Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


get devicename of a ntfs partition

OSR_Community_UserOSR_Community_User Member Posts: 110,217
in NTFSD
Hi all,

This maybe is dump question, however if I get all the device objects that
are created by NTFS driver, how do I get the devicename like
\Device\Harddisk0\Partition0 ?
Do I need to enumerate \Device ? Or is there better solution ?

Thanks,

Jack(Wei-Chi) Cheng
Lexis-Nexis DCE Support Team
email: [email protected]
phone: 937-8656800 x 4028
· Share on Facebook

Comments

  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    > \Device\Harddisk0\Partition0 ?
    > Do I need to enumerate \Device ? Or is there better solution ?

    AFAIK there was a documented Win32 function QueryDosDevice.

    Max
    · Share on Facebook
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Yes, I am aware of that function. In that case, I need to have an user
    service to do the translation for the filter driver.

    Thanks,

    Jack

    > -----Original Message-----
    > From: Maxim S. Shatskih [SMTP:[email protected]]
    > Sent: Thursday, March 09, 2000 7:55 AM
    > To: File Systems Developers
    > Subject: [ntfsd] Re: get devicename of a ntfs partition
    >
    > > \Device\Harddisk0\Partition0 ?
    > > Do I need to enumerate \Device ? Or is there better solution ?
    >
    > AFAIK there was a documented Win32 function QueryDosDevice.
    >
    > Max
    >
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
    · Share on Facebook
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    No you don't need that. Use ZwQuerySymbolicLinkObject ( see ddk docs)



    > Yes, I am aware of that function. In that case, I need to have an user
    > service to do the translation for the filter driver.
    >
    > Thanks,
    >
    > Jack
    >
    > > -----Original Message-----
    > > From: Maxim S. Shatskih [SMTP:[email protected]]
    > > Sent: Thursday, March 09, 2000 7:55 AM
    > > To: File Systems Developers
    > > Subject: [ntfsd] Re: get devicename of a ntfs partition
    > >
    > > > \Device\Harddisk0\Partition0 ?
    > > > Do I need to enumerate \Device ? Or is there better solution ?
    > >
    > > AFAIK there was a documented Win32 function QueryDosDevice.
    > >
    > > Max
    > >
    > >
    > > ---
    > > You are currently subscribed to ntfsd as: [email protected]
    > > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
    · Share on Facebook
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    I do manage to find the usage of this call in the archive even though it is
    not really documented ! In this regard, can anyone gives some hints on how
    to figure out the parameters myself. I got some useful suggestions on my
    previous email about named kernel objects. However, I did not know how to
    get the correct parameters of those undocumented or unexported calls. I
    guess I will be a less nuisance if I know how :-)

    Thanks for the patience with me !

    Jack

    > -----Original Message-----
    > From: Pashupati Kumar [SMTP:[email protected]]
    > Sent: Thursday, March 09, 2000 10:57 AM
    > To: File Systems Developers
    > Subject: [ntfsd] Re: get devicename of a ntfs partition
    >
    > No you don't need that. Use ZwQuerySymbolicLinkObject ( see ddk docs)
    >
    >
    >
    > > Yes, I am aware of that function. In that case, I need to have an user
    > > service to do the translation for the filter driver.
    > >
    > > Thanks,
    > >
    > > Jack
    > >
    > > > -----Original Message-----
    > > > From: Maxim S. Shatskih [SMTP:[email protected]]
    > > > Sent: Thursday, March 09, 2000 7:55 AM
    > > > To: File Systems Developers
    > > > Subject: [ntfsd] Re: get devicename of a ntfs partition
    > > >
    > > > > \Device\Harddisk0\Partition0 ?
    > > > > Do I need to enumerate \Device ? Or is there better solution ?
    > > >
    > > > AFAIK there was a documented Win32 function QueryDosDevice.
    > > >
    > > > Max
    > > >
    > > >
    > > > ---
    > > > You are currently subscribed to ntfsd as: [email protected]
    > > > To unsubscribe send a blank email to $subst('Email.Unsub')
    > >
    > > ---
    > > You are currently subscribed to ntfsd as: [email protected]
    > > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
    · Share on Facebook
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    ZwQuerySymbolicLinkObject is documented. We didn't manage to get it into the
    NT4 DDK docs, but it is in the Windows 2000 DDK docs. Here's a direct link:
    http://www.microsoft.com/ddk/ddkdocs/win2k/k111_2rle.htm.

