Hi all,
As ZwQueryDirectoryFile() is not aplicable in w2k so i have tried with
the following code in
my file system filter driver for getting DirectoryInformation
/* All the parameters are same as ZwQueryDirectoryFile */
NTSTATUS
NtQueryDirectoryFile(
IN HANDLE FileHandle,
IN HANDLE PEvent OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartScan
)
{
PIRP Irp;
PDEVICE_OBJECT DeviceObject;
PFILE_OBJECT FileObject;
NTSTATUS Status;
KEVENT Event;
PIO_STACK_LOCATION IoStack;
DPRINT(“NtQueryDirectoryFile()\n”);
Status = ObReferenceObjectByHandle(FileHandle,
FILE_LIST_DIRECTORY,
IoFileObjectType,
UserMode,
(PVOID *)&FileObject,
NULL);
if (Status != STATUS_SUCCESS)
{
ObDereferenceObject(FileObject);
return(Status);
}
KeInitializeEvent(&Event,NotificationEvent,FALSE);
DeviceObject = FileObject->DeviceObject;
Irp = IoAllocateIrp(DeviceObject->StackSize, TRUE);
if (Irp==NULL)
{
ObDereferenceObject(FileObject);
return STATUS_UNSUCCESSFUL;
}
Irp->UserIosb = IoStatusBlock;
Irp->UserEvent = &Event;
Irp->UserBuffer=FileInformation;
IoStack = IoGetNextIrpStackLocation(Irp);
IoStack->MajorFunction = IRP_MJ_DIRECTORY_CONTROL;
IoStack->MinorFunction = IRP_MN_QUERY_DIRECTORY;
IoStack->Flags = 0;
IoStack->Control = 0;
IoStack->DeviceObject = DeviceObject;
IoStack->FileObject = FileObject;
if (RestartScan)
{
IoStack->Flags = IoStack->Flags | SL_RESTART_SCAN;
}
if (ReturnSingleEntry)
{
IoStack->Flags = IoStack->Flags | SL_RETURN_SINGLE_ENTRY;
}
if (((PFILE_DIRECTORY_INFORMATION)FileInformation)->FileIndex != 0)
{
IoStack->Flags = IoStack->Flags | SL_INDEX_SPECIFIED;
}
IoStack->Parameters.QueryDirectory.FileInformationClass =
FileInformationClass;
IoStack->Parameters.QueryDirectory.FileName = FileName;
IoStack->Parameters.QueryDirectory.Length = Length;
Status = IoCallDriver(FileObject->DeviceObject,Irp);
if (Status==STATUS_PENDING && (FileObject->Flags & FO_SYNCHRONOUS_IO))
{
if (FileObject->Flags & FO_ALERTABLE_IO)
{
KeWaitForSingleObject(&Event,Executive,KernelMode,TRUE,NULL);
}
else
{
KeWaitForSingleObject(&Event,Executive,KernelMode,FALSE,NULL);
}
Status = IoStatusBlock->Status;
}
return(Status);
}
/////////////////////////////////
And I called this function by passing the following parameter
Status=NtQueryDirectoryFile(FileHandle,NULL,NULL,NULL,&IoStatusBlock,pFileInformation,Length,FileBothDirectoryInformation,
FALSE, // ReturnSingleEntry,
NULL, // FileName
FALSE // RestartScan
);
But in this code, The function
ObReferenceObjectByHandle() returns status=SUCCESS and seems to be
return a FileObject successfully
but when the IoCallDriver(FileObject->DeviceObject,Irp) is called it
gives the fatal error.
1]Is the FileObject return by the ObReferenceObjectByHandle() function
is correct??
OR
2]Is there any other alternative for QueryDirectoryFile in W2K.
Thanks in Advance
Manish K. Sharma