How are you getting a txt file in the load image notify routine? As far as
no drive letter for DLLs, that is the way it works. I don’t recall ever
seeing a drive letter for a DLL. The exe file always has a drive letter.
Bill Wandel
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Jonathon
Sent: Thursday, April 30, 2009 12:23 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Easiest way to compare object names(?)?
Thanks Don… Would you be able to direct me to certain calls I could make
to get the file system ID and file ID?
also, my problem is coming from PsSetLoadImageNotifyRoutine.
http://msdn.microsoft.com/en-us/library/ms802949.aspx
The callback function gives me the “FullImagePath” but for some reason, it
has stripped off all the driver letters and giving me some weird path.
For example, it is giving me “\windows\system32\ntdll.dll” instead of
“c:\windows\system32\ntdll.dll”. It is giving me “\myDir\test.txt” instead
of “c:\myDir\test.txt”.
If it is doing that on purpose, assuming I am given “\myDir\test.txt”, is
there a way I could infer whether this file is coming from
“c:\myDir\test.txt” or “d:\myDir\test.txt” or even “d:\myDir\test.txt”?
thanks for the help
J
On Thu, Apr 30, 2009 at 9:15 AM, Don Burn wrote:
You forgot the problems of links, since you could also have:
c:\foo\ntjunk.dll and it be the same file. If you want to be sure you need
to get the filesystem ID and the file ID and compare that for each item you
encounter.
–
Don Burn (MVP, Windows DDK)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“Jonathon” wrote in message news:xxxxx@ntdev…
> Hello,
> I am given several paths.
>
> Example:
> 1) “\WINDOWS\system32\ntdll.dll”
> 2) “c:\windows\system32\ntdll.dll”
> 3) “??\c:\windows\system32\ntdll.dll”
>
> My problem is they essentially all map to the same file. Is there a way
> to
> convert these strings so they are all represented in the same format so I
> could compare them?
>
> Thanks
> J
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 4046 (20090430)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
Information from ESET NOD32 Antivirus, version of virus signature
database 4046 (20090430)
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the
List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer