SystemRoot

Alberto,

This might help !!!

-pro

//
// ps - exercise the infrasturcture
//
{
UNICODE_STRING LinkTarget, regPath, regVal, ObjDir;
OBJECT_ATTRIBUTES oa;
UNICODE_STRING symName;
HANDLE hObjDir;

//get the SystemBootDevice
RtlInitUnicodeString( &regPath,
L"\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control" );
status = getRegValue( &regPath, &regVal,
L"SystemBootDevice" );
if (!NT_SUCCESS(status)) {
KdPrint((DRIVERNAME " - getRegValue failed\n"));
return status;
}

//open the ArcName object directory
RtlInitUnicodeString( &symName, L"\ArcName" );
InitializeObjectAttributes(&oa, &symName,
OBJ_CASE_INSENSITIVE, NULL, NULL);
status = ZwOpenDirectoryObject(&hObjDir,
DIRECTORY_ALL_ACCESS, &oa);
if (NT_SUCCESS(status)) {
//RtlInitUnicodeString( &symName,
L"multi(0)disk(0)rdisk(0)partition(2)" );
RtlInitUnicodeString( &symName, regVal.Buffer
);
status = getTargetofSymbolicName( &symName,
&ObjDir, hObjDir);
//status = getTargetofSymbolicName( &regVal,
&ObjDir, hObjDir);
}
//RtlInitUnicodeString( &ObjDir,
L"\Device\Harddisk0\Partition2" );
status = getTargetofSymbolicName( &ObjDir, &LinkTarget,
NULL);

if (regVal.Buffer )
ExFreePool(regVal.Buffer);

if (ObjDir.Buffer )
ExFreePool(ObjDir.Buffer);

if (LinkTarget.Buffer )
ExFreePool(LinkTarget.Buffer);

}

return STATUS_SUCCESS;
}

NTSTATUS getRegValue( PUNICODE_STRING RegistryPath, PUNICODE_STRING
pUcValueStr, PWSTR pwchSubkeyTosrch )
{
//
UNICODE_STRING valname;
ULONG size = 0;
NTSTATUS status = ~STATUS_SUCCESS;
HANDLE hKey;
OBJECT_ATTRIBUTES oa;

if ( !RegistryPath || !pUcValueStr || !pwchSubkeyTosrch )
return status;

InitializeObjectAttributes(&oa, RegistryPath,
OBJ_CASE_INSENSITIVE, NULL, NULL);

status = ZwOpenKey(&hKey, KEY_READ, &oa);
if (!NT_SUCCESS(status)) {
KdPrint((DRIVERNAME " - Can’t open key %ws - %X\n",
RegistryPath->Buffer, status));
return status;
}

// Try to read the SystemBootDevice value, which gives the name
of the disk

//RtlInitUnicodeString(&valname, L"SystemBootDevice");
RtlInitUnicodeString(&valname, pwchSubkeyTosrch);

status = ZwQueryValueKey(hKey, &valname,
KeyValuePartialInformation, NULL, 0, &size);

if (status != STATUS_OBJECT_NAME_NOT_FOUND && size){
// found the value
PKEY_VALUE_PARTIAL_INFORMATION vp =
(PKEY_VALUE_PARTIAL_INFORMATION) ExAllocatePool(PagedPool, size);
if (vp) { //
allocated memory okay
status = ZwQueryValueKey(hKey, &valname,
KeyValuePartialInformation, vp, size, &size);
if (NT_SUCCESS(status)) { // read value
okay

pUcValueStr->Buffer =
(PWSTR)ExAllocatePoolWithTag(PagedPool, vp->DataLength+4 , ‘FOXM’);

RtlCopyMemory(pUcValueStr->Buffer,
vp->Data, vp->DataLength);
pUcValueStr->MaximumLength =
(USHORT)vp->DataLength;

}else{
KdPrint((DRIVERNAME " -
ZwQueryValueKey(%ws) failed - %X\n", valname.Buffer, status));
}
ExFreePool(vp);// allocated memory okay
}else {
// couldn’t allocate memory
KdPrint((DRIVERNAME " - Can’t allocate %d bytes
for reading registry\n", size));
status = STATUS_INSUFFICIENT_RESOURCES;
} // couldn’t
allocate memory
} // found the
value

ZwClose(hKey);

return status;

}
//
// ps allocates pool memory for LinkTarget, that the client needs to
delete(free)
//
NTSTATUS
getTargetofSymbolicName(PUNICODE_STRING pUCsymLink, PUNICODE_STRING
LinkTarget, HANDLE rootDir)
{
NTSTATUS Status = ~STATUS_SUCCESS;
HANDLE LinkHandle;
OBJECT_ATTRIBUTES ObjectAttributes;
//UNICODE_STRING LinkTarget;
ULONG ReturnedLength;
KIRQL kCurrentIrql ;

//
// Validation
//
ASSERT( ( kCurrentIrql = KeGetCurrentIrql( ) ) ==
PASSIVE_LEVEL );
if ( !pUCsymLink || !LinkTarget) return Status;

//
// open the symbolic link - for query
//

InitializeObjectAttributes(&ObjectAttributes,

pUCsymLink,

OBJ_KERNEL_HANDLE,
NULL,
NULL);

if (rootDir)
ObjectAttributes.RootDirectory = rootDir;
Status = ZwOpenSymbolicLinkObject(
/*OUT PHANDLE*/
&LinkHandle,
/*IN ACCESS_MASK */
GENERIC_READ ,
/*IN
POBJECT_ATTRIBUTES*/ &ObjectAttributes );

//allocate buffer
LinkTarget->Buffer = (PWSTR)ExAllocatePoolWithTag(PagedPool, 512
* 2 , ‘FOXM’);
if (! LinkTarget->Buffer )
return STATUS_INSUFFICIENT_RESOURCES;

LinkTarget->MaximumLength = 512 * 2;

Status = ZwQuerySymbolicLinkObject(
/*IN HANDLE*/
LinkHandle,
/*IN OUT
PUNICODE_STRING*/ LinkTarget,
/*OUT PULONG */
&ReturnedLength OPTIONAL
);

return Status;
}

Hi, Prokash,

Thanks for the code! I put it in and single stepped through it.
Unfortunately, I have the same problem with it: once I fetch the
scsi(0)disk(1)rdisk(0)partition(3) from the registry and I try to open it, I
get an STATUS_OBJECT_PATH_NOT_FOUND error status. Looks like I’m trying to
do this too soon, and maybe the link’s not built as yet ?

Alberto.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Sinha, Prokash
Sent: Monday, June 21, 2004 4:40 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] SystemRoot

Alberto,

This might help !!!

-pro

//
// ps - exercise the infrasturcture
//
{
UNICODE_STRING LinkTarget, regPath, regVal, ObjDir;
OBJECT_ATTRIBUTES oa;
UNICODE_STRING symName;
HANDLE hObjDir;

//get the SystemBootDevice
RtlInitUnicodeString( &regPath,
L"\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control" );
status = getRegValue( &regPath, &regVal,
L"SystemBootDevice" );
if (!NT_SUCCESS(status)) {
KdPrint((DRIVERNAME " - getRegValue failed\n"));
return status;
}

//open the ArcName object directory
RtlInitUnicodeString( &symName, L"\ArcName" );
InitializeObjectAttributes(&oa, &symName,
OBJ_CASE_INSENSITIVE, NULL, NULL);
status = ZwOpenDirectoryObject(&hObjDir,
DIRECTORY_ALL_ACCESS, &oa);
if (NT_SUCCESS(status)) {
//RtlInitUnicodeString( &symName,
L"multi(0)disk(0)rdisk(0)partition(2)" );
RtlInitUnicodeString( &symName, regVal.Buffer
);
status = getTargetofSymbolicName( &symName,
&ObjDir, hObjDir);
//status = getTargetofSymbolicName( &regVal,
&ObjDir, hObjDir);
}
//RtlInitUnicodeString( &ObjDir,
L"\Device\Harddisk0\Partition2" );
status = getTargetofSymbolicName( &ObjDir, &LinkTarget,
NULL);

if (regVal.Buffer )
ExFreePool(regVal.Buffer);

if (ObjDir.Buffer )
ExFreePool(ObjDir.Buffer);

if (LinkTarget.Buffer )
ExFreePool(LinkTarget.Buffer);

}

return STATUS_SUCCESS;
}

NTSTATUS getRegValue( PUNICODE_STRING RegistryPath, PUNICODE_STRING
pUcValueStr, PWSTR pwchSubkeyTosrch )
{
//
UNICODE_STRING valname;
ULONG size = 0;
NTSTATUS status = ~STATUS_SUCCESS;
HANDLE hKey;
OBJECT_ATTRIBUTES oa;

if ( !RegistryPath || !pUcValueStr || !pwchSubkeyTosrch )
return status;

InitializeObjectAttributes(&oa, RegistryPath,
OBJ_CASE_INSENSITIVE, NULL, NULL);

status = ZwOpenKey(&hKey, KEY_READ, &oa);
if (!NT_SUCCESS(status)) {
KdPrint((DRIVERNAME " - Can’t open key %ws - %X\n",
RegistryPath->Buffer, status));
return status;
}

// Try to read the SystemBootDevice value, which gives the name
of the disk

//RtlInitUnicodeString(&valname, L"SystemBootDevice");
RtlInitUnicodeString(&valname, pwchSubkeyTosrch);

status = ZwQueryValueKey(hKey, &valname,
KeyValuePartialInformation, NULL, 0, &size);

if (status != STATUS_OBJECT_NAME_NOT_FOUND && size){
// found the value
PKEY_VALUE_PARTIAL_INFORMATION vp =
(PKEY_VALUE_PARTIAL_INFORMATION) ExAllocatePool(PagedPool, size);
if (vp) { //
allocated memory okay
status = ZwQueryValueKey(hKey, &valname,
KeyValuePartialInformation, vp, size, &size);
if (NT_SUCCESS(status)) { // read value
okay

pUcValueStr->Buffer =
(PWSTR)ExAllocatePoolWithTag(PagedPool, vp->DataLength+4 , ‘FOXM’);

RtlCopyMemory(pUcValueStr->Buffer,
vp->Data, vp->DataLength);
pUcValueStr->MaximumLength =
(USHORT)vp->DataLength;

}else{
KdPrint((DRIVERNAME " -
ZwQueryValueKey(%ws) failed - %X\n", valname.Buffer, status));
}
ExFreePool(vp);// allocated memory okay
}else {
// couldn’t allocate memory
KdPrint((DRIVERNAME " - Can’t allocate %d bytes
for reading registry\n", size));
status = STATUS_INSUFFICIENT_RESOURCES;
} // couldn’t
allocate memory
} // found the
value

ZwClose(hKey);

return status;

}
//
// ps allocates pool memory for LinkTarget, that the client needs to
delete(free)
//
NTSTATUS
getTargetofSymbolicName(PUNICODE_STRING pUCsymLink, PUNICODE_STRING
LinkTarget, HANDLE rootDir)
{
NTSTATUS Status = ~STATUS_SUCCESS;
HANDLE LinkHandle;
OBJECT_ATTRIBUTES ObjectAttributes;
//UNICODE_STRING LinkTarget;
ULONG ReturnedLength;
KIRQL kCurrentIrql ;

//
// Validation
//
ASSERT( ( kCurrentIrql = KeGetCurrentIrql( ) ) ==
PASSIVE_LEVEL );
if ( !pUCsymLink || !LinkTarget) return Status;

//
// open the symbolic link - for query
//

InitializeObjectAttributes(&ObjectAttributes,

pUCsymLink,

OBJ_KERNEL_HANDLE,
NULL,
NULL);

if (rootDir)
ObjectAttributes.RootDirectory = rootDir;
Status = ZwOpenSymbolicLinkObject(
/*OUT PHANDLE*/
&LinkHandle,
/*IN ACCESS_MASK */
GENERIC_READ ,
/*IN
POBJECT_ATTRIBUTES*/ &ObjectAttributes );

//allocate buffer
LinkTarget->Buffer = (PWSTR)ExAllocatePoolWithTag(PagedPool, 512
* 2 , ‘FOXM’);
if (! LinkTarget->Buffer )
return STATUS_INSUFFICIENT_RESOURCES;

LinkTarget->MaximumLength = 512 * 2;

Status = ZwQuerySymbolicLinkObject(
/*IN HANDLE*/
LinkHandle,
/*IN OUT
PUNICODE_STRING*/ LinkTarget,
/*OUT PULONG */
&ReturnedLength OPTIONAL
);

return Status;
}

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

Nope - the link won’t be valid until after PNP has started and
enumerated the disk stack and the volume manager(s).

