Is there a means to reliably determine the system root and/or boot volume in DriverEntry() in a boot start driver?
Our driver currently determines the boot volume using FltGetVolumeFromName("\SystemRoot"), and then using FltGetVolumeName() on the volume that is returned. That method doesn't work for a boot start driver. I figure if I can get the driver's image name, that I will have what I need, but I haven't found a way to get that.
I tried the registry entry for the service, but it has a string value, ImagePath, that gives only "system32\DRIVERS\mydriver.sys", less the actual system root.
I tried ObQueryNameString() on the DriverObject, but it returns "\FileSystem\mydriver"
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Developing Minifilters||29 July 2019||OSR Seminar Space|
|Writing WDF Drivers||23 Sept 2019||OSR Seminar Space|
|Kernel Debugging||21 Oct 2019||OSR Seminar Space|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|