    --Diane

    -----Original Message-----
    From: CHENG, WEI CHI (LNG) [mailto:[email protected]]
    Sent: Thursday, March 09, 2000 8:47 AM
    To: File Systems Developers
    Subject: [ntfsd] Re: get devicename of a ntfs partition


    I do manage to find the usage of this call in the archive even though it is
    not really documented ! In this regard, can anyone gives some hints on how
    to figure out the parameters myself. I got some useful suggestions on my
    previous email about named kernel objects. However, I did not know how to
    get the correct parameters of those undocumented or unexported calls. I
    guess I will be a less nuisance if I know how :-)

    Thanks for the patience with me !

    Jack

    > -----Original Message-----
    > From: Pashupati Kumar [SMTP:[email protected]]
    > Sent: Thursday, March 09, 2000 10:57 AM
    > To: File Systems Developers
    > Subject: [ntfsd] Re: get devicename of a ntfs partition
    >
    > No you don't need that. Use ZwQuerySymbolicLinkObject ( see ddk docs)
    >
    >
    >
    > > Yes, I am aware of that function. In that case, I need to have an user
    > > service to do the translation for the filter driver.
    > >
    > > Thanks,
    > >
    > > Jack
    > >
    > > > -----Original Message-----
    > > > From: Maxim S. Shatskih [SMTP:[email protected]]
    > > > Sent: Thursday, March 09, 2000 7:55 AM
    > > > To: File Systems Developers
    > > > Subject: [ntfsd] Re: get devicename of a ntfs partition
    > > >
    > > > > \Device\Harddisk0\Partition0 ?
    > > > > Do I need to enumerate \Device ? Or is there better solution ?
    > > >
    > > > AFAIK there was a documented Win32 function QueryDosDevice.
    > > >
    > > > Max
    > > >
    > > >
    > > > ---
    > > > You are currently subscribed to ntfsd as: [email protected]
    > > > To unsubscribe send a blank email to $subst('Email.Unsub')
    > >
    > > ---
    > > You are currently subscribed to ntfsd as: [email protected]
    > > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')

    ---
    You are currently subscribed to ntfsd as: [email protected]
    To unsubscribe send a blank email to $subst('Email.Unsub')
    · Share on Facebook
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Thanks you all for answering in regard to this ! I did mention that from a
    previous post that ask about drive letter, there is a snippet of code that
    show the usage. But the document make it more clear.

    However, my real question is how do I know the parameters of those
    undocumented functions(ObOpenObjectByName, ZwOpenEvent, ZwOpenMutex,
    ZwOpenSemaphore)?

    I know that I've read it somewhere that I should be able to find out how
    many parameters. What does it take for you to figure out the actual meaning
    of each parameter ?

    This is really hard for a first year part-time file system filter novice.

    Jack

    > -----Original Message-----
    > From: Diane Olsen [SMTP:[email protected]]
    > Sent: Thursday, March 09, 2000 1:12 PM
    > To: File Systems Developers
    > Subject: [ntfsd] Re: get devicename of a ntfs partition
    >
    > ZwQuerySymbolicLinkObject is documented. We didn't manage to get it into
    > the NT4 DDK docs, but it is in the Windows 2000 DDK docs. Here's a direct
    > link:
    >
    > .
    >
    > --Diane
    >
    > -----Original Message-----
    > From: CHENG, WEI CHI (LNG) [ ]
    > Sent: Thursday, March 09, 2000 8:47 AM
    > To: File Systems Developers
    > Subject: [ntfsd] Re: get devicename of a ntfs partition
    >
    >
    > I do manage to find the usage of this call in the archive even though it
    > is
    > not really documented ! In this regard, can anyone gives some hints on how
    >
    > to figure out the parameters myself. I got some useful suggestions on my
    > previous email about named kernel objects. However, I did not know how to
    > get the correct parameters of those undocumented or unexported calls. I
    > guess I will be a less nuisance if I know how :-)
    >
    > Thanks for the patience with me !
    >
    > Jack
    >
    > > -----Original Message-----
    > > From: Pashupati Kumar [SMTP:[email protected]]
    > > Sent: Thursday, March 09, 2000 10:57 AM
    > > To: File Systems Developers
    > > Subject: [ntfsd] Re: get devicename of a ntfs partition
    > >
    > > No you don't need that. Use ZwQuerySymbolicLinkObject ( see ddk docs)
    > >
    > >
    > >
    > > > Yes, I am aware of that function. In that case, I need to have an user
    >
    > > > service to do the translation for the filter driver.
    > > >
    > > > Thanks,
    > > >
    > > > Jack
    > > >
    > > > > -----Original Message-----
    > > > > From: Maxim S. Shatskih [SMTP:[email protected]]
    > > > > Sent: Thursday, March 09, 2000 7:55 AM
    > > > > To: File Systems Developers
    > > > > Subject: [ntfsd] Re: get devicename of a ntfs partition
    > > > >
    > > > > > \Device\Harddisk0\Partition0 ?
    > > > > > Do I need to enumerate \Device ? Or is there better solution ?
    > > > >
    > > > > AFAIK there was a documented Win32 function QueryDosDevice.
    > > > >
    > > > > Max
    > > > >
    > > > >
    > > > > ---
    > > > > You are currently subscribed to ntfsd as:
    > [email protected]
    > > > > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    > > >
    > > > ---
    > > > You are currently subscribed to ntfsd as: [email protected]
    > > > To unsubscribe send a blank email to $subst('Email.Unsub')
    > >
    > >
    > > ---
    > > You are currently subscribed to ntfsd as: [email protected]
    > > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    · Share on Facebook
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    The undocumented functions such as ZwOpenEvent,ZwOpenMutex and
    ZwOpenSemaphore are documented in a book "UnDocumented Windows NT" by Prasad
    dabak,Sandeep Phadke and milind Borate.See the Section Appendix A where you
    can find the information about these functions. They are defined here as
    NtXXX calls which are same as ZwXXX calls.

    Here are the parameters of these calls.
    NTSYSAPI NTSTATUS NtOpenEvent(OUT PHANDLE hEvent,
    IN ACCESS_MASK DesiredAccess,
    IN POBJECT_ATTRIBUTES
    ObjectAttributes);
    NTSYSAPI
    NTSTATUS
    NTAPI
    NtOpenMutant(
    OUT PHANDLE hMutex,
    IN ACCESS_MASK DesiredAccess,
    IN POBJECT_ATTRIBUTES ObjectAttributes);

    NTSYSAPI
    NTSTATUS
    NTAPI
    NtOpenSemaphore(
    OUT PHANDLE hSemaphore,
    IN ACCESS_MASK DesiredAccess,
    IN POBJECT_ATTRIBUTES ObjectAttributes
    );

    For details of these parameters refer the above book or the CD-ROM along
    with the book.

    Thanks
    Prakash Bilodi
    ----- Original Message -----
    From: CHENG, WEI CHI (LNG) <[email protected]>
    To: File Systems Developers <[email protected]>
    Sent: Friday, March 10, 2000 8:01 AM
    Subject: [ntfsd] Re: get devicename of a ntfs partition


    > Thanks you all for answering in regard to this ! I did mention that from a
    > previous post that ask about drive letter, there is a snippet of code that
    > show the usage. But the document make it more clear.
    >
    > However, my real question is how do I know the parameters of those
    > undocumented functions(ObOpenObjectByName, ZwOpenEvent, ZwOpenMutex,
    > ZwOpenSemaphore)?
    >
    > I know that I've read it somewhere that I should be able to find out how
    > many parameters. What does it take for you to figure out the actual
    meaning
    > of each parameter ?
    >
    > This is really hard for a first year part-time file system filter novice.
    >
    > Jack
    >
    > > -----Original Message-----
    > > From: Diane Olsen [SMTP:[email protected]]
    > > Sent: Thursday, March 09, 2000 1:12 PM
    > > To: File Systems Developers
    > > Subject: [ntfsd] Re: get devicename of a ntfs partition
    > >
    > > ZwQuerySymbolicLinkObject is documented. We didn't manage to get it into
    > > the NT4 DDK docs, but it is in the Windows 2000 DDK docs. Here's a
    direct
    > > link:
    > >
    > > <http://www.microsoft.com/ddk/ddkdocs/win2k/k111_2rle.htm>.
    > >
    > > --Diane
    > >
    > > -----Original Message-----
    > > From: CHENG, WEI CHI (LNG) [ <mailto:[email protected]>]
    > > Sent: Thursday, March 09, 2000 8:47 AM
    > > To: File Systems Developers
    > > Subject: [ntfsd] Re: get devicename of a ntfs partition
    > >
    > >
    > > I do manage to find the usage of this call in the archive even though it
    > > is
    > > not really documented ! In this regard, can anyone gives some hints on
    how
    > >
    > > to figure out the parameters myself. I got some useful suggestions on my
    > > previous email about named kernel objects. However, I did not know how
    to
    > > get the correct parameters of those undocumented or unexported calls. I
    > > guess I will be a less nuisance if I know how :-)
    > >
    > > Thanks for the patience with me !
    > >
    > > Jack
    > >
    > > > -----Original Message-----
    > > > From: Pashupati Kumar [SMTP:[email protected]]
    > > > Sent: Thursday, March 09, 2000 10:57 AM
    > > > To: File Systems Developers
    > > > Subject: [ntfsd] Re: get devicename of a ntfs partition
    > > >
    > > > No you don't need that. Use ZwQuerySymbolicLinkObject ( see ddk docs)
    > > >
    > > >
    > > >
    > > > > Yes, I am aware of that function. In that case, I need to have an
    user
    > >
    > > > > service to do the translation for the filter driver.
    > > > >
    > > > > Thanks,
    > > > >
    > > > > Jack
    > > > >
    > > > > > -----Original Message-----
    > > > > > From: Maxim S. Shatskih [SMTP:[email protected]]
    > > > > > Sent: Thursday, March 09, 2000 7:55 AM
    > > > > > To: File Systems Developers
    > > > > > Subject: [ntfsd] Re: get devicename of a ntfs partition
    > > > > >
    > > > > > > \Device\Harddisk0\Partition0 ?
    > > > > > > Do I need to enumerate \Device ? Or is there better solution ?
    > > > > >
    > > > > > AFAIK there was a documented Win32 function QueryDosDevice.
    > > > > >
    > > > > > Max
    > > > > >
    > > > > >
    > > > > > ---
    > > > > > You are currently subscribed to ntfsd as:
    > > [email protected]
    > > > > > To unsubscribe send a blank email to
    $subst('Email.Unsub')
    > >
    > > > >
    > > > > ---
    > > > > You are currently subscribed to ntfsd as: [email protected]
    > > > > To unsubscribe send a blank email to $subst('Email.Unsub')
    > > >
    > > >
    > > > ---
    > > > You are currently subscribed to ntfsd as: [email protected]
    > > > To unsubscribe send a blank email to $subst('Email.Unsub')
    > >
    > > ---
    > > You are currently subscribed to ntfsd as: [email protected]
    > > To unsubscribe send a blank email to $subst('Email.Unsub')
    > >
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    >
    · Share on Facebook
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Thanks, this is exactly what I need ! Book order is placed and should get it
    in short time.

