Re[2]: Re[2]: How do i redirect writes and create a mapping table of logical blocks to offsets

Peter_Scott · September 14, 2015, 10:27am

Try opening with just FILE_SYNCHRONOUS_IO_NONALERT as your options, this
has worked for me when getting the volume bitmap. As well, you only need
FILE_READ_ATTRIBUTES as the requested access for this call.

Pete

–
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com http:</http:>
866.263.9295

------ Original Message ------
From: xxxxx@yahoo.fr
To: “Windows File Systems Devs Interest List”
Sent: 9/14/2015 1:26:08 AM
Subject: RE:[ntfsd] Re[2]: How do i redirect writes and create a mapping
table of logical blocks to offsets

>Thanks Jamey,
>I’m trying to get the volume bitmap but i get error 0xC34 when i call
>the ZwCreateFile to open the the volume, meaning The object name is not
>found. Seems like i have an error in my path. I have been googling this
>and trying few naming rules but no results yet. Can you tell me what i
>am doing wrong? or is there a better way to get the volume bitmap?
>
>Thank you
>
>Here is the function i am using
>
>HANDLE fileHandle;
> IO_STATUS_BLOCK iosb;
> OBJECT_ATTRIBUTES objectAttributes;
> STARTING_LCN_INPUT_BUFFER slib;
> ULONG bufferLength;
> UNICODE_STRING fileName;
> NTSTATUS status = STATUS_SUCCESS;
> PVOLUME_BITMAP_BUFFER info;
>
> LONG open = GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE;
> LONG share = FILE_SHARE_READ | FILE_SHARE_WRITE;
> LONG options = FILE_WRITE_THROUGH | FILE_SYNCHRONOUS_IO_NONALERT
>|FILE_RANDOM_ACCESS | FILE_NO_INTERMEDIATE_BUFFERING;
>
> RtlInitUnicodeString(&fileName, L"\DosDevices\C:"); //i have tried
>??\ C:
> InitializeObjectAttributes(&objectAttributes,
> &fileName,
> OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
> NULL,
> NULL
> );
> status = ZwCreateFile(&fileHandle, open, &objectAttributes, &iosb,
>NULL,
> FILE_ATTRIBUTE_NORMAL, share, FILE_OPEN,
> options, NULL, 0);
> s1 = status;
> bufferLength = 8 * 1024 * 1024;
>
> do {
> if (!NT_SUCCESS(status)) {
> break;
> }
> info = (PVOLUME_BITMAP_BUFFER)ExAllocatePool(PagedPool,
>bufferLength);
> if (!info) {
> ZwClose(fileHandle);
> status = STATUS_INSUFFICIENT_RESOURCES;
> break;
> }
>
> slib.StartingLcn.QuadPart = 0;
> status = STATUS_UNSUCCESSFUL;
> while (!NT_SUCCESS(status))
> {
> status = ZwFsControlFile(fileHandle, NULL, NULL, NULL, &iosb,
> FSCTL_GET_VOLUME_BITMAP, &slib,
> sizeof(slib), info, bufferLength);
> if (status == STATUS_PENDING)
> {
> ZwWaitForSingleObject(fileHandle, FALSE, NULL);
> status = iosb.Status;
> }
> if (!NT_SUCCESS(status)) {
> if ((STATUS_BUFFER_TOO_SMALL == status) ||
> (STATUS_BUFFER_OVERFLOW == status)) {
> ExFreePool(info);
> bufferLength *= 2;
> info = ExAllocatePool(PagedPool, bufferLength);
> if (!info) {
> status = STATUS_INSUFFICIENT_RESOURCES;
> break;
> }
> }
> else {
> break;
> }
> }
> }
> s2 = status;
> ZwClose(fileHandle);
> if (!NT_SUCCESS(status)) {
> break;
> }
> *buffer = info;
> } while (FALSE);
> return status;
> }
>
>—
>NTFSD is sponsored by OSR
>
>OSR is hiring!! Info at http://www.osr.com/careers
>
>For our schedule of debugging and file system seminars visit:
>http://www.osr.com/seminars
>
>To unsubscribe, visit the List Server section of OSR Online at
>http://www.osronline.com/page.cfm?name=ListServer

Wega_Wilfried · September 15, 2015, 2:57am

Thanks for your fast reply. I updated my code like this, but the same error keeps coming, do you see anything that i do wrong here?

RtlInitUnicodeString(&fileName, L"\??\C:");
InitializeObjectAttributes(&objectAttributes,
&fileName,
OBJ_KERNEL_HANDLE |OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
status = ZwCreateFile(&fileHandle,
GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE,
&objectAttributes,
&iosb,
NULL,
FILE_READ_ATTRIBUTES,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);

Thank you

Scott_Noone_OSR · September 15, 2015, 9:39am

Are you trying to do this during boot? The “C:” symbolic link might not
exist yet, when the ZwCreateFile call fails try the following WinDbg
command:

!object \Global??\C:

If you get “not found” then you’re doing this too early.

And do you really want “C:” or do you want the boot volume? If you want the
boot volume, you should really be looking for DO_SYSTEM_BOOT_PARTITION and
not a specific drive letter.

-scott
OSR
@OSRDrivers

wrote in message news:xxxxx@ntfsd…

Thanks for your fast reply. I updated my code like this, but the same error
keeps coming, do you see anything that i do wrong here?

RtlInitUnicodeString(&fileName, L"\??\C:");
InitializeObjectAttributes(&objectAttributes,
&fileName,
OBJ_KERNEL_HANDLE |OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
status = ZwCreateFile(&fileHandle,
GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE,
&objectAttributes,
&iosb,
NULL,
FILE_READ_ATTRIBUTES,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);

Thank you

Wega_Wilfried · September 15, 2015, 8:42pm

Yes I’m trying to get the volume bitmap during boot, Not only for C drive but for the Boot volume. I will explore what you said and get back later.

Thanks for your very much appreciated help.

OSR_Community_User · September 16, 2015, 5:07pm

> And do you really want “C:” or do you want the boot volume? If you want the

boot volume, you should really be looking for DO_SYSTEM_BOOT_PARTITION and

Yes, and also \SystemRoot\ can possibly work earlier then C:

–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com