Alternate for ZwQueryDirectoryFile in W2K

Hi all,

As ZwQueryDirectoryFile() is not aplicable in w2k so i have tried with
the following code in
my file system filter driver for getting DirectoryInformation

/* All the parameters are same as ZwQueryDirectoryFile */
NTSTATUS
NtQueryDirectoryFile(
IN HANDLE FileHandle,
IN HANDLE PEvent OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartScan
)

{
PIRP Irp;
PDEVICE_OBJECT DeviceObject;
PFILE_OBJECT FileObject;
NTSTATUS Status;
KEVENT Event;
PIO_STACK_LOCATION IoStack;

DPRINT(“NtQueryDirectoryFile()\n”);

Status = ObReferenceObjectByHandle(FileHandle,
FILE_LIST_DIRECTORY,
IoFileObjectType,
UserMode,
(PVOID *)&FileObject,
NULL);

if (Status != STATUS_SUCCESS)
{
ObDereferenceObject(FileObject);
return(Status);
}
KeInitializeEvent(&Event,NotificationEvent,FALSE);
DeviceObject = FileObject->DeviceObject;

Irp = IoAllocateIrp(DeviceObject->StackSize, TRUE);
if (Irp==NULL)
{
ObDereferenceObject(FileObject);
return STATUS_UNSUCCESSFUL;
}

Irp->UserIosb = IoStatusBlock;
Irp->UserEvent = &Event;
Irp->UserBuffer=FileInformation;

IoStack = IoGetNextIrpStackLocation(Irp);

IoStack->MajorFunction = IRP_MJ_DIRECTORY_CONTROL;
IoStack->MinorFunction = IRP_MN_QUERY_DIRECTORY;
IoStack->Flags = 0;
IoStack->Control = 0;
IoStack->DeviceObject = DeviceObject;
IoStack->FileObject = FileObject;

if (RestartScan)
{
IoStack->Flags = IoStack->Flags | SL_RESTART_SCAN;
}
if (ReturnSingleEntry)
{
IoStack->Flags = IoStack->Flags | SL_RETURN_SINGLE_ENTRY;
}
if (((PFILE_DIRECTORY_INFORMATION)FileInformation)->FileIndex != 0)
{
IoStack->Flags = IoStack->Flags | SL_INDEX_SPECIFIED;
}

IoStack->Parameters.QueryDirectory.FileInformationClass =
FileInformationClass;
IoStack->Parameters.QueryDirectory.FileName = FileName;
IoStack->Parameters.QueryDirectory.Length = Length;

Status = IoCallDriver(FileObject->DeviceObject,Irp);
if (Status==STATUS_PENDING && (FileObject->Flags & FO_SYNCHRONOUS_IO))
{
if (FileObject->Flags & FO_ALERTABLE_IO)
{
KeWaitForSingleObject(&Event,Executive,KernelMode,TRUE,NULL);
}
else
{
KeWaitForSingleObject(&Event,Executive,KernelMode,FALSE,NULL);
}
Status = IoStatusBlock->Status;
}
return(Status);
}

/////////////////////////////////

And I called this function by passing the following parameter

Status=NtQueryDirectoryFile(FileHandle,NULL,NULL,NULL,&IoStatusBlock,pFileInformation,Length,FileBothDirectoryInformation,
FALSE, // ReturnSingleEntry,
NULL, // FileName
FALSE // RestartScan
);

But in this code, The function
ObReferenceObjectByHandle() returns status=SUCCESS and seems to be
return a FileObject successfully
but when the IoCallDriver(FileObject->DeviceObject,Irp) is called it
gives the fatal error.
1]Is the FileObject return by the ObReferenceObjectByHandle() function
is correct??
OR
2]Is there any other alternative for QueryDirectoryFile in W2K.

Thanks in Advance

Manish K. Sharma

Regardless of the documentation, ZwQueryDirectoryFile() is indeed available
in Win2K. You’ll need to copy a prototype from one of the other headers,
but it works on Win2K.

Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Manish Sharma
Sent: Monday, March 28, 2005 9:35 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Alternate for ZwQueryDirectoryFile in W2K

Hi all,

As ZwQueryDirectoryFile() is not aplicable in w2k so i have tried with
the following code in
my file system filter driver for getting DirectoryInformation

/* All the parameters are same as ZwQueryDirectoryFile */
NTSTATUS
NtQueryDirectoryFile(
IN HANDLE FileHandle,
IN HANDLE PEvent OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartScan
)

{
PIRP Irp;
PDEVICE_OBJECT DeviceObject;
PFILE_OBJECT FileObject;
NTSTATUS Status;
KEVENT Event;
PIO_STACK_LOCATION IoStack;

DPRINT(“NtQueryDirectoryFile()\n”);

Status = ObReferenceObjectByHandle(FileHandle,
FILE_LIST_DIRECTORY,
IoFileObjectType,
UserMode,
(PVOID *)&FileObject,
NULL);

if (Status != STATUS_SUCCESS)
{
ObDereferenceObject(FileObject);
return(Status);
}
KeInitializeEvent(&Event,NotificationEvent,FALSE);
DeviceObject = FileObject->DeviceObject;

Irp = IoAllocateIrp(DeviceObject->StackSize, TRUE);
if (Irp==NULL)
{
ObDereferenceObject(FileObject);
return STATUS_UNSUCCESSFUL;
}

Irp->UserIosb = IoStatusBlock;
Irp->UserEvent = &Event;
Irp->UserBuffer=FileInformation;

IoStack = IoGetNextIrpStackLocation(Irp);

IoStack->MajorFunction = IRP_MJ_DIRECTORY_CONTROL;
IoStack->MinorFunction = IRP_MN_QUERY_DIRECTORY;
IoStack->Flags = 0;
IoStack->Control = 0;
IoStack->DeviceObject = DeviceObject;
IoStack->FileObject = FileObject;

if (RestartScan)
{
IoStack->Flags = IoStack->Flags | SL_RESTART_SCAN;
}
if (ReturnSingleEntry)
{
IoStack->Flags = IoStack->Flags | SL_RETURN_SINGLE_ENTRY;
}
if (((PFILE_DIRECTORY_INFORMATION)FileInformation)->FileIndex != 0)
{
IoStack->Flags = IoStack->Flags | SL_INDEX_SPECIFIED;
}

IoStack->Parameters.QueryDirectory.FileInformationClass =
FileInformationClass;
IoStack->Parameters.QueryDirectory.FileName = FileName;
IoStack->Parameters.QueryDirectory.Length = Length;

Status = IoCallDriver(FileObject->DeviceObject,Irp);
if (Status==STATUS_PENDING && (FileObject->Flags & FO_SYNCHRONOUS_IO))
{
if (FileObject->Flags & FO_ALERTABLE_IO)
{
KeWaitForSingleObject(&Event,Executive,KernelMode,TRUE,NULL);
}
else
{
KeWaitForSingleObject(&Event,Executive,KernelMode,FALSE,NULL);
}
Status = IoStatusBlock->Status;
}
return(Status);
}

/////////////////////////////////

And I called this function by passing the following parameter

Status=NtQueryDirectoryFile(FileHandle,NULL,NULL,NULL,&IoStatusBlock,pFileIn
formation,Length,FileBothDirectoryInformation,
FALSE, // ReturnSingleEntry,
NULL, // FileName
FALSE // RestartScan
);

But in this code, The function
ObReferenceObjectByHandle() returns status=SUCCESS and seems to be
return a FileObject successfully
but when the IoCallDriver(FileObject->DeviceObject,Irp) is called it
gives the fatal error.
1]Is the FileObject return by the ObReferenceObjectByHandle() function
is correct??
OR
2]Is there any other alternative for QueryDirectoryFile in W2K.