    Jack

    > -----Original Message-----
    > From: Prakash Bilodi [SMTP:[email protected]]
    > Sent: Friday, March 10, 2000 9:43 AM
    > To: File Systems Developers
    > Subject: [ntfsd] Re: get devicename of a ntfs partition
    >
    > The undocumented functions such as ZwOpenEvent,ZwOpenMutex and
    > ZwOpenSemaphore are documented in a book "UnDocumented Windows NT" by
    > Prasad
    > dabak,Sandeep Phadke and milind Borate.See the Section Appendix A where
    > you
    > can find the information about these functions. They are defined here as
    > NtXXX calls which are same as ZwXXX calls.
    >
    > Here are the parameters of these calls.
    > NTSYSAPI NTSTATUS NtOpenEvent(OUT PHANDLE hEvent,
    > IN ACCESS_MASK
    > DesiredAccess,
    > IN POBJECT_ATTRIBUTES
    > ObjectAttributes);
    > NTSYSAPI
    > NTSTATUS
    > NTAPI
    > NtOpenMutant(
    > OUT PHANDLE hMutex,
    > IN ACCESS_MASK DesiredAccess,
    > IN POBJECT_ATTRIBUTES ObjectAttributes);
    >
    > NTSYSAPI
    > NTSTATUS
    > NTAPI
    > NtOpenSemaphore(
    > OUT PHANDLE hSemaphore,
    > IN ACCESS_MASK DesiredAccess,
    > IN POBJECT_ATTRIBUTES ObjectAttributes
    > );
    >
    > For details of these parameters refer the above book or the CD-ROM along
    > with the book.
    >
    > Thanks
    > Prakash Bilodi
    > ----- Original Message -----
    > From: CHENG, WEI CHI (LNG)
    > To: File Systems Developers
    > Sent: Friday, March 10, 2000 8:01 AM
    > Subject: [ntfsd] Re: get devicename of a ntfs partition
    >
    >
    > > Thanks you all for answering in regard to this ! I did mention that from
    > a
    > > previous post that ask about drive letter, there is a snippet of code
    > that
    > > show the usage. But the document make it more clear.
    > >
    > > However, my real question is how do I know the parameters of those
    > > undocumented functions(ObOpenObjectByName, ZwOpenEvent, ZwOpenMutex,
    > > ZwOpenSemaphore)?
    > >
    > > I know that I've read it somewhere that I should be able to find out how
    > > many parameters. What does it take for you to figure out the actual
    > meaning
    > > of each parameter ?
    > >
    > > This is really hard for a first year part-time file system filter
    > novice.
    > >
    > > Jack
    > >
    > > > -----Original Message-----
    > > > From: Diane Olsen [SMTP:[email protected]]
    > > > Sent: Thursday, March 09, 2000 1:12 PM
    > > > To: File Systems Developers
    > > > Subject: [ntfsd] Re: get devicename of a ntfs partition
    > > >
    > > > ZwQuerySymbolicLinkObject is documented. We didn't manage to get it
    > into
    > > > the NT4 DDK docs, but it is in the Windows 2000 DDK docs. Here's a
    > direct
    > > > link:
    > > >
    > > > .
    > > >
    > > > --Diane
    > > >
    > > > -----Original Message-----
    > > > From: CHENG, WEI CHI (LNG) [ ]
    > > > Sent: Thursday, March 09, 2000 8:47 AM
    > > > To: File Systems Developers
    > > > Subject: [ntfsd] Re: get devicename of a ntfs partition
