Minifilter - Get DeviceObject's DosName

PDEVICE_OBJECT dev;
UNICODE_STRING usz;

if( !KeAreAllApcsDisabled() )
{
RtlInitUnicodeString(&usz, L"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
if(NT_SUCCESS(FltGetDiskDeviceObject(FltObjects->Volume, &dev)))
{
if(NT_SUCCESS(IoVolumeDeviceToDosName(dev, &usz)))
{DbgPrint(“success\n”);
DbgPrint(“%wZ\n”, usz);
/*
if(usz.Buffer)
{
ExFreePool(usz.Buffer);
usz.Buffer = L"\0";
}*/
}
ObDereferenceObjectDeferDelete(dev);
}
RtlFreeUnicodeString(&usz);
}
////////////////////////////////////////////////////////////////////////////////
i put that code in InstanceSetup
but i get no result
also, that line, if(usz.Buffer)…
causes BSOD

could u plz help me with that?

ok i figured it out

the problem is
i cant print UNICODE_STRING to the Debugger!!! why?

Alternative Approach :)))))

WCHAR str[400];
if( !KeAreAllApcsDisabled() )
{
RtlInitUnicodeString(&usz, L"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
if(NT_SUCCESS(FltGetDiskDeviceObject(FltObjects->Volume, &dev)))
{
if(NT_SUCCESS(IoVolumeDeviceToDosName(dev, &usz)))
{
for(i=0;i< usz.Length;i++)
str[i] = usz.Buffer[i];
str[i] = L"\0";
DbgPrint(“%ws”, str);
}
ObDereferenceObjectDeferDelete(dev);
}
RtlFreeUnicodeString(&usz);
}

////////
plz help me on printing unicode strings :))))))

You need to pass the pointer to the UNICODE_STRING buffer not the buffer
for the DbgPrint.

Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

xxxxx@gmail.com” wrote in message
news:xxxxx@ntfsd:

> ok i figured it out
>
> the problem is
> i cant print UNICODE_STRING to the Debugger!!! why?

Thank u very much, it worked, i’m still laughing at myself, what a mistake :))))))

> PDEVICE_OBJECT dev;

UNICODE_STRING usz;

if( !KeAreAllApcsDisabled() )
{
RtlInitUnicodeString(&usz,
L"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
******
thisinitialization makes no sense at all. Get rid of it!
******
if(NT_SUCCESS(FltGetDiskDeviceObject(FltObjects->Volume, &dev)))
{
if(NT_SUCCESS(IoVolumeDeviceToDosName(dev, &usz)))
{DbgPrint(“success\n”);
DbgPrint(“%wZ\n”, usz);
****
I would have thought this should be &usz
****
/*
if(usz.Buffer)
{
ExFreePool(usz.Buffer);
*****
RtlInitUnicodeString does NOT make a copy of the literal string; it only
creates a pointer to it. Therefore, the buffer is not pointing to a heap
object, but to the literal string in the literal pool. This should
bluescreen.

In keeping with my own frequent comment, I went and RTFMed this. Guess
what? The &usz parameter is an OUT parameter, meaning it is set by the
called function. Your initialization is wasteful and confusing.
*****

usz.Buffer = L"\0";
*****
Now, THIS makes no sense at all! You have overwritten the buffer of the
string (which is a local variable and thus will go away anyway) with a
pointer to a zero-length string literal (well, actually a 1-length literal
string whose first character is NUL, making it a zero-length string) but
you did not set the other UNICODE_STRING fields to reflect this change.
Very bad style. In fact, you should just say
usz.Buffer = NULL;
and be done with it. Of course, you could RtlInitUnicodeString to point
to the NULL string, because it properly sets all the
fields.
******
}*/
****
What is this */ doing here? I didn’t see an opening /*. Also,
“commenting out” code by this primitive method is very, very poor
practice. You are better served by #if 0/#endif because this works even
if the code contains regular /*…*/ comments. In fact, if you can
“comment out” a large body of code by just putting a /* and a couple dozen
lines later put a */, it probably means the code is inadequately
commented.
****
}
ObDereferenceObjectDeferDelete(dev);
}
RtlFreeUnicodeString(&usz);
*****
I RTFMed this as well. It refers to feeing a string allocated by a
couple other DDI functions, none of which you have called. I suspect that
the documentation is wrong, and it applies to any UNICODE_STRING that has
been allocated by a called function, but if so, your own explicit freeing
of the string is wrong, initializing the string to a literal is wrong, and
storing a pointer to a literal string after the ExFree is wrong. It also
suggests that the documentation that tells you to use ExFreePool instead
of RtlFreeUnicodeString is wrong. These should be filed as documentation
errors. But there is no way, given what you have written preceding this,
that the RtlFreeUnicodeString will ever make sense here.
joe
*****
}
////////////////////////////////////////////////////////////////////////////////
i put that code in InstanceSetup
but i get no result
also, that line, if(usz.Buffer)…
causes BSOD

could u plz help me with that?


NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

> Alternative Approach :)))))

WCHAR str[400];
*****
This is deadly, because (a) you should not be putting large arrays on the
stack (b) fixed-size arrays like this are an invitation to total disaster.

Besides, you don’t need it. The parameter to the DbgPrint should have
been &usz

And why do you need a buffer of size 400? And I notice that you do not
check to see if the string that came back will fit into this buffer, which
is really poor practice in 2012. You could get away with this in 1975.
*****

if( !KeAreAllApcsDisabled() )
{
RtlInitUnicodeString(&usz,
L"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
*****
This inititialization serves no detectable purpose and will cause the
RtlFreeUnicodeString to bluescreen if the FltGetDiskDeviceObject or
IoVolumeDeviceToDosName calls fail.
*****
if(NT_SUCCESS(FltGetDiskDeviceObject(FltObjects->Volume, &dev)))
{
if(NT_SUCCESS(IoVolumeDeviceToDosName(dev, &usz)))
{
for(i=0;i< usz.Length;i++)
str[i] = usz.Buffer[i];
str[i] = L"\0";
************
This is erroneous. What you wanted to do was set str[i+1] to L’\0’.
Single quotes. But you didn’t want to do any of this, anyway. Lose all
this code. And in the future, never, EVER believe a fixed-size buffer on
the stack is “big enough” to hold a string of any kind. Code like this is
a firable offense now in many software companies, so it would be a good
idea to get out of the habit of ever writing anything like this ever
again. Bounds-check everything.

I did google for %wZ, and found an article that CLEARLY stated you must
pass a PUNICODE_STRING, and you passed a UNICODE_STRING, so my earlier
guess thaat it should have been &usz was correct. Just lose all the above
code.
************

DbgPrint(“%ws”, str);
*****
Remarkably silly. All you had to do was pass &usz as the paramter!!!

As far as I can tell, all my previous comments about poor structure apply,
including the use of RtlFreeUnicodeString if the string points to a
literal.

}
ObDereferenceObjectDeferDelete(dev);
}
RtlFreeUnicodeString(&usz);
}

////////
plz help me on printing unicode strings :))))))


NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Thank you very much Joseph
sometimes i forget C rules, cause i always play with various programming languages for fun
a language like python is a great training to forget C :))
have you heard about .Net Framework 4.5 features? so tempting :smiley:
well its hard for a freelance to stick to one thing, isn’t it?

i read interviews with linux kernel developers, they suggest bug fixing for newbies, what about windows guys? what should i do?!