Hi everybody,
I’m writing a simple filesystem filter that is loaded with system (as
SecurityEnhancer in the inf file) and it needs to read some data from
its configuration file as early as possible. So I’m calling ZwCreateFile
in DriverEntry, but it doesn’t work (status C000003a). I am using
“\SystemRoot\” in the path, so it is not that kind of problem. Is it
possible, that the object manager isn’t up yet? If so, how can I know
when it is? Or is there any other way to open the file during boot?
Oh, and I’m tring this on W2K with no SP - if that matters.
Thanks in advance
Peter
It sounds like you’ve made your driver a boot start driver and set your
group to start prior to the “boot file system” group. In that case, you
can’t call the file system yet because it hasn’t initialized yet (the
binary is in memory, but DriverEntry has not yet been called).
Instead, perhaps you should look in your IRP_MJ_CREATE handler to
determine if you have initialized and if not, perform the initialization
at that stage. At least at that point you have some hope that the
underlying file system is available (and if it is not, the IRP_MJ_CREATE
would presumably fail as well).
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
Looking forward to seeing you at the Next OSR File Systems Class April
4, 2004 in Boston!
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Piotr Szulc
Sent: Thursday, December 16, 2004 10:09 AM
To: ntfsd redirect
Subject: [ntfsd] ZwCreateFile
Hi everybody,
I’m writing a simple filesystem filter that is loaded with system (as
SecurityEnhancer in the inf file) and it needs to read some data from
its configuration file as early as possible. So I’m calling ZwCreateFile
in DriverEntry, but it doesn’t work (status C000003a). I am using
“\SystemRoot\” in the path, so it is not that kind of problem. Is it
possible, that the object manager isn’t up yet? If so, how can I know
when it is? Or is there any other way to open the file during boot?
Oh, and I’m tring this on W2K with no SP - if that matters.
Thanks in advance
Peter
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Thanks, I’ll try it.
Peter
On Thu, 16 Dec 2004, Tony Mason wrote:
It sounds like you’ve made your driver a boot start driver and set your
group to start prior to the “boot file system” group. In that case, you
can’t call the file system yet because it hasn’t initialized yet (the
binary is in memory, but DriverEntry has not yet been called).
Instead, perhaps you should look in your IRP_MJ_CREATE handler to
determine if you have initialized and if not, perform the initialization
at that stage. At least at that point you have some hope that the
underlying file system is available (and if it is not, the IRP_MJ_CREATE
would presumably fail as well).
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
Looking forward to seeing you at the Next OSR File Systems Class April
4, 2004 in Boston!
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Piotr Szulc
Sent: Thursday, December 16, 2004 10:09 AM
To: ntfsd redirect
Subject: [ntfsd] ZwCreateFile
Hi everybody,
I’m writing a simple filesystem filter that is loaded with system (as
SecurityEnhancer in the inf file) and it needs to read some data from
its configuration file as early as possible. So I’m calling ZwCreateFile
in DriverEntry, but it doesn’t work (status C000003a). I am using
“\SystemRoot\” in the path, so it is not that kind of problem. Is it
possible, that the object manager isn’t up yet? If so, how can I know
when it is? Or is there any other way to open the file during boot?
Oh, and I’m tring this on W2K with no SP - if that matters.
Thanks in advance
Peter
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Use SYSTEM registry instead of config files. It is accessible before
SystemRoot is mounted.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Piotr Szulc”
To: “Windows File Systems Devs Interest List”
Sent: Thursday, December 16, 2004 6:08 PM
Subject: [ntfsd] ZwCreateFile
>
> Hi everybody,
> I’m writing a simple filesystem filter that is loaded with system (as
> SecurityEnhancer in the inf file) and it needs to read some data from
> its configuration file as early as possible. So I’m calling ZwCreateFile
> in DriverEntry, but it doesn’t work (status C000003a). I am using
> “\SystemRoot\” in the path, so it is not that kind of problem. Is it
> possible, that the object manager isn’t up yet? If so, how can I know
> when it is? Or is there any other way to open the file during boot?
> Oh, and I’m tring this on W2K with no SP - if that matters.
>
> Thanks in advance
> Peter
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
I can’t do this. I have to mantain compatibility with win9x version of the
driver.
