Is there a means to reliably determine the system root and/or boot volume in DriverEntry() in a boot start driver?
Details:
Our driver currently determines the boot volume using FltGetVolumeFromName(“\SystemRoot”), and then using FltGetVolumeName() on the volume that is returned. That method doesn’t work for a boot start driver. I figure if I can get the driver’s image name, that I will have what I need, but I haven’t found a way to get that.
I tried the registry entry for the service, but it has a string value, ImagePath, that gives only “system32\DRIVERS\mydriver.sys”, less the actual system root.
I tried ObQueryNameString() on the DriverObject, but it returns “\FileSystem\mydriver”