DOS device names to NT Device Names

Prashant_MD · November 17, 2008, 8:09am

Hi,

Is there any easy way to convert Dos paths to NT device paths??

I have to pass the path which comes from an outside module in the form of C:\example.exe to my char* to another module which takes the path in the form of \Device\HarddiskVolume1\example.exe . Is there any easy way to do this?

anton_bassov · November 17, 2008, 8:20am

NtQuerySymbolicLink() is your friend here…

Anton Bassov

OSR_Community_User · November 17, 2008, 8:22am

There’s probably a better way, but if you are doing this from user mode, there’s
‘RtlDosPathNameToNtPathName_U.’

From there kernel, I think you could do this with the MountMgr IOCTL’s, but I’m really not sure.

Good luck,

mm

xxxxx@gmail.com wrote:

Hi,

Is there any easy way to convert Dos paths to NT device paths??

I have to pass the path which comes from an outside module in the form of C:\example.exe to my char* to another module which takes the path in the form of \Device\HarddiskVolume1\example.exe . Is there any easy way to do this?

OSR_Community_User · November 17, 2008, 8:58am

This is the method that I have used. ZwOpenSymbolicLink followed by
ZwQuerySymbolicLink. This is not on the full path. It is just on the
symbolic link part. C: in the example given.
Keep in mind that a symbolic link can point to another symbolic link.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of xxxxx@hotmail.com
Sent: Monday, November 17, 2008 8:22 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] DOS device names to NT Device Names

NtQuerySymbolicLink() is your friend here…

Anton Bassov

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · November 17, 2008, 8:59am

Check out QueryDosDevice()

Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Monday, November 17, 2008 8:11 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] DOS device names to NT Device Names

Hi,

Is there any easy way to convert Dos paths to NT device
paths??

I have to pass the path which comes from an outside module in the form of
C:\example.exe to my char* to another module which takes the path in the
form of \Device\HarddiskVolume1\example.exe . Is there any easy way to do
this?

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · November 17, 2008, 9:18am

BTW, you didn’t say if the “module” is a driver or user mode module.

QueryDosDevice() is for user mode (as is NtOpenSymbolicLink).
ZwOpenSymbolicLink can be used in kernel mode.

Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ken Cross
Sent: Monday, November 17, 2008 8:59 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] DOS device names to NT Device Names

Check out QueryDosDevice()

Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Monday, November 17, 2008 8:11 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] DOS device names to NT Device Names

Hi,

Is there any easy way to convert Dos paths to NT device
paths??

I have to pass the path which comes from an outside module in the form of
C:\example.exe to my char* to another module which takes the path in the
form of \Device\HarddiskVolume1\example.exe . Is there any easy way to do
this?

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Prashant_MD · November 17, 2008, 10:04am

It’s a driver

Prashant_MD · November 17, 2008, 10:18am

i just searched for ZwOpenSymbolicLink in msdn but was unable to find any documentation regarding it.Also when i wrote the function in my driver code the build fired error as undeclared.Seems like there is no easy way to do the conversion.

OSR_Community_User · November 17, 2008, 10:50am

Try ZwOpenSymbolicLinkObject. This is the correct function and it is
documented in the WDK documentation.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of xxxxx@gmail.com
Sent: Monday, November 17, 2008 10:20 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] DOS device names to NT Device Names

i just searched for ZwOpenSymbolicLink in msdn but was unable to find any
documentation regarding it.Also when i wrote the function in my driver code
the build fired error as undeclared.Seems like there is no easy way to do
the conversion.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Prashant_MD · November 18, 2008, 12:37am

Thx guys, after following your suggestions i wrote this code to check if things work as they are supposed to.