Peter
On Thu, 16 Dec 2004, Maxim S. Shatskih wrote:
Use SYSTEM registry instead of config files. It is accessible before
SystemRoot is mounted.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Piotr Szulc”
> To: “Windows File Systems Devs Interest List”
> Sent: Thursday, December 16, 2004 6:08 PM
> Subject: [ntfsd] ZwCreateFile
>
>
> >
> > Hi everybody,
> > I’m writing a simple filesystem filter that is loaded with system (as
> > SecurityEnhancer in the inf file) and it needs to read some data from
> > its configuration file as early as possible. So I’m calling ZwCreateFile
> > in DriverEntry, but it doesn’t work (status C000003a). I am using
> > “\SystemRoot\” in the path, so it is not that kind of problem. Is it
> > possible, that the object manager isn’t up yet? If so, how can I know
> > when it is? Or is there any other way to open the file during boot?
> > Oh, and I’m tring this on W2K with no SP - if that matters.
> >
> > Thanks in advance
> > Peter
> >
> > —
> > Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@student.uci.agh.edu.pl
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Then add code to your driver to read the hard drive and do your own file
system for FAT and NTFS. This should only take a year or two or three.
“Piotr Szulc” wrote in message
news:xxxxx@ntfsd…
>
> I can’t do this. I have to mantain compatibility with win9x version of the
> driver.
>
> Peter
>
> On Thu, 16 Dec 2004, Maxim S. Shatskih wrote:
>
>> Use SYSTEM registry instead of config files. It is accessible before
>> SystemRoot is mounted.
>>
>> Maxim Shatskih, Windows DDK MVP
>> StorageCraft Corporation
>> xxxxx@storagecraft.com
>> http://www.storagecraft.com
>>
>> ----- Original Message -----
>> From: “Piotr Szulc”
>> To: “Windows File Systems Devs Interest List”
>> Sent: Thursday, December 16, 2004 6:08 PM
>> Subject: [ntfsd] ZwCreateFile
>>
>>
>> >
>> > Hi everybody,
>> > I’m writing a simple filesystem filter that is loaded with system (as
>> > SecurityEnhancer in the inf file) and it needs to read some data from
>> > its configuration file as early as possible. So I’m calling
>> > ZwCreateFile
>> > in DriverEntry, but it doesn’t work (status C000003a). I am using
>> > “\SystemRoot\” in the path, so it is not that kind of problem. Is it
>> > possible, that the object manager isn’t up yet? If so, how can I know
>> > when it is? Or is there any other way to open the file during boot?
>> > Oh, and I’m tring this on W2K with no SP - if that matters.
>> >
>> > Thanks in advance
>> > Peter
>> >
>> > —
>> > Questions? First check the IFS FAQ at
>> https://www.osronline.com/article.cfm?id=17
>> >
>> > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
>> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>> >
>>
>>
>> —
>> Questions? First check the IFS FAQ at
>> https://www.osronline.com/article.cfm?id=17
>>
>> You are currently subscribed to ntfsd as: xxxxx@student.uci.agh.edu.pl
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
Or you could try to create a system thread in your
DriverEntry which will query the \SystemRoot symbolic
link every few seconds and the moment you see the it
changes from an Arc name to something else (e.g.
\Device\HardiskVolumeX.… ) you know at that moment
you can read your configuration file. This should only
take a few minutes to write. I’ve done it before and
it works.
Best regards,
Razvan
— “David J. Craig” wrote:
> Then add code to your driver to read the hard drive
> and do your own file
> system for FAT and NTFS. This should only take a
> year or two or three.
>
> “Piotr Szulc” wrote
> in message
> news:xxxxx@ntfsd…
> >
> > I can’t do this. I have to mantain compatibility
> with win9x version of the
> > driver.
> >
> > Peter
> >
> > On Thu, 16 Dec 2004, Maxim S. Shatskih wrote:
> >
> >> Use SYSTEM registry instead of config files.
> It is accessible before
> >> SystemRoot is mounted.
> >>
> >> Maxim Shatskih, Windows DDK MVP
> >> StorageCraft Corporation
> >> xxxxx@storagecraft.com
> >> http://www.storagecraft.com
> >>
> >> ----- Original Message -----
> >> From: “Piotr Szulc”
>
> >> To: “Windows File Systems Devs Interest List”
>
> >> Sent: Thursday, December 16, 2004 6:08 PM
> >> Subject: [ntfsd] ZwCreateFile
> >>
> >>
> >> >
> >> > Hi everybody,
> >> > I’m writing a simple filesystem filter that is
> loaded with system (as
> >> > SecurityEnhancer in the inf file) and it needs
> to read some data from
> >> > its configuration file as early as possible. So
> I’m calling
> >> > ZwCreateFile
> >> > in DriverEntry, but it doesn’t work (status
> C000003a). I am using
> >> > “\SystemRoot\” in the path, so it is not that
> kind of problem. Is it
> >> > possible, that the object manager isn’t up yet?
> If so, how can I know
> >> > when it is? Or is there any other way to open
> the file during boot?
> >> > Oh, and I’m tring this on W2K with no SP - if
> that matters.
> >> >
> >> > Thanks in advance
> >> > Peter
> >> >
> >> > —
> >> > Questions? First check the IFS FAQ at
> >> https://www.osronline.com/article.cfm?id=17
> >> >
> >> > You are currently subscribed to ntfsd as:
> xxxxx@storagecraft.com
> >> > To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> >> >
> >>
> >>
> >> —
> >> Questions? First check the IFS FAQ at
> >> https://www.osronline.com/article.cfm?id=17
> >>
> >> You are currently subscribed to ntfsd as:
> xxxxx@student.uci.agh.edu.pl
> >> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> >>
> >
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
No other ways. DriverEntry of the boot start driver cannot work with files.
You will need to use SYSTEM registry, even by breaking compatibility with Win9x
version.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Piotr Szulc”
To: “Windows File Systems Devs Interest List”
Sent: Friday, December 17, 2004 3:17 PM
Subject: Re: [ntfsd] ZwCreateFile
>
> I can’t do this. I have to mantain compatibility with win9x version of the
> driver.
>
> Peter
>
> On Thu, 16 Dec 2004, Maxim S. Shatskih wrote:
>
> > Use SYSTEM registry instead of config files. It is accessible before
> > SystemRoot is mounted.
> >
> > Maxim Shatskih, Windows DDK MVP
> > StorageCraft Corporation
> > xxxxx@storagecraft.com
> > http://www.storagecraft.com
> >
> > ----- Original Message -----
> > From: “Piotr Szulc”
> > To: “Windows File Systems Devs Interest List”
> > Sent: Thursday, December 16, 2004 6:08 PM
> > Subject: [ntfsd] ZwCreateFile
> >
> >
> > >
> > > Hi everybody,
> > > I’m writing a simple filesystem filter that is loaded with system (as
> > > SecurityEnhancer in the inf file) and it needs to read some data from
> > > its configuration file as early as possible. So I’m calling ZwCreateFile
> > > in DriverEntry, but it doesn’t work (status C000003a). I am using
> > > “\SystemRoot\” in the path, so it is not that kind of problem. Is it
> > > possible, that the object manager isn’t up yet? If so, how can I know
> > > when it is? Or is there any other way to open the file during boot?
> > > Oh, and I’m tring this on W2K with no SP - if that matters.
> > >
> > > Thanks in advance
> > > Peter
> > >
> > > —
> > > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> > >
> > > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@student.uci.agh.edu.pl
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Mini-filesystem stack for such a purpose (accessing some special file in a
disk filter before SystemRoot is mounted) took me - 2 month core stack,1 month
FAT, 1 month NTFS (based on Linux’s NTFS source), all of a very hard work.
All of this is read-only for sure.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “David J. Craig”
Newsgroups: ntfsd
To: “Windows File Systems Devs Interest List”
Sent: Friday, December 17, 2004 6:04 PM
Subject: Re:[ntfsd] ZwCreateFile
> Then add code to your driver to read the hard drive and do your own file
> system for FAT and NTFS. This should only take a year or two or three.
>
> “Piotr Szulc” wrote in message
> news:xxxxx@ntfsd…
> >
> > I can’t do this. I have to mantain compatibility with win9x version of the
> > driver.
> >
> > Peter
> >
> > On Thu, 16 Dec 2004, Maxim S. Shatskih wrote:
> >
> >> Use SYSTEM registry instead of config files. It is accessible before
> >> SystemRoot is mounted.
> >>
> >> Maxim Shatskih, Windows DDK MVP
> >> StorageCraft Corporation
> >> xxxxx@storagecraft.com
> >> http://www.storagecraft.com
> >>
> >> ----- Original Message -----
> >> From: “Piotr Szulc”
> >> To: “Windows File Systems Devs Interest List”
> >> Sent: Thursday, December 16, 2004 6:08 PM
> >> Subject: [ntfsd] ZwCreateFile
> >>
> >>
> >> >
> >> > Hi everybody,
> >> > I’m writing a simple filesystem filter that is loaded with system (as
> >> > SecurityEnhancer in the inf file) and it needs to read some data from
> >> > its configuration file as early as possible. So I’m calling
> >> > ZwCreateFile
> >> > in DriverEntry, but it doesn’t work (status C000003a). I am using
> >> > “\SystemRoot\” in the path, so it is not that kind of problem. Is it
> >> > possible, that the object manager isn’t up yet? If so, how can I know
> >> > when it is? Or is there any other way to open the file during boot?
> >> > Oh, and I’m tring this on W2K with no SP - if that matters.
> >> >
> >> > Thanks in advance
> >> > Peter
> >> >
> >> > —
> >> > Questions? First check the IFS FAQ at
> >> https://www.osronline.com/article.cfm?id=17
> >> >
> >> > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> >> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >> >
> >>
> >>
> >> —
> >> Questions? First check the IFS FAQ at
> >> https://www.osronline.com/article.cfm?id=17
> >>
> >> You are currently subscribed to ntfsd as: xxxxx@student.uci.agh.edu.pl
> >> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >>
> >
>
>
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
There is also IoRegisterDriverReinitialization I think.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Razvan Hobeanu”
To: “Windows File Systems Devs Interest List”
Sent: Friday, December 17, 2004 6:17 PM
Subject: Re:[ntfsd] ZwCreateFile
> Or you could try to create a system thread in your
> DriverEntry which will query the \SystemRoot symbolic
> link every few seconds and the moment you see the it
> changes from an Arc name to something else (e.g.
> \Device\HardiskVolumeX.… ) you know at that moment
> you can read your configuration file. This should only
> take a few minutes to write. I’ve done it before and
> it works.
>
> Best regards,
> Razvan
>
> — “David J. Craig” wrote:
>
> > Then add code to your driver to read the hard drive
> > and do your own file
> > system for FAT and NTFS. This should only take a
> > year or two or three.
> >
> > “Piotr Szulc” wrote
> > in message
> > news:xxxxx@ntfsd…
> > >
> > > I can’t do this. I have to mantain compatibility
> > with win9x version of the
> > > driver.
> > >
> > > Peter
> > >
> > > On Thu, 16 Dec 2004, Maxim S. Shatskih wrote:
> > >
> > >> Use SYSTEM registry instead of config files.
> > It is accessible before
> > >> SystemRoot is mounted.
> > >>
> > >> Maxim Shatskih, Windows DDK MVP
> > >> StorageCraft Corporation
> > >> xxxxx@storagecraft.com
> > >> http://www.storagecraft.com
> > >>
> > >> ----- Original Message -----
> > >> From: “Piotr Szulc”
> >
> > >> To: “Windows File Systems Devs Interest List”
> >
> > >> Sent: Thursday, December 16, 2004 6:08 PM
> > >> Subject: [ntfsd] ZwCreateFile
> > >>
> > >>
> > >> >
> > >> > Hi everybody,
> > >> > I’m writing a simple filesystem filter that is
> > loaded with system (as
> > >> > SecurityEnhancer in the inf file) and it needs
> > to read some data from
> > >> > its configuration file as early as possible. So
> > I’m calling
> > >> > ZwCreateFile
> > >> > in DriverEntry, but it doesn’t work (status
> > C000003a). I am using
> > >> > “\SystemRoot\” in the path, so it is not that
> > kind of problem. Is it
> > >> > possible, that the object manager isn’t up yet?
> > If so, how can I know
> > >> > when it is? Or is there any other way to open
> > the file during boot?
> > >> > Oh, and I’m tring this on W2K with no SP - if
> > that matters.
> > >> >
> > >> > Thanks in advance
> > >> > Peter
> > >> >
> > >> > —
> > >> > Questions? First check the IFS FAQ at
> > >> https://www.osronline.com/article.cfm?id=17
> > >> >
> > >> > You are currently subscribed to ntfsd as:
> > xxxxx@storagecraft.com
> > >> > To unsubscribe send a blank email to
> > xxxxx@lists.osr.com
> > >> >
> > >>
> > >>
> > >> —
> > >> Questions? First check the IFS FAQ at
> > >> https://www.osronline.com/article.cfm?id=17
> > >>
> > >> You are currently subscribed to ntfsd as:
> > xxxxx@student.uci.agh.edu.pl
> > >> To unsubscribe send a blank email to
> > xxxxx@lists.osr.com
> > >>
> > >
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as:
> > xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> > xxxxx@lists.osr.com
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
To the best of my knowledge that would be of no use.
This is because nt!IopReassignSystemRoot (which does
the actual change to the \SystemRoot symbolic link
from ArcName to a usable path) is called after the
driver reinitialization routines. At least, that’s
what I saw with WinDbg. Someone from Microsoft correct
me if I’m wrong.
Best regars,
Razvan
— “Maxim S. Shatskih”
wrote:
> There is also IoRegisterDriverReinitialization I
> think.
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> ----- Original Message -----
> From: “Razvan Hobeanu”
> To: “Windows File Systems Devs Interest List”
>
> Sent: Friday, December 17, 2004 6:17 PM
> Subject: Re:[ntfsd] ZwCreateFile
>
>
> > Or you could try to create a system thread in your
> > DriverEntry which will query the \SystemRoot
> symbolic
> > link every few seconds and the moment you see the
> it
> > changes from an Arc name to something else (e.g.
> > \Device\HardiskVolumeX.… ) you know at that
> moment
> > you can read your configuration file. This should
> only
> > take a few minutes to write. I’ve done it before
> and
> > it works.
> >
> > Best regards,
> > Razvan
> >
> > — “David J. Craig”
> wrote:
> >
> > > Then add code to your driver to read the hard
> drive
> > > and do your own file
> > > system for FAT and NTFS. This should only take
> a
> > > year or two or three.
> > >
> > > “Piotr Szulc”
> wrote
> > > in message
> > > news:xxxxx@ntfsd…
> > > >
> > > > I can’t do this. I have to mantain
> compatibility
> > > with win9x version of the
> > > > driver.
> > > >
> > > > Peter
> > > >
> > > > On Thu, 16 Dec 2004, Maxim S. Shatskih wrote:
> > > >
> > > >> Use SYSTEM registry instead of config
> files.
> > > It is accessible before
> > > >> SystemRoot is mounted.
> > > >>
> > > >> Maxim Shatskih, Windows DDK MVP
> > > >> StorageCraft Corporation
> > > >> xxxxx@storagecraft.com
> > > >> http://www.storagecraft.com
> > > >>
> > > >> ----- Original Message -----
> > > >> From: “Piotr Szulc”
> > >
> > > >> To: “Windows File Systems Devs Interest List”
> > >
> > > >> Sent: Thursday, December 16, 2004 6:08 PM
> > > >> Subject: [ntfsd] ZwCreateFile
> > > >>
> > > >>
> > > >> >
> > > >> > Hi everybody,
> > > >> > I’m writing a simple filesystem filter that
> is
> > > loaded with system (as
> > > >> > SecurityEnhancer in the inf file) and it
> needs
> > > to read some data from
> > > >> > its configuration file as early as
> possible. So
> > > I’m calling
> > > >> > ZwCreateFile
> > > >> > in DriverEntry, but it doesn’t work (status
> > > C000003a). I am using
> > > >> > “\SystemRoot\” in the path, so it is not
> that
> > > kind of problem. Is it
> > > >> > possible, that the object manager isn’t up
> yet?
> > > If so, how can I know
> > > >> > when it is? Or is there any other way to
> open
> > > the file during boot?
> > > >> > Oh, and I’m tring this on W2K with no SP -
> if
> > > that matters.
> > > >> >
> > > >> > Thanks in advance
> > > >> > Peter
> > > >> >
> > > >> > —
> > > >> > Questions? First check the IFS FAQ at
> > > >> https://www.osronline.com/article.cfm?id=17
> > > >> >
> > > >> > You are currently subscribed to ntfsd as:
> > > xxxxx@storagecraft.com
> > > >> > To unsubscribe send a blank email to
> > > xxxxx@lists.osr.com
> > > >> >
> > > >>
> > > >>
> > > >> —
> > > >> Questions? First check the IFS FAQ at
> > > >> https://www.osronline.com/article.cfm?id=17
> > > >>
> > > >> You are currently subscribed to ntfsd as:
> > > xxxxx@student.uci.agh.edu.pl
> > > >> To unsubscribe send a blank email to
> > > xxxxx@lists.osr.com
> > > >>
> > > >
> > >
> > >
> > >
> > > —
> > > Questions? First check the IFS FAQ at
> > > https://www.osronline.com/article.cfm?id=17
> > >
> > > You are currently subscribed to ntfsd as:
> > > xxxxx@yahoo.com
> > > To unsubscribe send a blank email to
> > > xxxxx@lists.osr.com
> > >
> >
> >
> > ________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com
> >
> > —
> > Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as:
> xxxxx@storagecraft.com
> > To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> >
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com
Are you sure that ARC names are not usable paths for disks?
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Razvan Hobeanu”
To: “Windows File Systems Devs Interest List”
Sent: Friday, December 17, 2004 11:36 PM
Subject: Re: Re:[ntfsd] ZwCreateFile
> To the best of my knowledge that would be of no use.
> This is because nt!IopReassignSystemRoot (which does
> the actual change to the \SystemRoot symbolic link
> from ArcName to a usable path) is called after the
> driver reinitialization routines. At least, that’s
> what I saw with WinDbg. Someone from Microsoft correct
> me if I’m wrong.
>
> Best regars,
> Razvan
>
> — “Maxim S. Shatskih”
> wrote:
>
> > There is also IoRegisterDriverReinitialization I
> > think.
> >
> > Maxim Shatskih, Windows DDK MVP
> > StorageCraft Corporation
> > xxxxx@storagecraft.com
> > http://www.storagecraft.com
> >
> > ----- Original Message -----
> > From: “Razvan Hobeanu”
> > To: “Windows File Systems Devs Interest List”
> >
> > Sent: Friday, December 17, 2004 6:17 PM
> > Subject: Re:[ntfsd] ZwCreateFile
> >
> >
> > > Or you could try to create a system thread in your
> > > DriverEntry which will query the \SystemRoot
> > symbolic
> > > link every few seconds and the moment you see the
> > it
> > > changes from an Arc name to something else (e.g.
> > > \Device\HardiskVolumeX.… ) you know at that
> > moment
> > > you can read your configuration file. This should
> > only
> > > take a few minutes to write. I’ve done it before
> > and
> > > it works.
> > >
> > > Best regards,
> > > Razvan
> > >
> > > — “David J. Craig”
> > wrote:
> > >
> > > > Then add code to your driver to read the hard
> > drive
> > > > and do your own file
> > > > system for FAT and NTFS. This should only take
> > a
> > > > year or two or three.
> > > >
> > > > “Piotr Szulc”
> > wrote
> > > > in message
> > > > news:xxxxx@ntfsd…
> > > > >
> > > > > I can’t do this. I have to mantain
> > compatibility
> > > > with win9x version of the
> > > > > driver.
> > > > >
> > > > > Peter
> > > > >
> > > > > On Thu, 16 Dec 2004, Maxim S. Shatskih wrote:
> > > > >
> > > > >> Use SYSTEM registry instead of config
> > files.
> > > > It is accessible before
> > > > >> SystemRoot is mounted.
> > > > >>
> > > > >> Maxim Shatskih, Windows DDK MVP
> > > > >> StorageCraft Corporation
> > > > >> xxxxx@storagecraft.com
> > > > >> http://www.storagecraft.com
> > > > >>
> > > > >> ----- Original Message -----
> > > > >> From: “Piotr Szulc”
> > > >
> > > > >> To: “Windows File Systems Devs Interest List”
> > > >
> > > > >> Sent: Thursday, December 16, 2004 6:08 PM
> > > > >> Subject: [ntfsd] ZwCreateFile
> > > > >>
> > > > >>
> > > > >> >
> > > > >> > Hi everybody,
> > > > >> > I’m writing a simple filesystem filter that
> > is
> > > > loaded with system (as
> > > > >> > SecurityEnhancer in the inf file) and it
> > needs
> > > > to read some data from
> > > > >> > its configuration file as early as
> > possible. So
> > > > I’m calling
> > > > >> > ZwCreateFile
> > > > >> > in DriverEntry, but it doesn’t work (status
> > > > C000003a). I am using
> > > > >> > “\SystemRoot\” in the path, so it is not
> > that
> > > > kind of problem. Is it
> > > > >> > possible, that the object manager isn’t up
> > yet?
> > > > If so, how can I know
> > > > >> > when it is? Or is there any other way to
> > open
> > > > the file during boot?
> > > > >> > Oh, and I’m tring this on W2K with no SP -
> > if
> > > > that matters.
> > > > >> >
> > > > >> > Thanks in advance
> > > > >> > Peter
> > > > >> >
> > > > >> > —
> > > > >> > Questions? First check the IFS FAQ at
> > > > >> https://www.osronline.com/article.cfm?id=17
> > > > >> >
> > > > >> > You are currently subscribed to ntfsd as:
> > > > xxxxx@storagecraft.com
> > > > >> > To unsubscribe send a blank email to
> > > > xxxxx@lists.osr.com
> > > > >> >
> > > > >>
> > > > >>
> > > > >> —
> > > > >> Questions? First check the IFS FAQ at
> > > > >> https://www.osronline.com/article.cfm?id=17
> > > > >>
> > > > >> You are currently subscribed to ntfsd as:
> > > > xxxxx@student.uci.agh.edu.pl
> > > > >> To unsubscribe send a blank email to
> > > > xxxxx@lists.osr.com
> > > > >>
> > > > >
> > > >
> > > >
> > > >
> > > > —
> > > > Questions? First check the IFS FAQ at
> > > > https://www.osronline.com/article.cfm?id=17
> > > >
> > > > You are currently subscribed to ntfsd as:
> > > > xxxxx@yahoo.com
> > > > To unsubscribe send a blank email to
> > > > xxxxx@lists.osr.com
> > > >
> > >
> > >
> > > ________________
> > > Do You Yahoo!?
> > > Tired of spam? Yahoo! Mail has the best spam
> > protection around
> > > http://mail.yahoo.com
> > >
> > > —
> > > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> > >
> > > You are currently subscribed to ntfsd as:
> > xxxxx@storagecraft.com
> > > To unsubscribe send a blank email to
> > xxxxx@lists.osr.com
> > >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as:
> > xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> > xxxxx@lists.osr.com
> >
>
>
>
>
>
> Do you Yahoo!?
> Meet the all-new My Yahoo! - Try it today!
> http://my.yahoo.com
>
>
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Yes, ARC names are usable paths for disks. Before
IopReassignSystemRoot is called, the SystemRoot
symbolic link contains an ArcName style path.
So, instead of
\Device\HarddiskVolumeX\WINDOWS
it looks like this:
\ArcName\multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
The SystemRoot path contains the ARC name (e.g.
multi(0)disk(0)rdisk(0)partition(1)) of the volume on
which the operating system directory tree resides.
Best regards,
Razvan
— “Maxim S. Shatskih”
wrote:
> Are you sure that ARC names are not usable paths
> for disks?
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> ----- Original Message -----
> From: “Razvan Hobeanu”
> To: “Windows File Systems Devs Interest List”
>
> Sent: Friday, December 17, 2004 11:36 PM
> Subject: Re: Re:[ntfsd] ZwCreateFile
>
>
> > To the best of my knowledge that would be of no
> use.
> > This is because nt!IopReassignSystemRoot (which
> does
> > the actual change to the \SystemRoot symbolic
> link
> > from ArcName to a usable path) is called after the
> > driver reinitialization routines. At least, that’s
> > what I saw with WinDbg. Someone from Microsoft
> correct
> > me if I’m wrong.
> >
> > Best regars,
> > Razvan
> >
> > — “Maxim S. Shatskih”
> > wrote:
> >
> > > There is also
> IoRegisterDriverReinitialization I
> > > think.
> > >
> > > Maxim Shatskih, Windows DDK MVP
> > > StorageCraft Corporation
> > > xxxxx@storagecraft.com
> > > http://www.storagecraft.com
> > >
> > > ----- Original Message -----
> > > From: “Razvan Hobeanu”
>
> > > To: “Windows File Systems Devs Interest List”
> > >
> > > Sent: Friday, December 17, 2004 6:17 PM
> > > Subject: Re:[ntfsd] ZwCreateFile
> > >
> > >
> > > > Or you could try to create a system thread in
> your
> > > > DriverEntry which will query the \SystemRoot
> > > symbolic
> > > > link every few seconds and the moment you see
> the
> > > it
> > > > changes from an Arc name to something else
> (e.g.
> > > > \Device\HardiskVolumeX.… ) you know at that
> > > moment
> > > > you can read your configuration file. This
> should
> > > only
> > > > take a few minutes to write. I’ve done it
> before
> > > and
> > > > it works.
> > > >
> > > > Best regards,
> > > > Razvan
> > > >
> > > > — “David J. Craig”
> > > wrote:
> > > >
> > > > > Then add code to your driver to read the
> hard
> > > drive
> > > > > and do your own file
> > > > > system for FAT and NTFS. This should only
> take
> > > a
> > > > > year or two or three.
> > > > >
> > > > > “Piotr Szulc”
> > > wrote
> > > > > in message
> > > > > news:xxxxx@ntfsd…
> > > > > >
> > > > > > I can’t do this. I have to mantain
> > > compatibility
> > > > > with win9x version of the
> > > > > > driver.
