What is the meaning of VPB->RealDevice and VPB->DeviceObject of the \\SystemRoot?

Hello everyone, i am not really familiar with this VPB structure in the FILE_OBJECT structure, i was reading some sample codes and saw a code use the RealDevice and DeviceObject of the Vpb structure of the \systemroot’s FILE_OBJECT, these are my questions :

  1. What is the difference between the DeviceObject of the systemroot’s file_object vs file_object->vpb->DeviceObject?
  2. What is the RealDevice, and why the named it “Real Device” ? as if the other device objects are fake or something?
  3. What are the use cases of using vpb->RealDevice and vpb->DeviceObject?

Read the docs.

The VPB links a file system device instance to a volume device instance, because the basic PnP parent- child relationship doesn’t adequately handle this. The DeviceObject field of the VPB points to the Device Object for the file system. The RealDevice field points to the Device Object for Volume (disk). It how you can know “which file system is mounted on this device” and “which device is associated with this file system”… easy, right?

Peter

@“Peter_Viscarola_(OSR)” said:
Read the docs.

The VPB links a file system device instance to a volume device instance, excuse the basic PnP parent- child relationship doesn’t adequately handle this. The DeviceObject field of the VPB points to the Device Object for the file system. The RealDevice field points to the Device Object for Volume (disk).

Peter

Thank you for taking the time to respond, one more question i forgot to ask :

What is the difference between file_object->device_object->vpb vs file_object->vpb
and between file_object->device_object->vpb->RealDevice vs file_object->vpb->RealDevice
(both regarding the systemroot file_objects)

What you’re asking, in essence, is “Which Device Object does the File Object point to?”

The answer is: The Device Object to which the Create that instantiated the File Object was directed.

And… keep in mind that for each I/O operation, the I/O Manager will start the Request with the Device Object at the top of the device stack (devnode) of the Device Object to which the File Object points.

Spend some time in the debugger… you can see all this quite clearly.

Peter