Hi,
I am experiencing the weirdest problem on a Win2000 sp2 machine, which can
dual boot to Win98. IN the W2K environment, at some point, our driver
intercepts in the IRP_MJ_CREATE path a fileobject pointing to the \Win98
folder. At that point, the strangest thing happens. In my debugger, the
following line is printed (from within my driver):
About to get full file name from \WIN98????Va?
As you see, the filename is crippled. In the above debugprint, the filename
is printed using %wZ, the standard way to print unicode strings.
If I debug the FileObject->FileName, I find the following:
FileObject->FileName.Length = 36
FileObject->FileName.MaximumLength = 56
If I do an ‘!object’ on the FileObject, I get:
kd> !object EEF83434
Object: eef83434 Type: (81491500) File
ObjectHeader: eef8341c
HandleCount: 0 PointerCount: 1
Directory Object: 00000000 Name: \WIN98\ {HarddiskVolume3}
So in that case the filename seems ok to me.
The memory dump for the fileobject is:
kd> dd EEF83434
eef83434 00700005 814694d0 00000000 00000000
eef83444 00000000 00000000 00000000 00000000
eef83454 00000000 00000000 00000000 00000000
eef83464 00380024 e23b67c8 00000000 00000000
eef83474 00000000 00000000 00000000 00000000
eef83484 00000000 00000000 00000000 00040000
eef83494 00000000 eef83498 eef83498 00000000
eef834a4 00000000 00000000 eef83374 00000000
Dumping the e23b67c8 address gives:
kd> dd e23b67c8
e23b67c8 0057005c 004e0049 00380039 ffff005c
e23b67d8 e0d8ffff fe0b0012 0268007f a5d83801
e23b67e8 00050015 00120000 007ffe0b 38010197
e23b67f8 0015a5d8 00000005 02028202 49564d43
e23b6808 00092330 e23c2c89 e23c2cc9 e2390d09
e23b6818 e1337dc9 e21fbd49 e2378fc9 e22ce429
e23b6828 e22593a9 81313860 e2386da0 e2198110
e23b6838 9c9c9c9c 9c9c9c9c 02028202 61564d43
kd> db e23b67c8
e23b67c8 5c 00 57 00 49 00 4e 00-39 00 38 00 5c 00 ff ff .W.I.N.9.8..…
e23b67d8 ff ff d8 e0 12 00 0b fe-7f 00 68 02 01 38 d8 a5 …h…8…
e23b67e8 15 00 05 00 00 00 12 00-0b fe 7f 00 97 01 01 38 …8
e23b67f8 d8 a5 15 00 05 00 00 00-02 82 02 02 43 4d 56 49 …CMVI
e23b6808 30 23 09 00 89 2c 3c e2-c9 2c 3c e2 09 0d 39 e2 0#…,<…,<…9.
e23b6818 c9 7d 33 e1 49 bd 1f e2-c9 8f 37 e2 29 e4 2c e2 .}3.I…7.).,.
e23b6828 a9 93 25 e2 60 38 31 81-a0 6d 38 e2 10 81 19 e2 …%.`81…m8…
e23b6838 9c 9c 9c 9c 9c 9c 9c 9c-02 82 02 02 43 4d 56 61 …CMVa
Does anybody have a clue why the system reports a wrong filename size ?
Otherwise, what can I do to drill down to a solution for this ?
Best,
Bartjan.
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com