I have a handle to SECTION_OBJECT. i would like to get the FILE_OBJECT
backed by SECTION_OBJECT.
After query on the section attributes i found the section is backed by a
file and the section is mapped as an image. How do i find the file
object/file name it is backed by?
In debugger i found the following information.
In SECTION_OBJECT at Offset 0x14 i have a pointer to SEGMENT
In SEGMENT at Offset 0x00 i have a pointer to CONTROL_AREA
In CONTROL_AREA at Offset 0x24 i have pointer to the FILE_OBJECT.
The Big Question, how do i get this information using microsoft approved
API?
Is this possible? Can i get pointer to the FILE_OBJECT given a pointer to
SECTION_OBJECT? Offcourse if and only if the SECTION_OBJECT is backed by a
file.
Any help is appreciated.
Thanks,
-Srin.
No API for that, afaik. Those structures are extremly dependant by OS
version, they changed in every major build of NT kernel. What is what you
want to accomplish ?
Dan
wrote in message news:xxxxx@ntdevā¦
>
> I have a handle to SECTION_OBJECT. i would like to get the FILE_OBJECT
> backed by SECTION_OBJECT.
>
> After query on the section attributes i found the section is backed by a
> file and the section is mapped as an image. How do i find the file
> object/file name it is backed by?
>
> In debugger i found the following information.
>
> In SECTION_OBJECT at Offset 0x14 i have a pointer to SEGMENT
> In SEGMENT at Offset 0x00 i have a pointer to CONTROL_AREA
> In CONTROL_AREA at Offset 0x24 i have pointer to the FILE_OBJECT.
>
> The Big Question, how do i get this information using microsoft approved
> API?
> Is this possible? Can i get pointer to the FILE_OBJECT given a pointer to
> SECTION_OBJECT? Offcourse if and only if the SECTION_OBJECT is backed by a
> file.
>
> Any help is appreciated.
> Thanks,
> -Srin.
>
>
>
> The Big Question, how do i get this information using microsoft
approved
API?
Is this possible? Can i get pointer to the FILE_OBJECT given a
pointer to
SECTION_OBJECT?
No, this is not possible.
Max