Do mounted drives have symbolic link names?

Marc_Cruz · December 21, 2006, 8:37pm

For example, if I have a mounted network drive B:\ that points to
\shared-comp\inbox does B:\ correspond to symbo link like
“\Device\HarddiskVolumeB”?

Is there a way I can get the symbolic name of a mounted drive in the kernel?
Is there also a way, in the kernel to know if the drive is a network drive?

Thanks,

Marc

OSR_Community_User · December 21, 2006, 9:59pm

Marc Cruz wrote:

Do mounted drives have symbolic link names?

For example, if I have a mounted network drive B:\ that points to
\shared-comp\inbox does B:\ correspond to symbo link like
“\Device\HarddiskVolumeB”?

There will be a \DosDevices\B: symbolic link containing the link to the
network share.

However these are normally user specific so don’t have any global
context. I suspect they’re valid in IRP_MJ_CREATE but I wouldn’t be
certain in any other operations, since there’s no guarantee that those
happen in the same context.

Is there a way I can get the symbolic name of a mounted drive in the
kernel? Is there also a way, in the kernel to know if the drive is a
network drive?

It’s not safe to assume you can go from physical name back to a drive
letter, since the same mounted volume may have many drive letters, or
even none at all (in the case of a volume mounted on a junction point).

In general drive letters are a userspace concept and it’s best to keep
them there.

To work out whether something is a request from the network redirector
you can check the token source for ‘NtLmSsp’ (either from the parameters
to IRP_MJ_CREATE or from the process token).

Tony

OSR_Community_User · December 22, 2006, 4:16am

> For example, if I have a mounted network drive B:\ that points to

\shared-comp\inbox does B:\ correspond to symbo link like
“\Device\HarddiskVolumeB”?

No, the symlink will be \Device\LanmanRedirector\shared-comp\inbox

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

anton_bassov · December 23, 2006, 10:47pm

> For example, if I have a mounted network drive B:\ that points to

\shared-comp\inbox does B:\ correspond to symbo link like
“\Device\HarddiskVolumeB”?

Actually, the symbolic link is just B:\ - everything that starts like \Device\… is not a symbolic link but the actual name of a device. Symbolic links are meant to be used only when you open a handle to devices via ZwCreateFile()/ZwOpenFile() calls, so that you can use them instead of actual names.

You can verify it symply by passing B:\ to ZwOpenSymbolicLinkObject() and then passing the handle ZwOpenSymbolicLinkObject() returns to ZwQuerySymbolicLinkObject() - you will see everything with your own eyes.

Concerning “\Device\HarddiskVolumeX”, such names apply only to those volumes that are managed by Ftdisk.sys (i.e. mounted on basic hard disks and USB devices that present themselves as basic disks ) - when it comes to removable media, network drives and dynamic disks, Ftdisk.sys is out of play

Anton Bassov