symbolic links

hi all,

my filter driver hooks service routines (like ZwCreateFile).
i need to know what’s the destination (i.e. what drive do they refer to)
of the routines through their path name.
my problem is that drives (e.g. d:) have several symbolic links.
i’d like to find all the symbolic links for a specific drive.
an api would be the easiest way to find it out. is there any ??
any other ideas ?

thanks,
guy


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

hey,

what you can do is :

call InitilizeObjectAttributes with the objectname (means C:\ , etc)
with the returned handle do :

zwopensymbolicLinkObject

after that do :

zwQuerySymbolicLinkObject

you should get the original link to the device .

dont forget that C: or D: is a symbolic link , and each harddisk can be
split
to partitions , so the phisyical devices are named disk"x"/partition"x" or
something like that

good luck,
Nuno1
----- Original Message -----
From: “Guy Gal”
To: “File Systems Developers”
Sent: Thursday, May 10, 2001 2:15 PM
Subject: [ntfsd] symbolic links

> hi all,
>
> my filter driver hooks service routines (like ZwCreateFile).
> i need to know what’s the destination (i.e. what drive do they refer to)
> of the routines through their path name.
> my problem is that drives (e.g. d:) have several symbolic links.
> i’d like to find all the symbolic links for a specific drive.
> an api would be the easiest way to find it out. is there any ??
> any other ideas ?
>
> thanks,
> guy
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@netvision.net.il
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

hi,

i need to find all the symbolic links to all the drives in the system (e.g.
c:, d:\ etc.).
does anyone have any idea…

thanks,
guy


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Look for the QueryDosDevice API (user mode) in the Win32SDK:

The QueryDosDevice function lets an application obtain information about
MS-DOS device names. The function can obtain the current mapping for a
particular MS-DOS device name. The function can also obtain a list of all
existing MS-DOS device names.

MS-DOS device names are stored as symbolic links in the Windows NT object
name space. The code that converts an MS-DOS path into a corresponding
Windows NT path uses these symbolic links to map MS-DOS devices and drive
letters. The QueryDosDevice function provides a mechanism whereby a
Win32-based application can query the names of the symbolic links used to
implement the MS-DOS device namespace as well as the value of each specific
symbolic link.


Bartjan.

At 10:47 AM 5/14/01 +0300, you wrote:

i need to find all the symbolic links to all the drives in the system
(e.g. c:, d:\ etc.).
does anyone have any idea…


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

hi Bartjan,

thanks for your reply.
any way of doing it in kernel mode ?

guy

From: Bartjan Wattel
>Reply-To: “File Systems Developers”
>To: “File Systems Developers”
>Subject: [ntfsd] Re: symbolic links
>Date: Mon, 14 May 2001 09:59:45 +0200
>
>Look for the QueryDosDevice API (user mode) in the Win32SDK:
>
>The QueryDosDevice function lets an application obtain information about
>MS-DOS device names. The function can obtain the current mapping for a
>particular MS-DOS device name. The function can also obtain a list of all
>existing MS-DOS device names.
>
>MS-DOS device names are stored as symbolic links in the Windows NT object
>name space. The code that converts an MS-DOS path into a corresponding
>Windows NT path uses these symbolic links to map MS-DOS devices and drive
>letters. The QueryDosDevice function provides a mechanism whereby a
>Win32-based application can query the names of the symbolic links used to
>implement the MS-DOS device namespace as well as the value of each specific
>symbolic link.
>
>–
>Bartjan.
>
>At 10:47 AM 5/14/01 +0300, you wrote:
>>i need to find all the symbolic links to all the drives in the system
>>(e.g. c:, d:\ etc.).
>>does anyone have any idea…
>
>
>—
>You are currently subscribed to ntfsd as: xxxxx@hotmail.com
>To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Guy,

The recommended method to query dos devices is to make your service call
QueryDosDevice, and send the result via IOCTL to your driver.


Bartjan.

