Alberto,
This might help !!!
-pro
//
// ps - exercise the infrasturcture
//
{
UNICODE_STRING LinkTarget, regPath, regVal, ObjDir;
OBJECT_ATTRIBUTES oa;
UNICODE_STRING symName;
HANDLE hObjDir;
//get the SystemBootDevice
RtlInitUnicodeString( ®Path,
L"\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control" );
status = getRegValue( ®Path, ®Val,
L"SystemBootDevice" );
if (!NT_SUCCESS(status)) {
KdPrint((DRIVERNAME " - getRegValue failed\n"));
return status;
}
//open the ArcName object directory
RtlInitUnicodeString( &symName, L"\ArcName" );
InitializeObjectAttributes(&oa, &symName,
OBJ_CASE_INSENSITIVE, NULL, NULL);
status = ZwOpenDirectoryObject(&hObjDir,
DIRECTORY_ALL_ACCESS, &oa);
if (NT_SUCCESS(status)) {
//RtlInitUnicodeString( &symName,
L"multi(0)disk(0)rdisk(0)partition(2)" );
RtlInitUnicodeString( &symName, regVal.Buffer
);
status = getTargetofSymbolicName( &symName,
&ObjDir, hObjDir);
//status = getTargetofSymbolicName( ®Val,
&ObjDir, hObjDir);
}
//RtlInitUnicodeString( &ObjDir,
L"\Device\Harddisk0\Partition2" );
status = getTargetofSymbolicName( &ObjDir, &LinkTarget,
NULL);
if (regVal.Buffer )
ExFreePool(regVal.Buffer);
if (ObjDir.Buffer )
ExFreePool(ObjDir.Buffer);
if (LinkTarget.Buffer )
ExFreePool(LinkTarget.Buffer);
}
return STATUS_SUCCESS;
}
NTSTATUS getRegValue( PUNICODE_STRING RegistryPath, PUNICODE_STRING
pUcValueStr, PWSTR pwchSubkeyTosrch )
{
//
UNICODE_STRING valname;
ULONG size = 0;
NTSTATUS status = ~STATUS_SUCCESS;
HANDLE hKey;
OBJECT_ATTRIBUTES oa;
if ( !RegistryPath || !pUcValueStr || !pwchSubkeyTosrch )
return status;
InitializeObjectAttributes(&oa, RegistryPath,
OBJ_CASE_INSENSITIVE, NULL, NULL);
status = ZwOpenKey(&hKey, KEY_READ, &oa);
if (!NT_SUCCESS(status)) {
KdPrint((DRIVERNAME " - Can’t open key %ws - %X\n",
RegistryPath->Buffer, status));
return status;
}
// Try to read the SystemBootDevice value, which gives the name
of the disk
//RtlInitUnicodeString(&valname, L"SystemBootDevice");
RtlInitUnicodeString(&valname, pwchSubkeyTosrch);
status = ZwQueryValueKey(hKey, &valname,
KeyValuePartialInformation, NULL, 0, &size);
if (status != STATUS_OBJECT_NAME_NOT_FOUND && size){
// found the value
PKEY_VALUE_PARTIAL_INFORMATION vp =
(PKEY_VALUE_PARTIAL_INFORMATION) ExAllocatePool(PagedPool, size);
if (vp) { //
allocated memory okay
status = ZwQueryValueKey(hKey, &valname,
KeyValuePartialInformation, vp, size, &size);
if (NT_SUCCESS(status)) { // read value
okay
pUcValueStr->Buffer =
(PWSTR)ExAllocatePoolWithTag(PagedPool, vp->DataLength+4 , ‘FOXM’);
RtlCopyMemory(pUcValueStr->Buffer,
vp->Data, vp->DataLength);
pUcValueStr->MaximumLength =
(USHORT)vp->DataLength;
}else{
KdPrint((DRIVERNAME " -
ZwQueryValueKey(%ws) failed - %X\n", valname.Buffer, status));
}
ExFreePool(vp);// allocated memory okay
}else {
// couldn’t allocate memory
KdPrint((DRIVERNAME " - Can’t allocate %d bytes
for reading registry\n", size));
status = STATUS_INSUFFICIENT_RESOURCES;
} // couldn’t
allocate memory
} // found the
value
ZwClose(hKey);
return status;
}
//
// ps allocates pool memory for LinkTarget, that the client needs to
delete(free)
//
NTSTATUS
getTargetofSymbolicName(PUNICODE_STRING pUCsymLink, PUNICODE_STRING
LinkTarget, HANDLE rootDir)
{
NTSTATUS Status = ~STATUS_SUCCESS;
HANDLE LinkHandle;
OBJECT_ATTRIBUTES ObjectAttributes;
//UNICODE_STRING LinkTarget;
ULONG ReturnedLength;
KIRQL kCurrentIrql ;
//
// Validation
//
ASSERT( ( kCurrentIrql = KeGetCurrentIrql( ) ) ==
PASSIVE_LEVEL );
if ( !pUCsymLink || !LinkTarget) return Status;
//
// open the symbolic link - for query
//
InitializeObjectAttributes(&ObjectAttributes,
pUCsymLink,
OBJ_KERNEL_HANDLE,
NULL,
NULL);
if (rootDir)
ObjectAttributes.RootDirectory = rootDir;
Status = ZwOpenSymbolicLinkObject(
/*OUT PHANDLE*/
&LinkHandle,
/*IN ACCESS_MASK */
GENERIC_READ ,
/*IN
POBJECT_ATTRIBUTES*/ &ObjectAttributes );
//allocate buffer
LinkTarget->Buffer = (PWSTR)ExAllocatePoolWithTag(PagedPool, 512
* 2 , ‘FOXM’);
if (! LinkTarget->Buffer )
return STATUS_INSUFFICIENT_RESOURCES;
LinkTarget->MaximumLength = 512 * 2;
Status = ZwQuerySymbolicLinkObject(
/*IN HANDLE*/
LinkHandle,
/*IN OUT
PUNICODE_STRING*/ LinkTarget,
/*OUT PULONG */
&ReturnedLength OPTIONAL
);
return Status;
}