OBJECT_ATTRIBUTES Attributes;
UNICODE_STRING NameUnicodeString ;
UNICODE_STRING TargetString;

HANDLE LinkHandle;
ULONG len;

RtlInitUnicodeString( &NameUnicodeString, “C:\temp1” ) ;
InitializeObjectAttributes( &Attributes,&NameUnicodeString,
OBJ_CASE_INSENSITIVE, NULL, NULL ) ;

ZwOpenSymbolicLinkObject(&LinkHandle,GENERIC_READ,&Attributes);

ZwQuerySymbolicLinkObject(&LinkHandle,&TargetString,&len);

Since the TargetString is of UNICODE type i can’t see what the output is,how can i convert it to a normal string,so that i can see the output in DbgPrint.Also please correct me if i did something wrong in the code.And please excuse this Driver newbie if questions sound stupid.

Ken_Johnson · November 18, 2008, 12:53am

You need to provide storage space for the string to be returned by ZwQuerySymbolicLink.
You need to pass the object manager (native) path, not the Win32 path.
%wZ will output a PUNICODE_STRING at IRQL < DISPATCH_LEVEL.

S

-----Original Message-----
From: xxxxx@gmail.com
Sent: Monday, November 17, 2008 23:37
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] DOS device names to NT Device Names

Thx guys, after following your suggestions i wrote this code to check if things work as they are supposed to.

OBJECT_ATTRIBUTES Attributes;
UNICODE_STRING NameUnicodeString ;
UNICODE_STRING TargetString;

HANDLE LinkHandle;
ULONG len;

RtlInitUnicodeString( &NameUnicodeString, “C:\temp1” ) ;
InitializeObjectAttributes( &Attributes,&NameUnicodeString,
OBJ_CASE_INSENSITIVE, NULL, NULL ) ;

ZwOpenSymbolicLinkObject(&LinkHandle,GENERIC_READ,&Attributes);

ZwQuerySymbolicLinkObject(&LinkHandle,&TargetString,&len);

Since the TargetString is of UNICODE type i can’t see what the output is,how can i convert it to a normal string,so that i can see the output in DbgPrint.Also please correct me if i did something wrong in the code.And please excuse this Driver newbie if questions sound stupid.

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

anton_bassov · November 18, 2008, 1:33am

> %wZ will output a PUNICODE_STRING at IRQL < DISPATCH_LEVEL.

IIRC, Zw… routines are callable not just at “below DISPATCH_LEVEL” but *strictly* at PASSIVE_LEVEL. Therefore, you cannot call them from any section that is protected by FAST_MUTEX or any other construct that disables APC delivery to the calling thread…

Anton Bassov

Prashant_MD · November 18, 2008, 1:46am

thx ken,but the thing is i’m using a module which provides me only the symbolic links to the files which i have to pass to another module which takes the file path in Device path format only.It would be of great help if someone here could help me with this.

For example i get the file name path from that module in the form of “C:\Temp1”

which i should pass to another module by converting the same path to “\Device\HardDiskVolume1\Temp1”

I can do this by string manipulation but was just wondering if there was something easier than that.

anton_bassov · November 18, 2008, 2:43am

> I can do this by string manipulation but was just wondering if there was something easier than that.

Nope - not under Windows …

As far as Object Manager is concerned, C: is a symbolic link to \Device\HardDiskVolume1, but it has no idea about //Temp1 file that resides on a volume- the only one who deals with it is FSD itself. The only task of the system in path resolution is to discover on which volume/partition the file in question resides so that it can send an IRP to the right device object that is created by FSD. At this point it can provide path in the form /Temp1/etc to FSD, and FSD will do the rest. This is very different from UNIX-like systems where VFS resolves the whole path so that FSD receives a separate call for every component of the path -each call requests FSD to find inode that corresponds to a given name in given directory entry…

Anton Bassov

Prashant_MD · November 18, 2008, 5:00am

so do u suggest to go with ZwOpenSymbolicLinkObject?

You need to pass the object manager (native) path -> does this mean “//Device//HardDiskVolume”??

anton_bassov · November 18, 2008, 5:15am

> 2. You need to pass the object manager (native) path -> does this mean “//Device//HardDiskVolume”??

