Hi:
I’d like to open a directory in my driver with ZwCreateFile(), then get its
contents somehow. Analagous to the iterator method like
FindFirstFile()/FindNextFile().
ZwCreateFile() even has a FILE_LIST_DIRECTORY possible flag in its
DesiredAccess parameter. But I’m stuck on how to list the directory
contents!
Any help will be much appreciated.
Thanks,
Curt
Try to use ZwQueryDirectoryFile routine.
It does all you want to be done.
Paul
-----P?vodn? zpr?va-----
Od: xxxxx@omnishift.com [SMTP:xxxxx@omnishift.com]
Odesl?no: 14. ?ervna 2000 4:37
Komu: File Systems Developers
P?edm?t: [ntfsd] Is there a Zw() routine like FindFirstFile()?Hi:
I’d like to open a directory in my driver with ZwCreateFile(), then get
its contents somehow. Analagous to the iterator method like
FindFirstFile()/FindNextFile().ZwCreateFile() even has a FILE_LIST_DIRECTORY possible flag in its
DesiredAccess parameter. But I’m stuck on how to list the directory
contents!Any help will be much appreciated.
Thanks,
Curt
Is there a Zw() routine like FindFirstFile()?>I’d like to open a directory
in my driver with ZwCreateFile(), then get its
Yes, this is the way - just specify the necessary flag.
As about querying the contents - use NtQueryDirectoryFile.
Max
Pavel Hrdina wrote:
Try to use ZwQueryDirectoryFile routine.
It does all you want to be done.
and Maxim Shatskih wrote:
As about querying the contents - use NtQueryDirectoryFile.
and thank you for the replies. However, I see no word about either of these
routines in the Win2000 DDK documentation, or the header files in the DDK,
or the header files in my VC++ directory.
I forgot to mention that I’m needing this for Win2000, if that makes any
difference.
Further advice would be most welcome!
Thanks,
Curt
Curt:
If you want to go “documented” way then you will have to:
Enjoy 
Vladimir
-----Original Message-----
From: xxxxx@omnishift.com [mailto:xxxxx@omnishift.com]
Sent: Wednesday, June 14, 2000 10:04 AM
To: File Systems Developers
Subject: [ntfsd] RE: Is there a Zw() routine like FindFirstFile()?
Pavel Hrdina wrote:
Try to use ZwQueryDirectoryFile routine.
It does all you want to be done.
and Maxim Shatskih wrote:
As about querying the contents - use NtQueryDirectoryFile.
and thank you for the replies. However, I see no word about either of these
routines in the Win2000 DDK documentation, or the header files in the DDK,
or the header files in my VC++ directory.
I forgot to mention that I’m needing this for Win2000, if that makes any
difference.
Further advice would be most welcome!
Thanks,
Curt
I think use of Nt(Zw)QueryDirectoryFile is correct because
I don’t see any reason to change the definition of this function
in next NT/2000 releases. If somebody wants to do this I think
he is STUPID.
Here is the prototype of the desired routine:
NTSYSAPI
NTSTATUS
NTAPI
NtQueryDirectoryFile (
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartScan
);
You can use either Nt or Zw variant. From some system thread
I recommend Nt variant while from use thread the Zw is better (you
do not need take care of previous mode)
Paul
-----P?vodn? zpr?va-----
Od: xxxxx@omnishift.com [SMTP:xxxxx@omnishift.com]
Odesl?no: 14. ?ervna 2000 17:04
Komu: File Systems Developers
P?edm?t: [ntfsd] RE: Is there a Zw() routine like FindFirstFile()?Pavel Hrdina wrote:
> Try to use ZwQueryDirectoryFile routine.
> It does all you want to be done.and Maxim Shatskih wrote:
> As about querying the contents - use NtQueryDirectoryFile.
and thank you for the replies. However, I see no word about either of
these routines in the Win2000 DDK documentation, or the header files in
the DDK, or the header files in my VC++ directory.I forgot to mention that I’m needing this for Win2000, if that makes any
difference.Further advice would be most welcome!
Thanks,
Curt
I think this is not needed (unneccesarily complicated).
Steps 2-6 (without closing the handle) are done inside
Nt(Zw)QueryDirectoryFile in some better way.
Paul
-----P?vodn? zpr?va-----
Od: Chtchetkine, Vladimir [SMTP:xxxxx@Starbase.com]
Odesl?no: 14. ?ervna 2000 17:24
Komu: File Systems Developers
Kopie: ‘xxxxx@omnishift.com’
P?edm?t: [ntfsd] RE: Is there a Zw() routine like FindFirstFile()?Curt:
If you want to go “documented” way then you will have to:
- Open the directory via ZwCreateFile
- Get FILE_OBJECT from the handle (via ObReferenceObjectByHandle)
- Get corresponded file system device object (I’m using
IoGetRelatedDeviceObject)- Build your own IRP_MJ_DIRECTORY_CONTROL / IRP_MN_QUERY_DIRECTORY
(I use IoBuildSynchronousFsdRequest( IRP_MJ_FLUSH_BUFFERS,…)) as a
“starter” and then override necessary fields).- Pass the IRP to the device from step 3.
- After you are done: dereference dir’s FILE_OBJECT (via
ObDereferenceObject) and close dir’s handle.Enjoy
Vladimir
-----Original Message-----
From: xxxxx@omnishift.com
[mailto:xxxxx@omnishift.com]
Sent: Wednesday, June 14, 2000 10:04 AM
To: File Systems Developers
Subject: [ntfsd] RE: Is there a Zw() routine like FindFirstFile()?Pavel Hrdina wrote:
> Try to use ZwQueryDirectoryFile routine.
> It does all you want to be done.and Maxim Shatskih wrote:
> As about querying the contents - use NtQueryDirectoryFile.
and thank you for the replies. However, I see no word about either
of these routines in the Win2000 DDK documentation, or the header files in
the DDK, or the header files in my VC++ directory.I forgot to mention that I’m needing this for Win2000, if that makes
any difference.Further advice would be most welcome!
Thanks,
Curt
The majority of the undocumented functions have not changed since NT 3.1.
-----Original Message-----
From: Pavel Hrdina [mailto:xxxxx@sodatsw.cz]
Sent: Wednesday, June 14, 2000 11:27 AM
To: File Systems Developers
Subject: [ntfsd] RE: Is there a Zw() routine like FindFirstFile()?I think use of Nt(Zw)QueryDirectoryFile is correct because
I don’t see any reason to change the definition of this function
in next NT/2000 releases. If somebody wants to do this I think
he is STUPID.Here is the prototype of the desired routine:
NTSYSAPI
NTSTATUS
NTAPI
NtQueryDirectoryFile (
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartScan
);You can use either Nt or Zw variant. From some system thread
I recommend Nt variant while from use thread the Zw is better (you
do not need take care of previous mode)Paul
> -----P?vodn? zpr?va-----
> Od: xxxxx@omnishift.com
[SMTP:xxxxx@omnishift.com]
> Odesl?no: 14. ?ervna 2000 17:04
> Komu: File Systems Developers
> P?edm?t: [ntfsd] RE: Is there a Zw() routine like
FindFirstFile()?
>
> Pavel Hrdina wrote:
>
> > Try to use ZwQueryDirectoryFile routine.
> > It does all you want to be done.
>
> and Maxim Shatskih wrote:
>
> > As about querying the contents - use NtQueryDirectoryFile.
>
> and thank you for the replies. However, I see no word
about either of
> these routines in the Win2000 DDK documentation, or the
header files in
> the DDK, or the header files in my VC++ directory.
>
> I forgot to mention that I’m needing this for Win2000, if
that makes any
> difference.
>
> Further advice would be most welcome!
>
> Thanks,
> Curt
>
You are currently subscribed to ntfsd as: xxxxx@nsisw.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)
Pavel:
Despite the fact that changing Nt(Zw)QueryDirectoryFile’s interface is a
“stupid idea”
it’s still undocumented and it seemed to me that Curt has asked about more
“legal” approach.
Regards,
Vladimir
-----Original Message-----
From: Pavel Hrdina [mailto:xxxxx@sodatsw.cz]
Sent: Wednesday, June 14, 2000 11:32 AM
To: File Systems Developers
Subject: [ntfsd] RE: Is there a Zw() routine like FindFirstFile()?
I think this is not needed (unneccesarily complicated).
Steps 2-6 (without closing the handle) are done inside
Nt(Zw)QueryDirectoryFile in some better way.
Paul
-----P?vodn? zpr?va-----
Od: Chtchetkine, Vladimir [SMTP:xxxxx@Starbase.com]
Odesl?no: 14. ?ervna 2000 17:24
Komu: File Systems Developers
Kopie: ‘xxxxx@omnishift.com’
P?edm?t: [ntfsd] RE: Is there a Zw() routine like FindFirstFile()?Curt:
If you want to go “documented” way then you will have to:
- Open the directory via ZwCreateFile
- Get FILE_OBJECT from the handle (via ObReferenceObjectByHandle)
- Get corresponded file system device object (I’m using
IoGetRelatedDeviceObject)- Build your own IRP_MJ_DIRECTORY_CONTROL / IRP_MN_QUERY_DIRECTORY
(I use IoBuildSynchronousFsdRequest( IRP_MJ_FLUSH_BUFFERS,…)) as a
“starter” and then override necessary fields).- Pass the IRP to the device from step 3.
- After you are done: dereference dir’s FILE_OBJECT (via
ObDereferenceObject) and close dir’s handle.Enjoy
Vladimir
-----Original Message-----
From: xxxxx@omnishift.com
[mailto:xxxxx@omnishift.com]
Sent: Wednesday, June 14, 2000 10:04 AM
To: File Systems Developers
Subject: [ntfsd] RE: Is there a Zw() routine like FindFirstFile()?Pavel Hrdina wrote:
> Try to use ZwQueryDirectoryFile routine.
> It does all you want to be done.and Maxim Shatskih wrote:
> As about querying the contents - use NtQueryDirectoryFile.
and thank you for the replies. However, I see no word about either
of these routines in the Win2000 DDK documentation, or the header files in
the DDK, or the header files in my VC++ directory.I forgot to mention that I’m needing this for Win2000, if that makes
any difference.Further advice would be most welcome!
Thanks,
Curt
You are currently subscribed to ntfsd as: xxxxx@Starbase.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)
RE: [ntfsd] RE: Is there a Zw() routine like FindFirstFile()?> As about
querying the contents - use NtQueryDirectoryFile.
and thank you for the replies. However, I see no word about either of
these
routines in the Win2000 DDK documentation, or the header files in the
NTSTATUS
ZwQueryDirectoryFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartScan
);
Try to step in kernel32!FindFirstFile with the debugger to determine the
correct way of calling it.
Max