    > > >
    > > >
    > > > I do manage to find the usage of this call in the archive even though
    > it
    > > > is
    > > > not really documented ! In this regard, can anyone gives some hints on
    > how
    > > >
    > > > to figure out the parameters myself. I got some useful suggestions on
    > my
    > > > previous email about named kernel objects. However, I did not know how
    > to
    > > > get the correct parameters of those undocumented or unexported calls.
    > I
    > > > guess I will be a less nuisance if I know how :-)
    > > >
    > > > Thanks for the patience with me !
    > > >
    > > > Jack
    > > >
    > > > > -----Original Message-----
    > > > > From: Pashupati Kumar [SMTP:[email protected]]
    > > > > Sent: Thursday, March 09, 2000 10:57 AM
    > > > > To: File Systems Developers
    > > > > Subject: [ntfsd] Re: get devicename of a ntfs partition
    > > > >
    > > > > No you don't need that. Use ZwQuerySymbolicLinkObject ( see ddk
    > docs)
    > > > >
    > > > >
    > > > >
    > > > > > Yes, I am aware of that function. In that case, I need to have an
    > user
    > > >
    > > > > > service to do the translation for the filter driver.
    > > > > >
    > > > > > Thanks,
    > > > > >
    > > > > > Jack
    > > > > >
    > > > > > > -----Original Message-----
    > > > > > > From: Maxim S. Shatskih [SMTP:[email protected]]
    > > > > > > Sent: Thursday, March 09, 2000 7:55 AM
    > > > > > > To: File Systems Developers
    > > > > > > Subject: [ntfsd] Re: get devicename of a ntfs partition
    > > > > > >
    > > > > > > > \Device\Harddisk0\Partition0 ?
    > > > > > > > Do I need to enumerate \Device ? Or is there better solution ?
    > > > > > >
    > > > > > > AFAIK there was a documented Win32 function QueryDosDevice.
    > > > > > >
    > > > > > > Max
    > > > > > >
    > > > > > >
    > > > > > > ---
    > > > > > > You are currently subscribed to ntfsd as:
    > > > [email protected]
    > > > > > > To unsubscribe send a blank email to
    > $subst('Email.Unsub')
    > > >
    > > > > >
    > > > > > ---
    > > > > > You are currently subscribed to ntfsd as: [email protected]
    > > > > > To unsubscribe send a blank email to
    > $subst('Email.Unsub')
    > > > >
    > > > >
    > > > > ---
    > > > > You are currently subscribed to ntfsd as:
    > [email protected]
    > > > > To unsubscribe send a blank email to $subst('Email.Unsub')
    > > >
    > > > ---
    > > > You are currently subscribed to ntfsd as:
    > [email protected]
    > > > To unsubscribe send a blank email to $subst('Email.Unsub')
    > > >
    > >
    > > ---
    > > You are currently subscribed to ntfsd as: [email protected]
    > > To unsubscribe send a blank email to $subst('Email.Unsub')
    > >
    > >
    >
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 30 Nov 2020 LIVE ONLINE
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Developing Minifilters Early 2021 LIVE ONLINE

Categories