I have a unicode (UNICODE_STRING) file name like “abc.005”. I want to check
whether there exists a file named “abc.006”. So what I thought was to split
the string in to two parts “abc” and “005”. then convert 005 to int then
increment it, concatenate it again and check for the file existence. Is
this a good approach? does there exists function to achieve this?
From this what I understood is UNICODE_STRING is UTF16 and the characters
could be variable length. So is there a function which allows me to access
each character in the string? From the above thread I understand that
simple pointer operation wouldn’t be safe.
No matter how you create the filename existence proofs based on file presence are easily broken. The file can be missing during your check and then show up immediately after. Or it be there when you check and then immediately deleted.
d
Bent from my phone
From: Lloydmailto:xxxxx Sent: ?9/?17/?2014 10:33 PM To: Windows System Software Devs Interest Listmailto:xxxxx Subject: [ntdev] Access characters from UNICODE_STRING
Hi,
I have a unicode (UNICODE_STRING) file name like “abc.005”. I want to check whether there exists a file named “abc.006”. So what I thought was to split the string in to two parts “abc” and “005”. then convert 005 to int then increment it, concatenate it again and check for the file existence. Is this a good approach? does there exists function to achieve this?
From this what I understood is UNICODE_STRING is UTF16 and the characters could be variable length. So is there a function which allows me to access each character in the string? From the above thread I understand that simple pointer operation wouldn’t be safe.
Thank you Doron. My real problem is not in “filename existence proofs”. If
there exists the file “abc.006”, then that it indicates that file “abc.006”
is of interest to me and I wish to open and process it. So please let me
make my my question clear.
We have a very large file say “abc”. We split this file in to
“abc.001”, “abc.002”
etc… in user mode. The split files (abc.001, abc.002…) does not contain
any size (total size) information of the file “abc”. The only way for me to
get all the pieces of the file “abc” is to read it based on the continuous
extension like “001, 002…”. So if the file name at my hand now is
“abc.005” how can I construct a next possible file name (“abc.006”) form
it? This is my question. I hope it is clear now.
Thanks a lot,
Lloyd
On Thu, Sep 18, 2014 at 11:23 AM, Doron Holan wrote:
> No matter how you create the filename existence proofs based on file > presence are easily broken. The file can be missing during your check and > then show up immediately after. Or it be there when you check and then > immediately deleted. > > d > > Bent from my phone > ------------------------------ > From: Lloyd > Sent: 9/17/2014 10:33 PM > To: Windows System Software Devs Interest List > Subject: [ntdev] Access characters from UNICODE_STRING > > Hi, > > I have a unicode (UNICODE_STRING) file name like “abc.005”. I want to > check whether there exists a file named “abc.006”. So what I thought was to > split the string in to two parts “abc” and “005”. then convert 005 to int > then increment it, concatenate it again and check for the file existence. > Is this a good approach? does there exists function to achieve this? > > > I have read a relavent thread named “simple question about > UNICODE_STRING” (http://www.osronline.com/showthread.cfm?link=238475). > > From this what I understood is UNICODE_STRING is UTF16 and the > characters could be variable length. So is there a function which allows me > to access each character in the string? From the above thread I understand > that simple pointer operation wouldn’t be safe. > > Thanks in advance, > Lloyd > > — NTDEV is sponsored by OSR Visit the list at: > http://www.osronline.com/showlists.cfm?list=ntdev OSR is HIRING!! See > http://www.osr.com/careers For our schedule of WDF, WDM, debugging and > other seminars visit: http://www.osr.com/seminars To unsubscribe, visit > the List Server section of OSR Online at > http://www.osronline.com/page.cfm?name=ListServer > > — > NTDEV is sponsored by OSR > > Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev > > OSR is HIRING!! See http://www.osr.com/careers > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at > http://www.osronline.com/page.cfm?name=ListServer >
Create handles in kernel mode and pass them to user mode, instead of the
other way around. Handles created by a user-mode component and passed to
the driver should not be trusted.
In the Windows API you can find many functions that use formated structures as input/output data. Four your particular case you could define the following structure:
// Alignment is required if you probe user mode
// buffers in kernel mode (METHOD_NEITHER I/O). #ifdef SPLIT_ENTRY_ALIGNED #define SPLIT_ENTRY_ALIGN __declspec(align(8)) #else #define SPLIT_ENTRY_ALIGN // default alignment #endif
typedef SPLIT_ENTRY_ALIGN struct _SPLIT_ENTRY{
WCHAR FileName[8]; //8 Should be enougth for abc.NNN
ULONG64 FileSize; // The size of the file on the disk in bytes.
} SPLIT_ENTRY, *PSPLIT_ENTRY;
The user mode application can then pass a buffer of contiguous SPLIT_ENTRY structures to the driver using an IRP. I think this is how drivers use the I/O system to implement system services.
Note that you could also define a variable length array of such entries with the following structure:
typedef SPLIT_ENTRY_ALIGN struct _SPLIT_ENTRY_ARRAY{
ULONG NumberOfEntries; // Number of entries in the following array.
SPLIT_ENTRY Entries[1]; // First entry in the array.
} SPLIT_ENTRY_ARRAY, *PSPLIT_ENTRY_ARRAY;
Don’t forget to use __try/__except anywhere you access a user mode address and never read/write after the end of the provided buffer.