Actually, exactly the reverse - you have to pass a symlink (i.e. C), and then you can query it for a “real” name in the form “//Device//HardDiskVolume”. In order to realize that, just consider the scenario when there are multiple symlinks to the same target name…

Anton Bassov

Prashant_MD · November 18, 2008, 8:28am

void DostoDeviceNames()
{
OBJECT_ATTRIBUTES Attributes;
UNICODE_STRING NameUnicodeString ;
UNICODE_STRING *TargetString;

HANDLE LinkHandle;
ULONG len;

RtlInitUnicodeString( &NameUnicodeString, L"C" ) ;
InitializeObjectAttributes( &Attributes,&NameUnicodeString,
OBJ_CASE_INSENSITIVE, NULL, NULL ) ;

TargetString=ExAllocatePool(NonPagedPool,sizeof(UNICODE_STRING));

ZwOpenSymbolicLinkObject(&LinkHandle,GENERIC_READ,&Attributes);

ZwQuerySymbolicLinkObject(&LinkHandle,TargetString,&len);

DbgPrint(“The symbolic link is %wZ”,TargetString);
}

Is this code right?? I see no output from this yet.

Prashant_MD · November 18, 2008, 9:25am

thx for all your help guys.I’ll just let object manager to do the task for me

Ken_Johnson · November 18, 2008, 10:31am

No, you need to allocate storage for the string that ZwQuerySymbolicLinkObject is returning. (Look at struct _UNICODE_STRING; it’s simply a buffer pointer and two length counters. You need to give it buffer space (with the appropriate length specified) to write the string into.)

S

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Tuesday, November 18, 2008 8:30 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] DOS device names to NT Device Names

void DostoDeviceNames()
{
OBJECT_ATTRIBUTES Attributes;
UNICODE_STRING NameUnicodeString ;
UNICODE_STRING *TargetString;

HANDLE LinkHandle;
ULONG len;

RtlInitUnicodeString( &NameUnicodeString, L"C" ) ;
InitializeObjectAttributes( &Attributes,&NameUnicodeString,
OBJ_CASE_INSENSITIVE, NULL, NULL ) ;

TargetString=ExAllocatePool(NonPagedPool,sizeof(UNICODE_STRING));

ZwOpenSymbolicLinkObject(&LinkHandle,GENERIC_READ,&Attributes);

ZwQuerySymbolicLinkObject(&LinkHandle,TargetString,&len);

DbgPrint(“The symbolic link is %wZ”,TargetString);
}

Is this code right?? I see no output from this yet.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · November 18, 2008, 10:44am

You are not passing the link handle to ZwQuerySymbolicLinkObject. You are
passing the address or the handle.
You need to read and understand the documentation for this call.
You have all the information that you need to get started. Read the
documentation and do some experimenting.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of xxxxx@gmail.com
Sent: Tuesday, November 18, 2008 8:30 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] DOS device names to NT Device Names

void DostoDeviceNames()
{
OBJECT_ATTRIBUTES Attributes;
UNICODE_STRING NameUnicodeString ;
UNICODE_STRING *TargetString;

HANDLE LinkHandle;
ULONG len;

RtlInitUnicodeString( &NameUnicodeString, L"C" ) ;
InitializeObjectAttributes( &Attributes,&NameUnicodeString,

OBJ_CASE_INSENSITIVE, NULL, NULL ) ;

TargetString=ExAllocatePool(NonPagedPool,sizeof(UNICODE_STRING));

ZwOpenSymbolicLinkObject(&LinkHandle,GENERIC_READ,&Attributes);

ZwQuerySymbolicLinkObject(&LinkHandle,TargetString,&len);

DbgPrint(“The symbolic link is %wZ”,TargetString); }

Is this code right?? I see no output from this yet.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer