FileShortNameInformation - PRIVILEGE NOT HELD

Alexander-2 · February 12, 2005, 10:32am

Hi all,

I try to use ZwSetInformationFile with FileShortNameInformation. I call this
routine in my driver entry routine (just for testing) and the ZwSetInfo…
call always fail with STATUS_PRIVILEGE_NOT_HELD.

I use Win XP Pro, the volume is NTFS and it is mounted. I have also enabled
the privilege SE_RESTORE_PRIVILEGE using ZwAdjustPrivilegesToken on the
current process token. But is still fails.

Does anybody know what I am doing wrong?

The non-working code looks like this:

NTSTATUS status; TOKEN_PRIVILEGES privSet; HANDLE tokenHandle;
TOKEN_PRIVILEGES tokenPriv;

// Open current process token
status = ZwOpenProcessToken(NtCurrentProcess(), TOKEN_ALL_ACCESS,
&tokenHandle);

if ( !NT_SUCCESS( status ) )
{
KdPrint((“[BCatDriver] NtOpenProcessToken failed, status 0x%x\n”,
status));
return status;
}

// Set up the information about the privilege we are adjusting
privSet.PrivilegeCount = 1;
privSet.Privileges[0].Luid = RtlConvertUlongToLuid(SE_RESTORE_PRIVILEGE);
privSet.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

status = ZwAdjustPrivilegesToken(tokenHandle, FALSE, &privSet,
sizeof(privSet), NULL, NULL);

if ( !NT_SUCCESS( status ) )
KdPrint((“[BCatDriver] ZwAdjustPrivilegesToken failed, status 0x%x\n”,
status));

ZwClose(tokenHandle);

OBJECT_ATTRIBUTES oa; UNICODE_STRING filenameu; HANDLE handle;
IO_STATUS_BLOCK iosb;

RtlInitUnicodeString( &filenameu, L"\DosDevices\C:\directory1" );
InitializeObjectAttributes( &oa, &filenameu, OBJ_CASE_INSENSITIVE|
OBJ_KERNEL_HANDLE , NULL, NULL );

NTSTATUS ntStatus = ZwCreateFile( &handle, GENERIC_WRITE|DELETE, &oa,
&iosb, 0, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN, 0, NULL, 0 );

if ( NT_SUCCESS( ntStatus ) )
{

PFILE_NAME_INFORMATION fileNameInfo = (PFILE_NAME_INFORMATION) new
(PagedPool) WCHAR[20];

fileNameInfo->FileNameLength = wcslen( L"direct~2" ) * sizeof( WCHAR );
memcpy( fileNameInfo->FileName, L"direct~2",
fileNameInfo->FileNameLength );

ntStatus = ZwSetInformationFile( handle, &iosb, fileNameInfo, sizeof(
FILE_NAME_INFORMATION ) + fileNameInfo->FileNameLength,
FileShortNameInformation );

delete fileNameInfo;

// Always returns STATUS_PRIVILEGE_NOT_HELD ((NTSTATUS)0xC0000061L):
// A required privilege is not held by the client
KdPrint((“ntStatus: 0x%X\n”, ntStatus));
ZwClose( handle );
}

OSR_Community_User · February 12, 2005, 11:15am

You do not hold SeChangeNotify privilege. That is what is required to
obtain name/path information. That’s an unusual situation, but one that
CAN occur.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alexander
Sent: Saturday, February 12, 2005 10:32 AM
To: ntfsd redirect
Subject: [ntfsd] FileShortNameInformation - PRIVILEGE NOT HELD

Hi all,

I try to use ZwSetInformationFile with FileShortNameInformation. I call
this
routine in my driver entry routine (just for testing) and the
ZwSetInfo…
call always fail with STATUS_PRIVILEGE_NOT_HELD.

I use Win XP Pro, the volume is NTFS and it is mounted. I have also
enabled
the privilege SE_RESTORE_PRIVILEGE using ZwAdjustPrivilegesToken on the
current process token. But is still fails.

Does anybody know what I am doing wrong?

