I am trying to use ZwQueryVolumeInformation to gather information on a volume. To get the handle required to pass into ZwQueryVolumeInformation, I am calling ZwOpenFile with FILE_NON_DIRECTORY_FILE. Here is my code exerpt:
PHANDLE handle = NULL;
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iosb;
NTSTATUS status;
InitializeObjectAttribute(&objectAttributes, &gVolumePath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
status = ZwOpenFile(handle, FILE_GENERIC_READ, &objectAttributes, &iosb, FILE_SHARE_READ, FILE_NON_DIRECTORY_FILE);
…
gVolumePath is a UNICODE_STRING “Mup” (the object name of the mapped drive I am trying to query
The status comes back as -1073741767 (Object Path Component was not a directory object). I am not entirely sure why I am getting this error since I am using FILE_NON_DIRECTORY_FILE.