ZwCreatFile Failure

NTDEV
1

I’m trying to open a handle to the system drive, from a Native application on Windows Xp.
The call to ZwCreateFile is returning with status 0xC0000033, STATUS_OBJECT_NAME_INVALID

I am trying to mimic code from a W32 application which sends an ATA command using the ATA Passthrough layer.

PCWSTR deviceName = L"\\.\PhysicalDrive0";

RtlInitUnicodeString(&uniDevName, deviceName);
InitializeObjectAttributes (pObjectAttributes, &uniDevName, OBJ_CASE_INSENSITIVE, NULL, NULL);

NTStat = ZwCreateFile(pHandle, // pointer to handle
GENERIC_READ | GENERIC_WRITE,
pObjectAttributes,
&ioStatusblock,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_NO_EA_KNOWLEDGE,
NULL,
0
);

Is it obvious to anyone why the call is failing?

2

This is not really my thing, but I believe the problem is that
“\\.\PhysicalDrive0” is a win32 device name, and native
applications don’t know about those. You need to express the path as
you would in a driver.

mm

>> xxxxx@gmail.com 2007-05-15 14:57:01 >>>

I’m trying to open a handle to the system drive, from a Native
application on Windows Xp.
The call to ZwCreateFile is returning with status 0xC0000033,
STATUS_OBJECT_NAME_INVALID

I am trying to mimic code from a W32 application which sends an ATA
command using the ATA Passthrough layer.

PCWSTR deviceName = L"\\.\PhysicalDrive0";

RtlInitUnicodeString(&uniDevName, deviceName);
InitializeObjectAttributes (pObjectAttributes, &uniDevName,
OBJ_CASE_INSENSITIVE, NULL, NULL);

NTStat = ZwCreateFile(pHandle, // pointer to handle
GENERIC_READ | GENERIC_WRITE,
pObjectAttributes,
&ioStatusblock,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_NO_EA_KNOWLEDGE,
NULL,
0
);

Is it obvious to anyone why the call is failing?

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

3

The file paths you pass to ZwCreateFile are not the same as those passed to Win32 CreateFile. They are related, but not the same. The kernel namespace is a large topic, but you can gain a lot of knowledge just by downloading WinObj.exe (url below) and running it. This is the root namespace of the kernel, which is in-memory only (volatile; it’s not a filesystem), and not exposed directly to Win32. Long story short, the I/O manager uses this namespace when resolving names passed to it by NtCreateFile/ZwCreateFile. The Win32 function CreateFile changes the names you pass it, from the Win32 syntax to the NT syntax.

Try using ??\PhysicalDrive0. (Of course, quote it for C, such as L"\??\PhysicalDrive0".) If you are using WinObj, look in \GLOBAL??. There are some special rules about resolving names that begin with ??; these rules deal with session naming. Again, it’s a long topic, and I’m short on time, but this may unblock you.

http://www.microsoft.com/technet/sysinternals/SystemInformation/WinObj.mspx

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Tuesday, May 15, 2007 2:57 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] ZwCreatFile Failure

I’m trying to open a handle to the system drive, from a Native application on Windows Xp.
The call to ZwCreateFile is returning with status 0xC0000033, STATUS_OBJECT_NAME_INVALID

I am trying to mimic code from a W32 application which sends an ATA command using the ATA Passthrough layer.

PCWSTR deviceName = L"\\.\PhysicalDrive0";

RtlInitUnicodeString(&uniDevName, deviceName);
InitializeObjectAttributes (pObjectAttributes, &uniDevName, OBJ_CASE_INSENSITIVE, NULL, NULL);

NTStat = ZwCreateFile(pHandle, // pointer to handle
GENERIC_READ | GENERIC_WRITE,
pObjectAttributes,
&ioStatusblock,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_NO_EA_KNOWLEDGE,
NULL,
0
);

Is it obvious to anyone why the call is failing?

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

4

>>Try using ??\PhysicalDrive0. (Of course, quote it for C, such as L"\??\PhysicalDrive0".) If you are >>using WinObj, look in \GLOBAL??. There are some special rules about resolving names that begin >>with ??; these rules deal with session naming.

I’ve downloaded WinObj. Under Global??, the hard drives are referred to as \Device\Harddiskx\DRx
, where x is 0, 1, or whatever applies.

I will try your ?? suggestion and the way WinOBJ refers to the devices.

Thanks

5

> Under Global??, the hard drives are referred to as

\Device\Harddiskx\DRx, where x is 0, 1, or whatever applies.

You’re looking at the *target* of the symlinks. You probably still want to use \Global??\PhysicalDrive0. The fact that PhysicalDrive0 is a symbolic link is an implementation detail. You can still use \Device\Harddisk\etc, but you probably don’t want to.

From: xxxxx@lists.osr.com [xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com [xxxxx@gmail.com]
Sent: Tuesday, May 15, 2007 12:21 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwCreatFile Failure

>Try using ??\PhysicalDrive0. (Of course, quote it for C, such as L"\??\PhysicalDrive0".) If you are >>using WinObj, look in \GLOBAL??. There are some special rules about resolving names that begin >>with ??; these rules deal with session naming.

I’ve downloaded WinObj. Under Global??, the hard drives are referred to as \Device\Harddiskx\DRx
, where x is 0, 1, or whatever applies.

I will try your ?? suggestion and the way WinOBJ refers to the devices.

Thanks

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

6

>>You’re looking at the *target* of the symlinks. You probably still want to use \Global??\PhysicalDrive0.
I’m looking under global?? as you suggested. This is what is visible for the Physical hard drives

Where else should I look?

7

Nowhere else. For your purpose, \Global?? is the right place to look. It contains the symbolic link that you want. You want to use \Global??\PhysicalDrive0, because that is the “exposed” name of this object. Use the name of the symbolic link, not the name that it points to. The I/O Manager handles translating the name for you.

All I’m saying is, use the highest level of abstraction here that makes sense. Since you want physical drive NN, target \Global??\PhysicalDriveNN, and let the I/O Manager do its job of translating that to a specific device. Don’t bother with the detail that \Global??\PhysicalDrive0 is a symbolic link, and not the device itself. The objects in \Global?? are mostly (but not all) symbolic links for devices or objects in other parts of the namespace. That’s because ?? is where Win32 device names (again, actually symbolic links) live. (The namespace code handles translating ?? to either \Global?? or to a session-specific namespace; again, just an implementation detail.)

From: xxxxx@lists.osr.com [xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com [xxxxx@gmail.com]
Sent: Tuesday, May 15, 2007 3:43 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwCreatFile Failure

>You’re looking at the *target* of the symlinks. You probably still want to use \Global??\PhysicalDrive0.
I’m looking under global?? as you suggested. This is what is visible for the Physical hard drives

Where else should I look?

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer