Hello!
I have read this article:
http://www.osronline.com/article.cfm?id=85
And following it I am trying to print the target file name during a file rename using DbgPrint, And I just can’t print it… Can someone help me with it?
I would be very thankful!
it seems, it’s your problem how you call DbgPrint 
break your driver when it’ll receive IRP_MJ_SET_INFORMATION (with
FileRenameInformation!)
PFILE_RENAME_INFORMATION pf = (PFILE_RENAME_INFORMATION)
Irp->AssociatedIrp.SystemBuffer;
see &pf->FileName in WinDbg!
wrote in message news:xxxxx@ntfsd…
> Hello!
>
> I have read this article:
> http://www.osronline.com/article.cfm?id=85
> And following it I am trying to print the target file name during a file
> rename using DbgPrint, And I just can’t print it… Can someone help me
> with it?
>
> I would be very thankful!
>
Do you know the argument I have to give DbgPrint in order to print the name?
“Give a poor man a bread, and he will survive the day …”
DbgPrintf(" Here is my dbgprintf\n");
And teach a poor man how to make breads, he will survive the life …".
RTFM.
-pro
----- Original Message -----
From:
To: “Windows File Systems Devs Interest List”
Sent: Thursday, November 22, 2007 7:17 AM
Subject: RE:[ntfsd] Get target file name from a rename operation
> Do you know the argument I have to give DbgPrint in order to print the
> name?
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
I meant if I want to print the name which is WCHAR, how can print it?
DbgPrint(“The Target File Name Is: %s”, &FileRenameInfo->FileName); doesn’t work.
%s doesn’t show it.
>it seems, it’s your problem how you call DbgPrint
break your driver when it’ll receive IRP_MJ_SET_INFORMATION (with
FileRenameInformation!)
PFILE_RENAME_INFORMATION pf = (PFILE_RENAME_INFORMATION)
Irp->AssociatedIrp.SystemBuffer;
see &pf->FileName in WinDbg!
It is not sufficient to JUST see the pf->FileName buffer.
It may contain the fully qualified path, just the last component of the
name, or a name relative to a root directory.
Basically you have to check for the following conditions:
In first case, you will have a FQ name in the pf->FileName buffer. You
can identify this by checking for the presence of \Device.…
In second case, just the last name component is changed. Use the FQ
source filename to get the parent directory. The last name component is
present in the pf->FileName buffer. Concatenate the 2 strings.
In third case, the name is relative to a root directory. Here you will
have a handle of the root directory in pf->RootDirectory. Use
ObReferenceObjectByHandle to get the FILE_OBJECT for the handle and then
query the name of this file object. Then append the 2 names ( the Root
directory name and the one present in pf->NameBuffer)
And all the above pain was for LEGACY FILE SYSTEM FILTER.
In case you are implementing a Minifilter, just call
FltGetDestinationFileNameInformation.
And following it I am trying to print the target file name during a file
rename using DbgPrint, And I just can’t print it… Can someone help me with
it?
You are asking to give a solution to a VERY vague question.
Just in case you wanted to ask how to get a destination file name… above
is your answer.
Regards,
Ayush Gupta
Do you know the argument I have to give DbgPrint in order to print the name?
For wide char strings, it is %S ( S in capital letters )
DbgPrint(“%S”,widecharstring);
Note: It should be NULL terminated.
Try %S ( capital s ), but it should be documented in ddk doc.
Here it is -
DbgPrint
In Microsoft Windows Server 2003 and earlier versions of Windows, the
DbgPrint routine sends a message to the kernel debugger. In Windows Vista
and later versions of Windows, DbgPrint sends a message only if certain
conditions apply.
ULONG
DbgPrint(
IN PCHAR Format,
. . . . [arguments]
);
Parameters
Format
Specifies a pointer to the format string to print. The Format string
supports all the printf-style formatting codes. However, the Unicode format
codes (%C, %S, %lc, %ls, %wc, %ws, and %wZ) can only be used with IRQL =
PASSIVE_LEVEL.
arguments
Specifies arguments for the format string, as in printf.