At 11:28 AM 5/14/01 +0300, you wrote:

thanks for your reply.
any way of doing it in kernel mode ?

guy

>From: Bartjan Wattel
>>Reply-To: “File Systems Developers”
>>To: “File Systems Developers”
>>Subject: [ntfsd] Re: symbolic links
>>Date: Mon, 14 May 2001 09:59:45 +0200
>>
>>Look for the QueryDosDevice API (user mode) in the Win32SDK:
>>
>>The QueryDosDevice function lets an application obtain information about
>>MS-DOS device names. The function can obtain the current mapping for a
>>particular MS-DOS device name. The function can also obtain a list of all
>>existing MS-DOS device names.
>>
>>MS-DOS device names are stored as symbolic links in the Windows NT object
>>name space. The code that converts an MS-DOS path into a corresponding
>>Windows NT path uses these symbolic links to map MS-DOS devices and drive
>>letters. The QueryDosDevice function provides a mechanism whereby a
>>Win32-based application can query the names of the symbolic links used to
>>implement the MS-DOS device namespace as well as the value of each specific
>>symbolic link.
>>
>>–
>>Bartjan.
>>
>>At 10:47 AM 5/14/01 +0300, you wrote:
>>>i need to find all the symbolic links to all the drives in the system
>>>(e.g. c:, d:\ etc.).
>>>does anyone have any idea…
>>
>>
>>—
>>You are currently subscribed to ntfsd as: xxxxx@hotmail.com
>>To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> _________________________________________________________________________
>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>
>—
>You are currently subscribed to ntfsd as: xxxxx@zeelandnet.nl
>To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

ZwQuerySymbolicLinkObject

----- Original Message -----
From: “Guy Gal”
To: “File Systems Developers”
Sent: Monday, May 14, 2001 1:58 PM
Subject: [ntfsd] Re: symbolic links

> hi Bartjan,
>
> thanks for your reply.
> any way of doing it in kernel mode ?
>
> guy
>
>
> >From: Bartjan Wattel
> >Reply-To: “File Systems Developers”
> >To: “File Systems Developers”
> >Subject: [ntfsd] Re: symbolic links
> >Date: Mon, 14 May 2001 09:59:45 +0200
> >
> >Look for the QueryDosDevice API (user mode) in the Win32SDK:
> >
> >The QueryDosDevice function lets an application obtain information about
> >MS-DOS device names. The function can obtain the current mapping for a
> >particular MS-DOS device name. The function can also obtain a list of all
> >existing MS-DOS device names.
> >
> >MS-DOS device names are stored as symbolic links in the Windows NT object
> >name space. The code that converts an MS-DOS path into a corresponding
> >Windows NT path uses these symbolic links to map MS-DOS devices and drive
> >letters. The QueryDosDevice function provides a mechanism whereby a
> >Win32-based application can query the names of the symbolic links used to
> >implement the MS-DOS device namespace as well as the value of each
specific
> >symbolic link.
> >
> >–
> >Bartjan.
> >
> >At 10:47 AM 5/14/01 +0300, you wrote:
> >>i need to find all the symbolic links to all the drives in the system
> >>(e.g. c:, d:\ etc.).
> >>does anyone have any idea…
> >
> >
> >—
> >You are currently subscribed to ntfsd as: xxxxx@hotmail.com
> >To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@hotmail.com
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

ZwOpenSymbolicLinkObject - ZwQuerySymbolicLinkObject

----- Original Message -----
From: “Guy Gal”
To: “File Systems Developers”
Sent: Monday, May 14, 2001 11:28 AM
Subject: [ntfsd] Re: symbolic links

> hi Bartjan,
>
> thanks for your reply.
> any way of doing it in kernel mode ?
>
> guy
>
>
> >From: Bartjan Wattel
> >Reply-To: “File Systems Developers”
> >To: “File Systems Developers”
> >Subject: [ntfsd] Re: symbolic links
> >Date: Mon, 14 May 2001 09:59:45 +0200
> >
> >Look for the QueryDosDevice API (user mode) in the Win32SDK:
> >
> >The QueryDosDevice function lets an application obtain information about
> >MS-DOS device names. The function can obtain the current mapping for a
> >particular MS-DOS device name. The function can also obtain a list of all
> >existing MS-DOS device names.
> >
> >MS-DOS device names are stored as symbolic links in the Windows NT object
> >name space. The code that converts an MS-DOS path into a corresponding
> >Windows NT path uses these symbolic links to map MS-DOS devices and drive
> >letters. The QueryDosDevice function provides a mechanism whereby a
> >Win32-based application can query the names of the symbolic links used to
> >implement the MS-DOS device namespace as well as the value of each
specific
> >symbolic link.
> >
> >–
> >Bartjan.
> >
> >At 10:47 AM 5/14/01 +0300, you wrote:
> >>i need to find all the symbolic links to all the drives in the system
> >>(e.g. c:, d:\ etc.).
> >>does anyone have any idea…
> >
> >
> >—
> >You are currently subscribed to ntfsd as: xxxxx@hotmail.com
> >To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>
> —
> You are currently subscribed to ntfsd as: danp@jb.rdsor.ro
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Yes:

// Undocumented ZW API calls
NTSYSAPI NTSTATUS NTAPI ZwOpenDirectoryObject(OUT PHANDLE DirectoryHandle,
IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes);
NTSYSAPI NTSTATUS NTAPI ZwOpenSymbolicLinkObject(OUT PHANDLE LinkHandle,
IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes);

You can use these to enumerate the symbolic links. I have done this before
and it works.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Guy Gal
Sent: Monday, May 14, 2001 1:28 AM
To: File Systems Developers
Subject: [ntfsd] Re: symbolic links

hi Bartjan,

thanks for your reply.
any way of doing it in kernel mode ?

guy

>From: Bartjan Wattel
> >Reply-To: “File Systems Developers”
> >To: “File Systems Developers”
> >Subject: [ntfsd] Re: symbolic links
> >Date: Mon, 14 May 2001 09:59:45 +0200
> >
> >Look for the QueryDosDevice API (user mode) in the Win32SDK:
> >
> >The QueryDosDevice function lets an application obtain information about
> >MS-DOS device names. The function can obtain the current mapping for a
> >particular MS-DOS device name. The function can also obtain a list of all
> >existing MS-DOS device names.
> >
> >MS-DOS device names are stored as symbolic links in the Windows NT object
> >name space. The code that converts an MS-DOS path into a corresponding
> >Windows NT path uses these symbolic links to map MS-DOS devices and drive
> >letters. The QueryDosDevice function provides a mechanism whereby a
> >Win32-based application can query the names of the symbolic links used to
> >implement the MS-DOS device namespace as well as the value of
> each specific
> >symbolic link.
> >
> >–
> >Bartjan.
> >
> >At 10:47 AM 5/14/01 +0300, you wrote:
> >>i need to find all the symbolic links to all the drives in the system
> >>(e.g. c:, d:\ etc.).
> >>does anyone have any idea…
> >
> >
> >—
> >You are currently subscribed to ntfsd as: xxxxx@hotmail.com
> >To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

hi Jamey,

  1. thanks.

  2. ZwOpenDirectoryObject () fails unless the object name that i use is
    like ??\c: (e.g. ??\c:\dir1 fails with TATUS_OBJECT_TYPE_MISMATCH),
    and when it doesn’t fail what i get is the actual link
    (\Device\HardiskVolume1).

  3. what i want is to get all the possible names of a drive
    (including those long ones with the GUID). that way i want be
    missing any calls to the drive.

  4. did u mean ZwOpenSymbolicLinkObject or ZwQuerySymbolicLinkObject ?

thanks,
Guy

From: “Jamey Kirby”
>Reply-To: “File Systems Developers”
>To: “File Systems Developers”
>Subject: [ntfsd] Re: symbolic links
>Date: Mon, 14 May 2001 09:18:16 -0700
>
>Yes:
>
>// Undocumented ZW API calls
>NTSYSAPI NTSTATUS NTAPI ZwOpenDirectoryObject(OUT PHANDLE DirectoryHandle,
> IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes);
>NTSYSAPI NTSTATUS NTAPI ZwOpenSymbolicLinkObject(OUT PHANDLE LinkHandle,
> IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes);
>
>You can use these to enumerate the symbolic links. I have done this before
>and it works.
>
>Jamey
>
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com]On Behalf Of Guy Gal
> > Sent: Monday, May 14, 2001 1:28 AM
> > To: File Systems Developers
> > Subject: [ntfsd] Re: symbolic links
> >
> >
> > hi Bartjan,
> >
> > thanks for your reply.
> > any way of doing it in kernel mode ?
> >
> > guy
> >
> >
> > >From: Bartjan Wattel
> > >Reply-To: “File Systems Developers”
> > >To: “File Systems Developers”
> > >Subject: [ntfsd] Re: symbolic links
> > >Date: Mon, 14 May 2001 09:59:45 +0200
> > >
> > >Look for the QueryDosDevice API (user mode) in the Win32SDK:
> > >
> > >The QueryDosDevice function lets an application obtain information
>about
> > >MS-DOS device names. The function can obtain the current mapping for a
> > >particular MS-DOS device name. The function can also obtain a list of
>all
> > >existing MS-DOS device names.
> > >
> > >MS-DOS device names are stored as symbolic links in the Windows NT
>object
> > >name space. The code that converts an MS-DOS path into a corresponding
> > >Windows NT path uses these symbolic links to map MS-DOS devices and
>drive
> > >letters. The QueryDosDevice function provides a mechanism whereby a
> > >Win32-based application can query the names of the symbolic links used
>to
> > >implement the MS-DOS device namespace as well as the value of
> > each specific
> > >symbolic link.
> > >
> > >–
> > >Bartjan.
> > >
> > >At 10:47 AM 5/14/01 +0300, you wrote:
> > >>i need to find all the symbolic links to all the drives in the system
> > >>(e.g. c:, d:\ etc.).
> > >>does anyone have any idea…
> > >
> > >
> > >—
> > >You are currently subscribed to ntfsd as: xxxxx@hotmail.com
> > >To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
> >
>
> > Get Your Private, Free E-mail from MSN Hotmail at
>http://www.hotmail.com.
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> > To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
>
>
>—
>You are currently subscribed to ntfsd as: xxxxx@hotmail.com
>To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

If you just need drive letters there is no reason to enter into the
realm of the undocumented.

Something like this would do…

UNICODE_STRING uszDeviceName;
WCHAR filename = L"\DosDevices\A:";
NTSTATUS ntStatus;
for (ULONG i; i<26;i++)
{
filename[12] = ‘A’+i;

RtlInitUnicodeString(&uszDeviceName, filename);
ntStatus = IoGetDeviceObjectPointer(&uszDeviceName,
FILE_READ_ATTRIBUTES,
&fileObject,
&pDriveDeviceObject);
if (NT_SUCCESS( ntStatus ))
{
… DriverLetter ‘A’+i exists
ObDereferenceObject(fileObject);

}

}

}
Regards,
Anders

Monday, May 14, 2001, 9:18:16 AM, you wrote:

JK> Yes:

JK> // Undocumented ZW API calls
JK> NTSYSAPI NTSTATUS NTAPI ZwOpenDirectoryObject(OUT PHANDLE DirectoryHandle,
JK> IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes);
JK> NTSYSAPI NTSTATUS NTAPI ZwOpenSymbolicLinkObject(OUT PHANDLE LinkHandle,
JK> IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes);

JK> You can use these to enumerate the symbolic links. I have done this before
JK> and it works.

JK> Jamey

> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Guy Gal
> Sent: Monday, May 14, 2001 1:28 AM
> To: File Systems Developers
> Subject: [ntfsd] Re: symbolic links
>
>
> hi Bartjan,
>
> thanks for your reply.
> any way of doing it in kernel mode ?
>
> guy
>
>
> >From: Bartjan Wattel
>> >Reply-To: “File Systems Developers”
>> >To: “File Systems Developers”
>> >Subject: [ntfsd] Re: symbolic links
>> >Date: Mon, 14 May 2001 09:59:45 +0200
>> >
>> >Look for the QueryDosDevice API (user mode) in the Win32SDK:
>> >
>> >The QueryDosDevice function lets an application obtain information about
>> >MS-DOS device names. The function can obtain the current mapping for a
>> >particular MS-DOS device name. The function can also obtain a list of all
>> >existing MS-DOS device names.
>> >
>> >MS-DOS device names are stored as symbolic links in the Windows NT object
>> >name space. The code that converts an MS-DOS path into a corresponding
>> >Windows NT path uses these symbolic links to map MS-DOS devices and drive
>> >letters. The QueryDosDevice function provides a mechanism whereby a
>> >Win32-based application can query the names of the symbolic links used to
>> >implement the MS-DOS device namespace as well as the value of
>> each specific
>> >symbolic link.
>> >
>> >–
>> >Bartjan.
>> >
>> >At 10:47 AM 5/14/01 +0300, you wrote:
>> >>i need to find all the symbolic links to all the drives in the system
>> >>(e.g. c:, d:\ etc.).
>> >>does anyone have any idea…
>> >
>> >
>> >—
>> >You are currently subscribed to ntfsd as: xxxxx@hotmail.com
>> >To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>>
>> _________________________________________________________________________
>> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>>
>>
>> —
>> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
>> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>>

JK> —
JK> You are currently subscribed to ntfsd as: xxxxx@flaffer.com
JK> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


Best regards,
Anders mailto:xxxxx@flaffer.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

How do get all symbolic links for a GUID in kernel

Thanks for help
Ramaraj


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

QueryDosDevice

The QueryDosDevice function retrieves information about MS-DOS device names.

Regards,
Satish K.S

----- Original Message -----
From: “Ramaraj Pandian”
To: “File Systems Developers”
Sent: Saturday, May 19, 2001 2:09 AM
Subject: [ntfsd] Symbolic links

> How do get all symbolic links for a GUID in kernel
>
> Thanks for help
> Ramaraj
>
> —
> You are currently subscribed to ntfsd as: xxxxx@aalayance.com
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com