-p

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Moreira, Alberto
Sent: Tuesday, June 22, 2004 11:54 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] SystemRoot

Hi, Prokash,

Thanks for the code! I put it in and single stepped through it.
Unfortunately, I have the same problem with it: once I fetch the
scsi(0)disk(1)rdisk(0)partition(3) from the registry and I try to open
it, I get an STATUS_OBJECT_PATH_NOT_FOUND error status. Looks like I’m
trying to do this too soon, and maybe the link’s not built as yet ?

Alberto.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Sinha, Prokash
Sent: Monday, June 21, 2004 4:40 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] SystemRoot

Alberto,

This might help !!!

-pro

//
// ps - exercise the infrasturcture
//
{
UNICODE_STRING LinkTarget, regPath, regVal, ObjDir;
OBJECT_ATTRIBUTES oa;
UNICODE_STRING symName;
HANDLE hObjDir;

//get the SystemBootDevice
RtlInitUnicodeString( &regPath,
L"\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control" );
status = getRegValue( &regPath, &regVal,
L"SystemBootDevice" );
if (!NT_SUCCESS(status)) {
KdPrint((DRIVERNAME " - getRegValue failed\n"));
return status;
}

//open the ArcName object directory
RtlInitUnicodeString( &symName, L"\ArcName" );
InitializeObjectAttributes(&oa, &symName,
OBJ_CASE_INSENSITIVE, NULL, NULL);
status = ZwOpenDirectoryObject(&hObjDir,
DIRECTORY_ALL_ACCESS, &oa);
if (NT_SUCCESS(status)) {
//RtlInitUnicodeString( &symName,
L"multi(0)disk(0)rdisk(0)partition(2)" );
RtlInitUnicodeString( &symName, regVal.Buffer );
status = getTargetofSymbolicName( &symName,
&ObjDir, hObjDir);
//status = getTargetofSymbolicName( &regVal,
&ObjDir, hObjDir);
}
//RtlInitUnicodeString( &ObjDir,
L"\Device\Harddisk0\Partition2" );
status = getTargetofSymbolicName( &ObjDir, &LinkTarget,
NULL);

if (regVal.Buffer )
ExFreePool(regVal.Buffer);

if (ObjDir.Buffer )
ExFreePool(ObjDir.Buffer);

if (LinkTarget.Buffer )
ExFreePool(LinkTarget.Buffer);

}

return STATUS_SUCCESS;
}

NTSTATUS getRegValue( PUNICODE_STRING RegistryPath, PUNICODE_STRING
pUcValueStr, PWSTR pwchSubkeyTosrch ) {
//
UNICODE_STRING valname;
ULONG size = 0;
NTSTATUS status = ~STATUS_SUCCESS;
HANDLE hKey;
OBJECT_ATTRIBUTES oa;

if ( !RegistryPath || !pUcValueStr || !pwchSubkeyTosrch )
return status;

InitializeObjectAttributes(&oa, RegistryPath,
OBJ_CASE_INSENSITIVE, NULL, NULL);

status = ZwOpenKey(&hKey, KEY_READ, &oa);
if (!NT_SUCCESS(status)) {
KdPrint((DRIVERNAME " - Can’t open key %ws - %X\n",
RegistryPath->Buffer, status));
return status;
}

// Try to read the SystemBootDevice value, which gives the name
of the disk

//RtlInitUnicodeString(&valname, L"SystemBootDevice");
RtlInitUnicodeString(&valname, pwchSubkeyTosrch);

status = ZwQueryValueKey(hKey, &valname,
KeyValuePartialInformation, NULL, 0, &size);

if (status != STATUS_OBJECT_NAME_NOT_FOUND && size){ // found
the value
PKEY_VALUE_PARTIAL_INFORMATION vp =
(PKEY_VALUE_PARTIAL_INFORMATION) ExAllocatePool(PagedPool, size);
if (vp) { //
allocated memory okay
status = ZwQueryValueKey(hKey, &valname,
KeyValuePartialInformation, vp, size, &size);
if (NT_SUCCESS(status)) { // read value
okay

pUcValueStr->Buffer =
(PWSTR)ExAllocatePoolWithTag(PagedPool, vp->DataLength+4 , ‘FOXM’);

RtlCopyMemory(pUcValueStr->Buffer,
vp->Data, vp->DataLength);
pUcValueStr->MaximumLength =
(USHORT)vp->DataLength;

}else{
KdPrint((DRIVERNAME " -
ZwQueryValueKey(%ws) failed - %X\n", valname.Buffer, status));
}
ExFreePool(vp);// allocated memory okay
}else {
// couldn’t allocate memory
KdPrint((DRIVERNAME " - Can’t allocate %d bytes
for reading registry\n", size));
status = STATUS_INSUFFICIENT_RESOURCES;
} // couldn’t
allocate memory
} // found the
value

ZwClose(hKey);

return status;

}
//
// ps allocates pool memory for LinkTarget, that the client needs to
delete(free)
//
NTSTATUS
getTargetofSymbolicName(PUNICODE_STRING pUCsymLink, PUNICODE_STRING
LinkTarget, HANDLE rootDir) {
NTSTATUS Status = ~STATUS_SUCCESS;
HANDLE LinkHandle;
OBJECT_ATTRIBUTES ObjectAttributes;
//UNICODE_STRING LinkTarget;
ULONG ReturnedLength;
KIRQL kCurrentIrql ;

//
// Validation
//
ASSERT( ( kCurrentIrql = KeGetCurrentIrql( ) ) ==
PASSIVE_LEVEL );
if ( !pUCsymLink || !LinkTarget) return Status;

//
// open the symbolic link - for query
//

InitializeObjectAttributes(&ObjectAttributes,

pUCsymLink,

OBJ_KERNEL_HANDLE,
NULL,
NULL);

if (rootDir)
ObjectAttributes.RootDirectory = rootDir;
Status = ZwOpenSymbolicLinkObject(
/*OUT PHANDLE*/
&LinkHandle,
/*IN ACCESS_MASK */
GENERIC_READ ,
/*IN
POBJECT_ATTRIBUTES*/ &ObjectAttributes );

//allocate buffer
LinkTarget->Buffer = (PWSTR)ExAllocatePoolWithTag(PagedPool, 512
* 2 , ‘FOXM’);
if (! LinkTarget->Buffer )
return STATUS_INSUFFICIENT_RESOURCES;

LinkTarget->MaximumLength = 512 * 2;

Status = ZwQuerySymbolicLinkObject(
/*IN HANDLE*/
LinkHandle,
/*IN OUT
PUNICODE_STRING*/ LinkTarget,
/*OUT PULONG */
&ReturnedLength OPTIONAL
);

return Status;
}

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only.
It contains information that may be confidential. Unless you are the
named addressee or an authorized designee, you may not copy or use it,
or disclose it to anyone else. If you received it in error please notify
us immediately and then destroy it.

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Alberto,

As Peter said, these symlinks are created by those guys that are not totally up due to Pnp not being complete < some such things >. I was prototyping for file filters, and tested for boot-time loading, but as you mentioned you are trying much earlier.

I did not take a stab at /SOS sequencing, at any rate, I was using that piece of code on DriverEntry for file filter (ifs-k build) start time=0.

ALSO I’M TYPING ON SENDMAIL, bit difficult to type more.

-pro

Hi, Prokash,

Again, thanks for the code ! It works nicely, except that I’m trying to run
it very early in the boot sequence, so, some of those names may not be
available. Oh, well…

Alberto.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of xxxxx@garlic.com
Sent: Tuesday, June 22, 2004 4:14 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] SystemRoot

Alberto,

As Peter said, these symlinks are created by those guys that are not totally
up due to Pnp not being complete < some such things >. I was prototyping for
file filters, and tested for boot-time loading, but as you mentioned you are
trying much earlier.

I did not take a stab at /SOS sequencing, at any rate, I was using that
piece of code on DriverEntry for file filter (ifs-k build) start time=0.

ALSO I’M TYPING ON SENDMAIL, bit difficult to type more.

-pro

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.