Return Value
If successful, DbgPrint returns the NTSTATUS code STATUS_SUCCESS; otherwise
it returns the appropriate error code.
Headers
This routine is defined in ntddk.h, wdm.h, and ndis.h. Include ntddk.h,
wdm.h, or ndis.h.
Comments
This routine can only be used in Microsoft Windows 2000 and later.
DbgPrint and DbgPrintEx can be called at IRQL<=DIRQL. However, Unicode
format codes (%wc and %ws) can be used only at IRQL PASSIVE_LEVEL. Also,
because the debugger uses interprocess interrupts (IPIs) to communicate with
other processors, calling DbgPrint at IRQL>DIRQL can cause deadlocks.
Only kernel-mode drivers can call the DbgPrint routine.
In Windows Vista and later versions of Windows, DbgPrint sends a message
only if certain conditions apply. Specifically, it behaves like the
DbgPrintEx routine with the DEFAULT component and a message importance level
of DPFLTR_INFO_LEVEL. In other words, the following two function calls are
identical:
DbgPrint ( Format, arguments )
DbgPrintEx ( DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, Format, arguments )
For more information about message filtering, components, and message
importance level, see Reading and Filtering Debugging Messages.
Note Regardless of which version of Windows you are using, it is
recommended that you use DbgPrintEx instead of DbgPrint, since this allows
you to control the conditions under which the message is sent.
Unless it is absolutely necessary, you should not obtain a string from user
input or another process and pass it to DbgPrint. If you do use a string
that you did not create, you must verify that this is a valid format string,
and that the format codes match the argument list in type and quantity. The
best coding practice is for all Format strings to be static and defined at
compile time.
There is no upper limit to the size of the Format string or the number of
arguments. However, any single call to DbgPrint will only transmit 512 bytes
of information. There is also a limit to the size of the DbgPrint buffer.
See The DbgPrint Buffer and the Debugger for details.
See Also
DbgPrintEx, KdPrint, KdPrintEx
----- Original Message -----
From:
To: “Windows File Systems Devs Interest List”
Sent: Thursday, November 22, 2007 7:27 AM
Subject: RE:[ntfsd] Get target file name from a rename operation
>I meant if I want to print the name which is WCHAR, how can print it?
> DbgPrint(“The Target File Name Is: %s”, &FileRenameInfo->FileName);
> doesn’t work.
>
> %s doesn’t show it.
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
Thank you!
Of course you should be aware that %S can cause a crash here since this is a
counted string. Instead consider dedining a UNICODE_STRING structurem
initializing it to:
x.Buffer = r.FileName;
x.Length = r.FileNameLength;
x.MaximumLength = x.Length
and then DbgPrint(“%wZ”, &x);
This cannot run off the end of the string because of no NULL character etc.
Since Microsoft makes no claim they will always have a NULL char.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
“Ayush Gupta” wrote in message news:xxxxx@ntfsd…
Do you know the argument I have to give DbgPrint in order to print the name?
For wide char strings, it is %S ( S in capital letters )
DbgPrint(“%S”,widecharstring);
Note: It should be NULL terminated.
Thank you!
Maybe it is not the subject of the thread, can you show me some article about string types?
What types exist, and how we work with them? If such an article exists…
Thanks!
I’m assuming you have the ddk document from fairly recent WDK. By the
way, what version of ddk you are using?
http://www.microsoft.com/whdc/default.mspx
is a good place to search for information
You know the osronline site for lots of different articles. It also
have some of the best written articles and FAQ on file system related
stuff.
Finally since you are new to it, make sure to use as much as of safe
string. Look at the ddk document for it.
Main theme is —
There are ascii string. And there are wide string. These strings
implies that you have null char at the end of those strings. And
usually they are called un-counted string.
There are also counted string, ( search the ddk doc for
UNICODE_STRING). They are not null terminated, but it is a data struct
with length parameters and buffer. So you have to be careful when you
pass as a parameter to other functions.
-pro
On Nov 22, 2007 2:03 PM, wrote:
> Thank you!
>
> Maybe it is not the subject of the thread, can you show me some article about string types?
> What types exist, and how we work with them? If such an article exists…
>
> Thanks!
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Thank you very much!