> > > > > >
> > > > > > Peter
> > > > > >
> > > > > > On Thu, 16 Dec 2004, Maxim S. Shatskih
> wrote:
> > > > > >
> > > > > >> Use SYSTEM registry instead of config
> > > files.
> > > > > It is accessible before
> > > > > >> SystemRoot is mounted.
> > > > > >>
> > > > > >> Maxim Shatskih, Windows DDK MVP
> > > > > >> StorageCraft Corporation
> > > > > >> xxxxx@storagecraft.com
> > > > > >> http://www.storagecraft.com
> > > > > >>
> > > > > >> ----- Original Message -----
> > > > > >> From: “Piotr Szulc”
> > > > >
> > > > > >> To: “Windows File Systems Devs Interest
> List”
> > > > >
> > > > > >> Sent: Thursday, December 16, 2004 6:08 PM
> > > > > >> Subject: [ntfsd] ZwCreateFile
> > > > > >>
> > > > > >>
> > > > > >> >
> > > > > >> > Hi everybody,
> > > > > >> > I’m writing a simple filesystem filter
> that
> > > is
> > > > > loaded with system (as
> > > > > >> > SecurityEnhancer in the inf file) and
> it
> > > needs
> > > > > to read some data from
> > > > > >> > its configuration file as early as
> > > possible. So
> > > > > I’m calling
> > > > > >> > ZwCreateFile
> > > > > >> > in DriverEntry, but it doesn’t work
> (status
> > > > > C000003a). I am using
> > > > > >> > “\SystemRoot\” in the path, so it is
> not
> > > that
> > > > > kind of problem. Is it
> > > > > >> > possible, that the object manager isn’t
> up
> > > yet?
> > > > > If so, how can I know
> > > > > >> > when it is? Or is there any other way
> to
> > > open
> > > > > the file during boot?
> > > > > >> > Oh, and I’m tring this on W2K with no
> SP -
> > > if
> > > > > that matters.
> > > > > >> >
> > > > > >> > Thanks in advance
> > > > > >> > Peter
> > > > > >> >
> > > > > >> > —
> > > > > >> > Questions? First check the IFS FAQ at
> > > > > >>
> https://www.osronline.com/article.cfm?id=17
> > > > > >> >
> > > > > >> > You are currently subscribed to ntfsd
> as:
> > > > > xxxxx@storagecraft.com
> > > > > >> > To unsubscribe send a blank email to
> > > > > xxxxx@lists.osr.com
> > > > > >> >
> > > > > >>
> > > > > >>
> > > > > >> —
> > > > > >> Questions? First check the IFS FAQ at
> > > > > >>
> https://www.osronline.com/article.cfm?id=17
> > > > > >>
> > > > > >> You are currently subscribed to ntfsd as:
> > > > > xxxxx@student.uci.agh.edu.pl
> > > > > >> To unsubscribe send a blank email to
> > > > > xxxxx@lists.osr.com
> > > > > >>
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > —
> > > > > Questions? First check the IFS FAQ at
> > > > > https://www.osronline.com/article.cfm?id=17
> > > > >
> > > > > You are currently subscribed to ntfsd as:
> > > > > xxxxx@yahoo.com
> > > > > To unsubscribe send a blank email to
> > > > > xxxxx@lists.osr.com
> > > > >
> > > >
> > > >
> > > >
> ________________
> > > > Do You Yahoo!?
> > > > Tired of spam? Yahoo! Mail has the best spam
> > > protection around
>
=== message truncated ===
Do you Yahoo!?
Send holiday email and support a worthy cause. Do good.
http://celebrity.mail.yahoo.com
> Or you could try to create a system thread in your
DriverEntry which will query the \SystemRoot symbolic
link every few seconds and the moment you see the it
Yes, this is a method I use (I call it LazyInitThread :-).
You will try to read all data, if failed then delay
the thread for some time, then do it again.
L.
This method will be probably the best in my case. Thank you and all others
for all your answers.
Regards
Peter
On Mon, 20 Dec 2004, Ladislav Zezula wrote:
> Or you could try to create a system thread in your
> DriverEntry which will query the \SystemRoot symbolic
> link every few seconds and the moment you see the it
Yes, this is a method I use (I call it LazyInitThread :-).
You will try to read all data, if failed then delay
the thread for some time, then do it again.
L.
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@student.uci.agh.edu.pl
To unsubscribe send a blank email to xxxxx@lists.osr.com