The non-working code looks like this:

NTSTATUS status; TOKEN_PRIVILEGES privSet; HANDLE tokenHandle;
TOKEN_PRIVILEGES tokenPriv;

// Open current process token
status = ZwOpenProcessToken(NtCurrentProcess(), TOKEN_ALL_ACCESS,
&tokenHandle);

if ( !NT_SUCCESS( status ) )
{
KdPrint((“[BCatDriver] NtOpenProcessToken failed, status 0x%x\n”,
status));
return status;
}

// Set up the information about the privilege we are adjusting
privSet.PrivilegeCount = 1;
privSet.Privileges[0].Luid =
RtlConvertUlongToLuid(SE_RESTORE_PRIVILEGE);
privSet.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

status = ZwAdjustPrivilegesToken(tokenHandle, FALSE, &privSet,
sizeof(privSet), NULL, NULL);

if ( !NT_SUCCESS( status ) )
KdPrint((“[BCatDriver] ZwAdjustPrivilegesToken failed, status
0x%x\n”,
status));

ZwClose(tokenHandle);

OBJECT_ATTRIBUTES oa; UNICODE_STRING filenameu; HANDLE handle;
IO_STATUS_BLOCK iosb;

RtlInitUnicodeString( &filenameu, L"\DosDevices\C:\directory1" );
InitializeObjectAttributes( &oa, &filenameu, OBJ_CASE_INSENSITIVE|
OBJ_KERNEL_HANDLE , NULL, NULL );

NTSTATUS ntStatus = ZwCreateFile( &handle, GENERIC_WRITE|DELETE, &oa,
&iosb, 0, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN, 0, NULL, 0 );

if ( NT_SUCCESS( ntStatus ) )
{

PFILE_NAME_INFORMATION fileNameInfo = (PFILE_NAME_INFORMATION) new
(PagedPool) WCHAR[20];

fileNameInfo->FileNameLength = wcslen( L"direct~2" ) * sizeof( WCHAR
);
memcpy( fileNameInfo->FileName, L"direct~2",
fileNameInfo->FileNameLength );

ntStatus = ZwSetInformationFile( handle, &iosb, fileNameInfo, sizeof(
FILE_NAME_INFORMATION ) + fileNameInfo->FileNameLength,
FileShortNameInformation );

delete fileNameInfo;

// Always returns STATUS_PRIVILEGE_NOT_HELD ((NTSTATUS)0xC0000061L):
// A required privilege is not held by the client
KdPrint((“ntStatus: 0x%X\n”, ntStatus));
ZwClose( handle );
}

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Alexander-2 · February 12, 2005, 11:37am

Hi,

I enabled SeChangeNotify too but I still get the same status code. Could
there be something else that is missing?

Regards
Alexander

“Tony Mason” skrev i meddelandet news:xxxxx@ntfsd…
You do not hold SeChangeNotify privilege. That is what is required to
obtain name/path information. That’s an unusual situation, but one that
CAN occur.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alexander
Sent: Saturday, February 12, 2005 10:32 AM
To: ntfsd redirect
Subject: [ntfsd] FileShortNameInformation - PRIVILEGE NOT HELD

Hi all,

I try to use ZwSetInformationFile with FileShortNameInformation. I call
this
routine in my driver entry routine (just for testing) and the
ZwSetInfo…
call always fail with STATUS_PRIVILEGE_NOT_HELD.

I use Win XP Pro, the volume is NTFS and it is mounted. I have also
enabled
the privilege SE_RESTORE_PRIVILEGE using ZwAdjustPrivilegesToken on the
current process token. But is still fails.

Does anybody know what I am doing wrong?

The non-working code looks like this:

NTSTATUS status; TOKEN_PRIVILEGES privSet; HANDLE tokenHandle;
TOKEN_PRIVILEGES tokenPriv;

// Open current process token
status = ZwOpenProcessToken(NtCurrentProcess(), TOKEN_ALL_ACCESS,
&tokenHandle);

if ( !NT_SUCCESS( status ) )
{
KdPrint((“[BCatDriver] NtOpenProcessToken failed, status 0x%x\n”,
status));
return status;
}

// Set up the information about the privilege we are adjusting
privSet.PrivilegeCount = 1;
privSet.Privileges[0].Luid =
RtlConvertUlongToLuid(SE_RESTORE_PRIVILEGE);
privSet.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

status = ZwAdjustPrivilegesToken(tokenHandle, FALSE, &privSet,
sizeof(privSet), NULL, NULL);

if ( !NT_SUCCESS( status ) )
KdPrint((“[BCatDriver] ZwAdjustPrivilegesToken failed, status
0x%x\n”,
status));

ZwClose(tokenHandle);

OBJECT_ATTRIBUTES oa; UNICODE_STRING filenameu; HANDLE handle;
IO_STATUS_BLOCK iosb;

RtlInitUnicodeString( &filenameu, L"\DosDevices\C:\directory1" );
InitializeObjectAttributes( &oa, &filenameu, OBJ_CASE_INSENSITIVE|
OBJ_KERNEL_HANDLE , NULL, NULL );

NTSTATUS ntStatus = ZwCreateFile( &handle, GENERIC_WRITE|DELETE, &oa,
&iosb, 0, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN, 0, NULL, 0 );

if ( NT_SUCCESS( ntStatus ) )
{

PFILE_NAME_INFORMATION fileNameInfo = (PFILE_NAME_INFORMATION) new
(PagedPool) WCHAR[20];

fileNameInfo->FileNameLength = wcslen( L"direct~2" ) * sizeof( WCHAR
);
memcpy( fileNameInfo->FileName, L"direct~2",
fileNameInfo->FileNameLength );

ntStatus = ZwSetInformationFile( handle, &iosb, fileNameInfo, sizeof(
FILE_NAME_INFORMATION ) + fileNameInfo->FileNameLength,
FileShortNameInformation );

delete fileNameInfo;

// Always returns STATUS_PRIVILEGE_NOT_HELD ((NTSTATUS)0xC0000061L):
// A required privilege is not held by the client
KdPrint((“ntStatus: 0x%X\n”, ntStatus));
ZwClose( handle );
}

—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · February 12, 2005, 12:29pm

Hi Alexander,

I should have read your original more closely - you are trying to SET
the name, not get it - sorry about that.

The only suggestion that I have is to confirm that you are using the
process credentials (no impersonation state set) - not likely, but it
would cause a problem of the type you suggested. Other than that, the
only reason this error would be returned to you is because NTFS doesn’t
think you really do have restore privilege or you didn’t ask for write
data or attribute access. I can see your open does ask for
GENERIC_WRITE access, which would be mapped into FILE_WRITE_DATA, so
that should be fine.

One other question: is this item a directory? If so, try it on a file to
see if it works there (not fixing the problem, but making it easier to
suggest avenues for further exploration).

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alexander
Sent: Saturday, February 12, 2005 11:49 AM
To: ntfsd redirect
Subject: Re:[ntfsd] FileShortNameInformation - PRIVILEGE NOT HELD

Hi,

I enabled SeChangeNotify too but I still get the same status code. Could

there be something else that is missing?

Regards
Alexander

“Tony Mason” skrev i meddelandet news:xxxxx@ntfsd…
You do not hold SeChangeNotify privilege. That is what is required to
obtain name/path information. That’s an unusual situation, but one that
CAN occur.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alexander
Sent: Saturday, February 12, 2005 10:32 AM
To: ntfsd redirect
Subject: [ntfsd] FileShortNameInformation - PRIVILEGE NOT HELD

Hi all,

I try to use ZwSetInformationFile with FileShortNameInformation. I call
this
routine in my driver entry routine (just for testing) and the
ZwSetInfo…
call always fail with STATUS_PRIVILEGE_NOT_HELD.

I use Win XP Pro, the volume is NTFS and it is mounted. I have also
enabled
the privilege SE_RESTORE_PRIVILEGE using ZwAdjustPrivilegesToken on the
current process token. But is still fails.

Does anybody know what I am doing wrong?

