfsd as:
    > [email protected]
    > To unsubscribe send a blank email to
    > $subst('Email.Unsub')
    >
    > ---
    > You are currently subscribed to ntfsd as:
    > [email protected]
    > To unsubscribe send a blank email to
    > $subst('Email.Unsub')
    >
    >
    __________________________________________________
    Do You Yahoo!?
    Talk to your friends online with Yahoo! Messenger.
    http://im.yahoo.com
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 20 Apr 2020 LIVE ONLINE
Writing WDF Drivers 11 May 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA