Our kernel mode driver uses ZwQueryDirectoryFile() to collect information about files on the computer on which our driver has been installed. The format of the path provided to ZwQueryDirectoryFile() is rooted at \DosDevices (i.e. \DosDevices\c:\temp).
I am wondering whether it is feasible for us to permit the use of network shared folders on local and remote machines (same LAN). I’ve tried formatting a path as \DosDevices\device\sharedfolder, but it didn’t work. I’ve tried using a mapped drive, too, but it failed. Could someone please tell me whether it is possible to query shared folders and what is the correct format of full file spec?
Our kernel mode driver uses ZwQueryDirectoryFile() to collect information about files on the computer on which our driver has been installed. The format of the path provided to ZwQueryDirectoryFile() is rooted at \DosDevices (i.e. \DosDevices\c:\temp).
I am wondering whether it is feasible for us to permit the use of network shared folders on local and remote machines (same LAN). I’ve tried formatting a path as \DosDevices\device\sharedfolder, but it didn’t work. I’ve tried using a mapped drive, too, but it failed. Could someone please tell me whether it is possible to query shared folders and what is the correct format of full file spec?
The problem may be that your driver is running in a system process as a
system user, and the system user does not have permission to access
those network shares. The only solution to that is to use something
like SeImpersonateClient.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Instead of \??<path> you need to use \Device\Mup<path>
Second, you need to be running in a thread that has a user context that has access to the network resource. You could have a service that runs under a user context other than LocalSystem make the call.
Thanks Tim & Steve! I figured that \DosDevices\ wouldn’t be correct, but I couldn’t find anything about other object paths that would apply. I will read up on /Mup and look into impersonation. The good news is that with a little tweaking of our code, we can support both kinds of paths.
… Hmmmmmmmm… I need to discuss our design with the team, but I think that we may be better off creating an Agent that is installed on remote systems. The agent would consist of a WCF service (easy/secure access via LAN or WAN) and our kernel driver. Anyway, it is good to know that we have options! Thank you again!
Here’s some old code. I don’t quite remember, but I think that if I passed in a UNC path it assumes that it’s a network resource - otherwise it’s assumed to be local.