The non-working code looks like this:

NTSTATUS status; TOKEN_PRIVILEGES privSet; HANDLE tokenHandle;
TOKEN_PRIVILEGES tokenPriv;

// Open current process token
status = ZwOpenProcessToken(NtCurrentProcess(), TOKEN_ALL_ACCESS,
&tokenHandle);

if ( !NT_SUCCESS( status ) )
{
KdPrint((“[BCatDriver] NtOpenProcessToken failed, status 0x%x\n”,
status));
return status;
}

// Set up the information about the privilege we are adjusting
privSet.PrivilegeCount = 1;
privSet.Privileges[0].Luid =
RtlConvertUlongToLuid(SE_RESTORE_PRIVILEGE);
privSet.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

status = ZwAdjustPrivilegesToken(tokenHandle, FALSE, &privSet,
sizeof(privSet), NULL, NULL);

if ( !NT_SUCCESS( status ) )
KdPrint((“[BCatDriver] ZwAdjustPrivilegesToken failed, status
0x%x\n”,
status));

ZwClose(tokenHandle);

OBJECT_ATTRIBUTES oa; UNICODE_STRING filenameu; HANDLE handle;
IO_STATUS_BLOCK iosb;

RtlInitUnicodeString( &filenameu, L"\DosDevices\C:\directory1" );
InitializeObjectAttributes( &oa, &filenameu, OBJ_CASE_INSENSITIVE|
OBJ_KERNEL_HANDLE , NULL, NULL );

NTSTATUS ntStatus = ZwCreateFile( &handle, GENERIC_WRITE|DELETE, &oa,
&iosb, 0, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN, 0, NULL, 0 );

if ( NT_SUCCESS( ntStatus ) )
{

PFILE_NAME_INFORMATION fileNameInfo = (PFILE_NAME_INFORMATION) new
(PagedPool) WCHAR[20];

fileNameInfo->FileNameLength = wcslen( L"direct~2" ) * sizeof( WCHAR
);
memcpy( fileNameInfo->FileName, L"direct~2",
fileNameInfo->FileNameLength );

ntStatus = ZwSetInformationFile( handle, &iosb, fileNameInfo, sizeof(
FILE_NAME_INFORMATION ) + fileNameInfo->FileNameLength,
FileShortNameInformation );

delete fileNameInfo;

// Always returns STATUS_PRIVILEGE_NOT_HELD ((NTSTATUS)0xC0000061L):
// A required privilege is not held by the client
KdPrint((“ntStatus: 0x%X\n”, ntStatus));
ZwClose( handle );
}

—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Alexander-2 · February 12, 2005, 12:46pm

Hi again,

I tried with both a directory and a file and it does not work for either of
them. About the impersonation, how do I confirm that I am not in a
impersonation state? As you can see, I use NtCurrentProcess() when I open
the process token. Since the code run in driver entry it should be in the
system context, could this cause any problem?

Best bet is, as you say, that I have not managed to enable Restore
priviliges for the calling process?

Regards
Alexander

“Tony Mason” skrev i meddelandet news:xxxxx@ntfsd…
Hi Alexander,

I should have read your original more closely - you are trying to SET
the name, not get it - sorry about that.

The only suggestion that I have is to confirm that you are using the
process credentials (no impersonation state set) - not likely, but it
would cause a problem of the type you suggested. Other than that, the
only reason this error would be returned to you is because NTFS doesn’t
think you really do have restore privilege or you didn’t ask for write
data or attribute access. I can see your open does ask for
GENERIC_WRITE access, which would be mapped into FILE_WRITE_DATA, so
that should be fine.

One other question: is this item a directory? If so, try it on a file to
see if it works there (not fixing the problem, but making it easier to
suggest avenues for further exploration).

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alexander
Sent: Saturday, February 12, 2005 11:49 AM
To: ntfsd redirect
Subject: Re:[ntfsd] FileShortNameInformation - PRIVILEGE NOT HELD

Hi,

I enabled SeChangeNotify too but I still get the same status code. Could

there be something else that is missing?

