ZwCreateFile

OSR_Community_User · July 28, 2005, 6:48am

I do not know if this is trivial and i am very careless. I use this code
in AddDevice routine

KeQuerySystemTime(&liTime);

swprintf(timestr,L"%s%d%s",L"\SystemRoot\dbg",liTime.LowPart,L".log");
RtlInitUnicodeString(&_filename,_timestr);

InitializeObjectAttributes(&_objAtrr,&_filename,OBJ_CASE_INSENSITIVE,NULL,NULL);

ulstatus = ZwCreateFile(&_hFileHandle,
GENERIC_READ | GENERIC_WRITE,
&_objAtrr,
&_ioStatusBlock,
0,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ | FILE_SHARE_DELETE,
FILE_OVERWRITE_IF,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);

I get 0xC000003A (STATUS_OBJECT_PATH_NOT_FOUND). My guess is that
SystemRoot is not assigned yet when my driver boots.
But is this possible? How the system knows how to boot itself if it does
not know the system path?

The same code i use with dispatch i/o routines and works just fine.

Help.

Tim_Roberts · July 28, 2005, 12:30pm

Nikolas Stylianides wrote:

I do not know if this is trivial and i am very careless. I use this
code in AddDevice routine

KeQuerySystemTime(&liTime);

swprintf(timestr,L"%s%d%s",L"\SystemRoot\dbg",liTime.LowPart,L".log");

RtlInitUnicodeString(&_filename,_timestr);

Not related to your problem, but I’m always wondering why people use
printf like that, adding constant strings with %s. Why not, for instance:

swprintf( timestr, L"\SystemRoot\dbg%d.log", liTime.LowPart );

It seems to me that makes the construction more clear.

InitializeObjectAttributes(&_objAtrr,&_filename,OBJ_CASE_INSENSITIVE,NULL,NULL);

ulstatus = ZwCreateFile(&_hFileHandle,
GENERIC_READ | GENERIC_WRITE,
&_objAtrr,
&_ioStatusBlock,
0,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ | FILE_SHARE_DELETE,
FILE_OVERWRITE_IF,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);

I get 0xC000003A (STATUS_OBJECT_PATH_NOT_FOUND). My guess is that
SystemRoot is not assigned yet when my driver boots.
But is this possible? How the system knows how to boot itself if it
does not know the system path?

The same code i use with dispatch i/o routines and works just fine.

You might try changing the path to \SystemRoot\System32\Drivers. I can
certainly READ files in that directory at boot time.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

OSR_Community_User · July 29, 2005, 6:48am

Tim Roberts wrote:

Nikolas Stylianides wrote:

> I do not know if this is trivial and i am very careless. I use this
> code in AddDevice routine
>
> KeQuerySystemTime(&liTime);
>
> swprintf(timestr,L"%s%d%s",L"\SystemRoot\dbg",liTime.LowPart,L".log");
>
> RtlInitUnicodeString(&_filename,_timestr);

Not related to your problem, but I’m always wondering why people use
printf like that, adding constant strings with %s. Why not, for
instance:

swprintf( timestr, L"\SystemRoot\dbg%d.log", liTime.LowPart );

It seems to me that makes the construction more clear.

>
> InitializeObjectAttributes(&_objAtrr,&_filename,OBJ_CASE_INSENSITIVE,NULL,NULL);
>
>
> ulstatus = ZwCreateFile(&_hFileHandle,
> GENERIC_READ | GENERIC_WRITE,
> &_objAtrr,
> &_ioStatusBlock,
> 0,
> FILE_ATTRIBUTE_NORMAL,
> FILE_SHARE_READ | FILE_SHARE_DELETE,
> FILE_OVERWRITE_IF,
> FILE_SYNCHRONOUS_IO_NONALERT,
> NULL,
> 0);
>
> I get 0xC000003A (STATUS_OBJECT_PATH_NOT_FOUND). My guess is that
> SystemRoot is not assigned yet when my driver boots.
> But is this possible? How the system knows how to boot itself if it
> does not know the system path?
>
> The same code i use with dispatch i/o routines and works just fine.

You might try changing the path to \SystemRoot\System32\Drivers. I
can certainly READ files in that directory at boot time.

Because if you have big blocks of strings to build is easier to look in
the first string that has the flags and find out where to find the
parameters. Is like function declaration with argv parameters. Anyway
this is just code styling.

I will check it out.

OSR_Community_User · August 1, 2005, 4:35am

Tim Roberts wrote:

Nikolas Stylianides wrote:

> I do not know if this is trivial and i am very careless. I use this
> code in AddDevice routine
>
> KeQuerySystemTime(&liTime);
>
> swprintf(timestr,L"%s%d%s",L"\SystemRoot\dbg",liTime.LowPart,L".log");
>
> RtlInitUnicodeString(&_filename,_timestr);

Not related to your problem, but I’m always wondering why people use
printf like that, adding constant strings with %s. Why not, for
instance:

swprintf( timestr, L"\SystemRoot\dbg%d.log", liTime.LowPart );

It seems to me that makes the construction more clear.

>
> InitializeObjectAttributes(&_objAtrr,&_filename,OBJ_CASE_INSENSITIVE,NULL,NULL);
>
>
> ulstatus = ZwCreateFile(&_hFileHandle,
> GENERIC_READ | GENERIC_WRITE,
> &_objAtrr,
> &_ioStatusBlock,
> 0,
> FILE_ATTRIBUTE_NORMAL,
> FILE_SHARE_READ | FILE_SHARE_DELETE,
> FILE_OVERWRITE_IF,
> FILE_SYNCHRONOUS_IO_NONALERT,
> NULL,
> 0);
>
> I get 0xC000003A (STATUS_OBJECT_PATH_NOT_FOUND). My guess is that
> SystemRoot is not assigned yet when my driver boots.
> But is this possible? How the system knows how to boot itself if it
> does not know the system path?
>
> The same code i use with dispatch i/o routines and works just fine.

You might try changing the path to \SystemRoot\System32\Drivers. I
can certainly READ files in that directory at boot time.

I tried this as well but i still get the error 0xC000003A.

OSR_Community_User · August 1, 2005, 7:45am

Tim Roberts wrote:

Nikolas Stylianides wrote:

> I do not know if this is trivial and i am very careless. I use this
> code in AddDevice routine
>
> KeQuerySystemTime(&liTime);
>
> swprintf(timestr,L"%s%d%s",L"\SystemRoot\dbg",liTime.LowPart,L".log");
>
> RtlInitUnicodeString(&_filename,_timestr);

Not related to your problem, but I’m always wondering why people use
printf like that, adding constant strings with %s. Why not, for
instance:

swprintf( timestr, L"\SystemRoot\dbg%d.log", liTime.LowPart );

It seems to me that makes the construction more clear.

>
> InitializeObjectAttributes(&_objAtrr,&_filename,OBJ_CASE_INSENSITIVE,NULL,NULL);
>
>
> ulstatus = ZwCreateFile(&_hFileHandle,
> GENERIC_READ | GENERIC_WRITE,
> &_objAtrr,
> &_ioStatusBlock,
> 0,
> FILE_ATTRIBUTE_NORMAL,
> FILE_SHARE_READ | FILE_SHARE_DELETE,
> FILE_OVERWRITE_IF,
> FILE_SYNCHRONOUS_IO_NONALERT,
> NULL,
> 0);
>
> I get 0xC000003A (STATUS_OBJECT_PATH_NOT_FOUND). My guess is that
> SystemRoot is not assigned yet when my driver boots.
> But is this possible? How the system knows how to boot itself if it
> does not know the system path?
>
> The same code i use with dispatch i/o routines and works just fine.

You might try changing the path to \SystemRoot\System32\Drivers. I
can certainly READ files in that directory at boot time.

I found what is the problem. When i declared my device to start at
system start up and not boot time everything works. Shouldn’t this work
at boot time as well?