ZwOpenFile

Thanks Max, that appears to be the offering for which the OS gods were
looking. Did that come from documentation, or like me, trying everything you
could think of until you hit the right combination, better known as the
shotgun approach to programming? If you have documentation I would love to
have the link. So far everywhere I have looked, even in the WDK, goes
traipsing off into .Net and C#.

So then the question becomes why didn’t the 64bit OS fail in the same
manner? Is the global name space different between the two OS’s?

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Tuesday, February 09, 2010 12:11 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] ZwOpenFile

\??\C:\Temp\DomainNames.csv

Try ??\Global\C:\Temp\DomainNames.csv

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4851 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

Gary,

What user context were you in? It had been my understanding that system
context got the Global directory by default. If this is not the case then I
need to look at one of my drivers under WIN7. The release was just for R2 so
I don’t know if QA tested under WIN7. I had tested under WIN7 quite awhile
ago with no issues. The driver opens a configuration file using ??\c:.…

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Tuesday, February 09, 2010 4:10 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Thanks Max, that appears to be the offering for which the OS gods were
looking. Did that come from documentation, or like me, trying everything you
could think of until you hit the right combination, better known as the
shotgun approach to programming? If you have documentation I would love to
have the link. So far everywhere I have looked, even in the WDK, goes
traipsing off into .Net and C#.

So then the question becomes why didn’t the 64bit OS fail in the same
manner? Is the global name space different between the two OS’s?

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Tuesday, February 09, 2010 12:11 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] ZwOpenFile

\??\C:\Temp\DomainNames.csv

Try ??\Global\C:\Temp\DomainNames.csv

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4851 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Gary,

I ran a x86 WIN7 test with my driver that uses ZwCreateFile to open a
configuration file. The path used is ??\c:\some path. The file was opened
from DriverEntry and it opened successfully. The file also opened
successfully from a work item.
In a somewhat related issue, I know that if you use NtCreateFile from a user
app you will get session 1 instead of the global directory if you use ??\
instead of ??\Global. I ran into this last week.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Tuesday, February 09, 2010 4:10 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Thanks Max, that appears to be the offering for which the OS gods were
looking. Did that come from documentation, or like me, trying everything you
could think of until you hit the right combination, better known as the
shotgun approach to programming? If you have documentation I would love to
have the link. So far everywhere I have looked, even in the WDK, goes
traipsing off into .Net and C#.

So then the question becomes why didn’t the 64bit OS fail in the same
manner? Is the global name space different between the two OS’s?

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Tuesday, February 09, 2010 12:11 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] ZwOpenFile

\??\C:\Temp\DomainNames.csv

Try ??\Global\C:\Temp\DomainNames.csv

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4851 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Bill,

In both 32 bit and 64 bit environments I open a powershell, Run as Admin,
session and execute a “start-service ”. I’ve been using powershell
because I can tweak registry values such as “Start” from the powershell
command line as needed.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
Sent: Tuesday, February 09, 2010 7:04 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Gary,

What user context were you in? It had been my understanding that system
context got the Global directory by default. If this is not the case then I
need to look at one of my drivers under WIN7. The release was just for R2 so
I don’t know if QA tested under WIN7. I had tested under WIN7 quite awhile
ago with no issues. The driver opens a configuration file using ??\c:.…

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Tuesday, February 09, 2010 4:10 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Thanks Max, that appears to be the offering for which the OS gods were
looking. Did that come from documentation, or like me, trying everything you
could think of until you hit the right combination, better known as the
shotgun approach to programming? If you have documentation I would love to
have the link. So far everywhere I have looked, even in the WDK, goes
traipsing off into .Net and C#.

So then the question becomes why didn’t the 64bit OS fail in the same
manner? Is the global name space different between the two OS’s?

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Tuesday, February 09, 2010 12:11 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] ZwOpenFile

> \??\C:\Temp\DomainNames.csv

Try ??\Global\C:\Temp\DomainNames.csv

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Information from ESET Smart Security, version of virus signature
database 4851 (20100209)

The message was checked by ESET Smart Security.

http://www.eset.com

Information from ESET Smart Security, version of virus signature
database 4852 (20100209)

The message was checked by ESET Smart Security.

http://www.eset.com

Information from ESET Smart Security, version of virus signature
database 4852 (20100209)

The message was checked by ESET Smart Security.

http://www.eset.com

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Information from ESET Smart Security, version of virus signature
database 4852 (20100209)

The message was checked by ESET Smart Security.

http://www.eset.com

Information from ESET Smart Security, version of virus signature
database 4852 (20100209)

The message was checked by ESET Smart Security.

http://www.eset.com

I currently open the file from DriverEntry which makes reading the file only
during driver load/initialization. That will need to change to do dynamic
updates of the loaded file without having to start/stop it.

Thanks for the information. Looks like you, David, and are about the only
folks working on WFP drivers.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
Sent: Tuesday, February 09, 2010 7:54 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Gary,

I ran a x86 WIN7 test with my driver that uses ZwCreateFile to open a
configuration file. The path used is ??\c:\some path. The file was opened
from DriverEntry and it opened successfully. The file also opened
successfully from a work item.
In a somewhat related issue, I know that if you use NtCreateFile from a user
app you will get session 1 instead of the global directory if you use ??\
instead of ??\Global. I ran into this last week.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Tuesday, February 09, 2010 4:10 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Thanks Max, that appears to be the offering for which the OS gods were
looking. Did that come from documentation, or like me, trying everything you
could think of until you hit the right combination, better known as the
shotgun approach to programming? If you have documentation I would love to
have the link. So far everywhere I have looked, even in the WDK, goes
traipsing off into .Net and C#.

So then the question becomes why didn’t the 64bit OS fail in the same
manner? Is the global name space different between the two OS’s?

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Tuesday, February 09, 2010 12:11 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] ZwOpenFile

\??\C:\Temp\DomainNames.csv

Try ??\Global\C:\Temp\DomainNames.csv

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4851 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4854 (20100210) __________

The message was checked by ESET Smart Security.

http://www.eset.com

Gary,

I know that you got this working by using Global but I am trying to
understand why that was necessary. ??\Gobal\ should always work so maybe
the rule becomes that we should always use it just to be safe. I think that
it is valid starting with XP.
FWIW I have completed two fairly simple WFP drivers, one of which is in a
shipping product and the other for a company that went out of business last
week.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Wednesday, February 10, 2010 10:08 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

I currently open the file from DriverEntry which makes reading the file only
during driver load/initialization. That will need to change to do dynamic
updates of the loaded file without having to start/stop it.

Thanks for the information. Looks like you, David, and are about the only
folks working on WFP drivers.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
Sent: Tuesday, February 09, 2010 7:54 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Gary,

I ran a x86 WIN7 test with my driver that uses ZwCreateFile to open a
configuration file. The path used is ??\c:\some path. The file was opened
from DriverEntry and it opened successfully. The file also opened
successfully from a work item.
In a somewhat related issue, I know that if you use NtCreateFile from a user
app you will get session 1 instead of the global directory if you use ??\
instead of ??\Global. I ran into this last week.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Tuesday, February 09, 2010 4:10 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Thanks Max, that appears to be the offering for which the OS gods were
looking. Did that come from documentation, or like me, trying everything you
could think of until you hit the right combination, better known as the
shotgun approach to programming? If you have documentation I would love to
have the link. So far everywhere I have looked, even in the WDK, goes
traipsing off into .Net and C#.

So then the question becomes why didn’t the 64bit OS fail in the same
manner? Is the global name space different between the two OS’s?