Regards
Alexander

“Tony Mason” skrev i meddelandet news:xxxxx@ntfsd…
You do not hold SeChangeNotify privilege. That is what is required to
obtain name/path information. That’s an unusual situation, but one that
CAN occur.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alexander
Sent: Saturday, February 12, 2005 10:32 AM
To: ntfsd redirect
Subject: [ntfsd] FileShortNameInformation - PRIVILEGE NOT HELD

Hi all,

I try to use ZwSetInformationFile with FileShortNameInformation. I call
this
routine in my driver entry routine (just for testing) and the
ZwSetInfo…
call always fail with STATUS_PRIVILEGE_NOT_HELD.

I use Win XP Pro, the volume is NTFS and it is mounted. I have also
enabled
the privilege SE_RESTORE_PRIVILEGE using ZwAdjustPrivilegesToken on the
current process token. But is still fails.

Does anybody know what I am doing wrong?

The non-working code looks like this:

NTSTATUS status; TOKEN_PRIVILEGES privSet; HANDLE tokenHandle;
TOKEN_PRIVILEGES tokenPriv;

// Open current process token
status = ZwOpenProcessToken(NtCurrentProcess(), TOKEN_ALL_ACCESS,
&tokenHandle);

if ( !NT_SUCCESS( status ) )
{
KdPrint((“[BCatDriver] NtOpenProcessToken failed, status 0x%x\n”,
status));
return status;
}

// Set up the information about the privilege we are adjusting
privSet.PrivilegeCount = 1;
privSet.Privileges[0].Luid =
RtlConvertUlongToLuid(SE_RESTORE_PRIVILEGE);
privSet.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

status = ZwAdjustPrivilegesToken(tokenHandle, FALSE, &privSet,
sizeof(privSet), NULL, NULL);

if ( !NT_SUCCESS( status ) )
KdPrint((“[BCatDriver] ZwAdjustPrivilegesToken failed, status
0x%x\n”,
status));

ZwClose(tokenHandle);

OBJECT_ATTRIBUTES oa; UNICODE_STRING filenameu; HANDLE handle;
IO_STATUS_BLOCK iosb;

RtlInitUnicodeString( &filenameu, L"\DosDevices\C:\directory1" );
InitializeObjectAttributes( &oa, &filenameu, OBJ_CASE_INSENSITIVE|
OBJ_KERNEL_HANDLE , NULL, NULL );

NTSTATUS ntStatus = ZwCreateFile( &handle, GENERIC_WRITE|DELETE, &oa,
&iosb, 0, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN, 0, NULL, 0 );

if ( NT_SUCCESS( ntStatus ) )
{

PFILE_NAME_INFORMATION fileNameInfo = (PFILE_NAME_INFORMATION) new
(PagedPool) WCHAR[20];

fileNameInfo->FileNameLength = wcslen( L"direct~2" ) * sizeof( WCHAR
);
memcpy( fileNameInfo->FileName, L"direct~2",
fileNameInfo->FileNameLength );

ntStatus = ZwSetInformationFile( handle, &iosb, fileNameInfo, sizeof(
FILE_NAME_INFORMATION ) + fileNameInfo->FileNameLength,
FileShortNameInformation );

delete fileNameInfo;

// Always returns STATUS_PRIVILEGE_NOT_HELD ((NTSTATUS)0xC0000061L):
// A required privilege is not held by the client
KdPrint((“ntStatus: 0x%X\n”, ntStatus));
ZwClose( handle );
}

—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · February 12, 2005, 12:59pm

FWIW, I’ve run into a similar problem when trying to change owner of a file
from a driver running in the system context, using ZwSetSecurityObject.

I’m getting STATUS_INVALID_OWNER, which means “The SID provided for the
owner of the target security descriptor is not one the caller is authorized
to assign as the owner of an object”. (I’m copying the SID from an existing
file to a new file just created by the driver.)

It’s not exactly the same as your situation, but seems very similar. I have
not found a resolution or workaround yet.

Maybe the system context isn’t as privileged as we think it is…?

Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alexander
Sent: Saturday, February 12, 2005 12:57 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] FileShortNameInformation - PRIVILEGE NOT HELD

Hi again,

I tried with both a directory and a file and it does not work for either of
them. About the impersonation, how do I confirm that I am not in a
impersonation state? As you can see, I use NtCurrentProcess() when I open
the process token. Since the code run in driver entry it should be in the
system context, could this cause any problem?

Best bet is, as you say, that I have not managed to enable Restore
priviliges for the calling process?

Regards
Alexander

“Tony Mason” skrev i meddelandet news:xxxxx@ntfsd…
Hi Alexander,

I should have read your original more closely - you are trying to SET
the name, not get it - sorry about that.

The only suggestion that I have is to confirm that you are using the
process credentials (no impersonation state set) - not likely, but it
would cause a problem of the type you suggested. Other than that, the
only reason this error would be returned to you is because NTFS doesn’t
think you really do have restore privilege or you didn’t ask for write
data or attribute access. I can see your open does ask for
GENERIC_WRITE access, which would be mapped into FILE_WRITE_DATA, so
that should be fine.

One other question: is this item a directory? If so, try it on a file to
see if it works there (not fixing the problem, but making it easier to
suggest avenues for further exploration).

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alexander
Sent: Saturday, February 12, 2005 11:49 AM
To: ntfsd redirect
Subject: Re:[ntfsd] FileShortNameInformation - PRIVILEGE NOT HELD

Hi,

I enabled SeChangeNotify too but I still get the same status code. Could

there be something else that is missing?

Regards
Alexander

“Tony Mason” skrev i meddelandet news:xxxxx@ntfsd…
You do not hold SeChangeNotify privilege. That is what is required to
obtain name/path information. That’s an unusual situation, but one that
CAN occur.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alexander
Sent: Saturday, February 12, 2005 10:32 AM
To: ntfsd redirect
Subject: [ntfsd] FileShortNameInformation - PRIVILEGE NOT HELD

Hi all,

I try to use ZwSetInformationFile with FileShortNameInformation. I call
this
routine in my driver entry routine (just for testing) and the
ZwSetInfo…
call always fail with STATUS_PRIVILEGE_NOT_HELD.

I use Win XP Pro, the volume is NTFS and it is mounted. I have also
enabled
the privilege SE_RESTORE_PRIVILEGE using ZwAdjustPrivilegesToken on the
current process token. But is still fails.

Does anybody know what I am doing wrong?

The non-working code looks like this:

NTSTATUS status; TOKEN_PRIVILEGES privSet; HANDLE tokenHandle;
TOKEN_PRIVILEGES tokenPriv;

// Open current process token
status = ZwOpenProcessToken(NtCurrentProcess(), TOKEN_ALL_ACCESS,
&tokenHandle);

if ( !NT_SUCCESS( status ) )
{
KdPrint((“[BCatDriver] NtOpenProcessToken failed, status 0x%x\n”,
status));
return status;
}

// Set up the information about the privilege we are adjusting
privSet.PrivilegeCount = 1;
privSet.Privileges[0].Luid =
RtlConvertUlongToLuid(SE_RESTORE_PRIVILEGE);
privSet.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

status = ZwAdjustPrivilegesToken(tokenHandle, FALSE, &privSet,
sizeof(privSet), NULL, NULL);

if ( !NT_SUCCESS( status ) )
KdPrint((“[BCatDriver] ZwAdjustPrivilegesToken failed, status
0x%x\n”,
status));

ZwClose(tokenHandle);

OBJECT_ATTRIBUTES oa; UNICODE_STRING filenameu; HANDLE handle;
IO_STATUS_BLOCK iosb;

RtlInitUnicodeString( &filenameu, L"\DosDevices\C:\directory1" );
InitializeObjectAttributes( &oa, &filenameu, OBJ_CASE_INSENSITIVE|
OBJ_KERNEL_HANDLE , NULL, NULL );

NTSTATUS ntStatus = ZwCreateFile( &handle, GENERIC_WRITE|DELETE, &oa,
&iosb, 0, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN, 0, NULL, 0 );

if ( NT_SUCCESS( ntStatus ) )
{

PFILE_NAME_INFORMATION fileNameInfo = (PFILE_NAME_INFORMATION) new
(PagedPool) WCHAR[20];

fileNameInfo->FileNameLength = wcslen( L"direct~2" ) * sizeof( WCHAR
);
memcpy( fileNameInfo->FileName, L"direct~2",
fileNameInfo->FileNameLength );

ntStatus = ZwSetInformationFile( handle, &iosb, fileNameInfo, sizeof(
FILE_NAME_INFORMATION ) + fileNameInfo->FileNameLength,
FileShortNameInformation );

delete fileNameInfo;