Thanks in Advance

Manish K. Sharma


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com

hi,
Ken Thanks for the reply
I followed your way and
it worked fine on W2K

Thanks Again
Manish K. Sharma

On Mon, 28 Mar 2005 09:40:12 -0500, Ken Cross wrote:
> Regardless of the documentation, ZwQueryDirectoryFile() is indeed available
> in Win2K. You’ll need to copy a prototype from one of the other headers,
> but it works on Win2K.
>
> Ken
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Manish Sharma
> Sent: Monday, March 28, 2005 9:35 AM
> To: Windows File Systems Devs Interest List
> Subject: [ntfsd] Alternate for ZwQueryDirectoryFile in W2K
>
> Hi all,
>
> As ZwQueryDirectoryFile() is not aplicable in w2k so i have tried with
> the following code in
> my file system filter driver for getting DirectoryInformation
>
> /* All the parameters are same as ZwQueryDirectoryFile */
> NTSTATUS
> NtQueryDirectoryFile(
> IN HANDLE FileHandle,
> IN HANDLE PEvent OPTIONAL,
> IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
> IN PVOID ApcContext OPTIONAL,
> OUT PIO_STATUS_BLOCK IoStatusBlock,
> OUT PVOID FileInformation,
> IN ULONG Length,
> IN FILE_INFORMATION_CLASS FileInformationClass,
> IN BOOLEAN ReturnSingleEntry,
> IN PUNICODE_STRING FileName OPTIONAL,
> IN BOOLEAN RestartScan
> )
>
> {
> PIRP Irp;
> PDEVICE_OBJECT DeviceObject;
> PFILE_OBJECT FileObject;
> NTSTATUS Status;
> KEVENT Event;
> PIO_STACK_LOCATION IoStack;
>
> DPRINT(“NtQueryDirectoryFile()\n”);
>
> Status = ObReferenceObjectByHandle(FileHandle,
> FILE_LIST_DIRECTORY,
> IoFileObjectType,
> UserMode,
> (PVOID *)&FileObject,
> NULL);
>
> if (Status != STATUS_SUCCESS)
> {
> ObDereferenceObject(FileObject);
> return(Status);
> }
> KeInitializeEvent(&Event,NotificationEvent,FALSE);
> DeviceObject = FileObject->DeviceObject;
>
> Irp = IoAllocateIrp(DeviceObject->StackSize, TRUE);
> if (Irp==NULL)
> {
> ObDereferenceObject(FileObject);
> return STATUS_UNSUCCESSFUL;
> }
>
> Irp->UserIosb = IoStatusBlock;
> Irp->UserEvent = &Event;
> Irp->UserBuffer=FileInformation;
>
> IoStack = IoGetNextIrpStackLocation(Irp);
>
> IoStack->MajorFunction = IRP_MJ_DIRECTORY_CONTROL;
> IoStack->MinorFunction = IRP_MN_QUERY_DIRECTORY;
> IoStack->Flags = 0;
> IoStack->Control = 0;
> IoStack->DeviceObject = DeviceObject;
> IoStack->FileObject = FileObject;
>
> if (RestartScan)
> {
> IoStack->Flags = IoStack->Flags | SL_RESTART_SCAN;
> }
> if (ReturnSingleEntry)
> {
> IoStack->Flags = IoStack->Flags | SL_RETURN_SINGLE_ENTRY;
> }
> if (((PFILE_DIRECTORY_INFORMATION)FileInformation)->FileIndex != 0)
> {
> IoStack->Flags = IoStack->Flags | SL_INDEX_SPECIFIED;
> }
>
> IoStack->Parameters.QueryDirectory.FileInformationClass =
> FileInformationClass;
> IoStack->Parameters.QueryDirectory.FileName = FileName;
> IoStack->Parameters.QueryDirectory.Length = Length;
>
> Status = IoCallDriver(FileObject->DeviceObject,Irp);
> if (Status==STATUS_PENDING && (FileObject->Flags & FO_SYNCHRONOUS_IO))
> {
> if (FileObject->Flags & FO_ALERTABLE_IO)
> {
> KeWaitForSingleObject(&Event,Executive,KernelMode,TRUE,NULL);
> }
> else
> {
> KeWaitForSingleObject(&Event,Executive,KernelMode,FALSE,NULL);
> }
> Status = IoStatusBlock->Status;
> }
> return(Status);
> }
>
> /////////////////////////////////
>
> And I called this function by passing the following parameter
>
> Status=NtQueryDirectoryFile(FileHandle,NULL,NULL,NULL,&IoStatusBlock,pFileIn
> formation,Length,FileBothDirectoryInformation,
> FALSE, // ReturnSingleEntry,
> NULL, // FileName
> FALSE // RestartScan
> );
>
> But in this code, The function
> ObReferenceObjectByHandle() returns status=SUCCESS and seems to be
> return a FileObject successfully
> but when the IoCallDriver(FileObject->DeviceObject,Irp) is called it
> gives the fatal error.
> 1]Is the FileObject return by the ObReferenceObjectByHandle() function
> is correct??
> OR
> 2]Is there any other alternative for QueryDirectoryFile in W2K.
>
> Thanks in Advance
>
> Manish K. Sharma
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@comcast.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>