// Always returns STATUS_PRIVILEGE_NOT_HELD ((NTSTATUS)0xC0000061L):
// A required privilege is not held by the client
KdPrint((“ntStatus: 0x%X\n”, ntStatus));
ZwClose( handle );
}

—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com

Alexander-2 · February 16, 2005, 4:12am

Is there anyone here that have had this problem or knows how to correct the
problem I am having with FileShortNameInformation?

Regards
Alexander

“Alexander” skrev i meddelandet news:xxxxx@ntfsd…
> Hi all,
>
> I try to use ZwSetInformationFile with FileShortNameInformation. I call
this
> routine in my driver entry routine (just for testing) and the ZwSetInfo…
> call always fail with STATUS_PRIVILEGE_NOT_HELD.
>
> I use Win XP Pro, the volume is NTFS and it is mounted. I have also
enabled
> the privilege SE_RESTORE_PRIVILEGE using ZwAdjustPrivilegesToken on the
> current process token. But is still fails.
>
> Does anybody know what I am doing wrong?
>
> The non-working code looks like this:
>
> NTSTATUS status; TOKEN_PRIVILEGES privSet; HANDLE tokenHandle;
> TOKEN_PRIVILEGES tokenPriv;
>
> // Open current process token
> status = ZwOpenProcessToken(NtCurrentProcess(), TOKEN_ALL_ACCESS,
> &tokenHandle);
>
> if ( !NT_SUCCESS( status ) )
> {
> KdPrint((“[BCatDriver] NtOpenProcessToken failed, status 0x%x\n”,
> status));
> return status;
> }
>
> // Set up the information about the privilege we are adjusting
> privSet.PrivilegeCount = 1;
> privSet.Privileges[0].Luid = RtlConvertUlongToLuid(SE_RESTORE_PRIVILEGE);
> privSet.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
>
> status = ZwAdjustPrivilegesToken(tokenHandle, FALSE, &privSet,
> sizeof(privSet), NULL, NULL);
>
> if ( !NT_SUCCESS( status ) )
> KdPrint((“[BCatDriver] ZwAdjustPrivilegesToken failed, status
0x%x\n”,
> status));
>
> ZwClose(tokenHandle);
>
> OBJECT_ATTRIBUTES oa; UNICODE_STRING filenameu; HANDLE handle;
> IO_STATUS_BLOCK iosb;
>
> RtlInitUnicodeString( &filenameu, L"\DosDevices\C:\directory1" );
> InitializeObjectAttributes( &oa, &filenameu, OBJ_CASE_INSENSITIVE|
> OBJ_KERNEL_HANDLE , NULL, NULL );
>
> NTSTATUS ntStatus = ZwCreateFile( &handle, GENERIC_WRITE|DELETE, &oa,
> &iosb, 0, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN, 0, NULL, 0 );
>
> if ( NT_SUCCESS( ntStatus ) )
> {
>
> PFILE_NAME_INFORMATION fileNameInfo = (PFILE_NAME_INFORMATION) new
> (PagedPool) WCHAR[20];
>
> fileNameInfo->FileNameLength = wcslen( L"direct~2" ) * sizeof( WCHAR );
> memcpy( fileNameInfo->FileName, L"direct~2",
> fileNameInfo->FileNameLength );
>
> ntStatus = ZwSetInformationFile( handle, &iosb, fileNameInfo, sizeof(
> FILE_NAME_INFORMATION ) + fileNameInfo->FileNameLength,
> FileShortNameInformation );
>
> delete fileNameInfo;
>
> // Always returns STATUS_PRIVILEGE_NOT_HELD ((NTSTATUS)0xC0000061L):
> // A required privilege is not held by the client
> KdPrint((“ntStatus: 0x%X\n”, ntStatus));
> ZwClose( handle );
> }
>
>
>