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Tuesday, February 09, 2010 12:11 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] ZwOpenFile

\??\C:\Temp\DomainNames.csv

Try ??\Global\C:\Temp\DomainNames.csv

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4851 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4854 (20100210) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

I don’t understand why C:\path was fine under the 64 bit OS but refused
under the 32 bit OS, when the call to ZwOpenFile was always made during
DriverEntry. That has echoes of a buggable differnce between the two
platforms. Anyway, thanks for the heads up. It sounds like my pre-pending
??\Global\ to the path and file name requested by the user will resovle the
issue.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
Sent: Wednesday, February 10, 2010 10:37 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Gary,

I know that you got this working by using Global but I am trying to
understand why that was necessary. ??\Gobal\ should always work so maybe
the rule becomes that we should always use it just to be safe. I think that
it is valid starting with XP.
FWIW I have completed two fairly simple WFP drivers, one of which is in a
shipping product and the other for a company that went out of business last
week.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Wednesday, February 10, 2010 10:08 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

I currently open the file from DriverEntry which makes reading the file only
during driver load/initialization. That will need to change to do dynamic
updates of the loaded file without having to start/stop it.

Thanks for the information. Looks like you, David, and are about the only
folks working on WFP drivers.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
Sent: Tuesday, February 09, 2010 7:54 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Gary,

I ran a x86 WIN7 test with my driver that uses ZwCreateFile to open a
configuration file. The path used is ??\c:\some path. The file was opened
from DriverEntry and it opened successfully. The file also opened
successfully from a work item.
In a somewhat related issue, I know that if you use NtCreateFile from a user
app you will get session 1 instead of the global directory if you use ??\
instead of ??\Global. I ran into this last week.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Tuesday, February 09, 2010 4:10 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Thanks Max, that appears to be the offering for which the OS gods were
looking. Did that come from documentation, or like me, trying everything you
could think of until you hit the right combination, better known as the
shotgun approach to programming? If you have documentation I would love to
have the link. So far everywhere I have looked, even in the WDK, goes
traipsing off into .Net and C#.

So then the question becomes why didn’t the 64bit OS fail in the same
manner? Is the global name space different between the two OS’s?

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Tuesday, February 09, 2010 12:11 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] ZwOpenFile

\??\C:\Temp\DomainNames.csv

Try ??\Global\C:\Temp\DomainNames.csv

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4851 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4852 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4854 (20100210) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4854 (20100210) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4854 (20100210) __________

The message was checked by ESET Smart Security.

http://www.eset.com

See the WDK topic “Local and Global MS-DOS Device Names”.

Thomas F. Divine
http://www.rawether.net

From: “Bill Wandel”
Sent: Wednesday, February 10, 2010 11:36 AM
To: “Windows System Software Devs Interest List”
Subject: RE: [ntdev] ZwOpenFile

> Gary,
>
> I know that you got this working by using Global but I am trying to
> understand why that was necessary. ??\Gobal\ should always work so maybe
> the rule becomes that we should always use it just to be safe. I think
> that
> it is valid starting with XP.
> FWIW I have completed two fairly simple WFP drivers, one of which is in a
> shipping product and the other for a company that went out of business
> last
> week.
>
> Bill Wandel
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]
> On Behalf Of Gary G. Little
> Sent: Wednesday, February 10, 2010 10:08 AM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] ZwOpenFile
>
> I currently open the file from DriverEntry which makes reading the file
> only
> during driver load/initialization. That will need to change to do dynamic
> updates of the loaded file without having to start/stop it.
>
> Thanks for the information. Looks like you, David, and are about the only
> folks working on WFP drivers.
>
> Gary G. Little
> H (952) 223-1349
> C (952) 454-4629
> xxxxx@comcast.net
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
> Sent: Tuesday, February 09, 2010 7:54 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] ZwOpenFile
>
> Gary,
>
> I ran a x86 WIN7 test with my driver that uses ZwCreateFile to open a
> configuration file. The path used is ??\c:\some path. The file was opened
> from DriverEntry and it opened successfully. The file also opened
> successfully from a work item.
> In a somewhat related issue, I know that if you use NtCreateFile from a
> user
> app you will get session 1 instead of the global directory if you use ??<br>> instead of ??\Global. I ran into this last week.
>
> Bill Wandel
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]
> On Behalf Of Gary G. Little
> Sent: Tuesday, February 09, 2010 4:10 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] ZwOpenFile
>
> Thanks Max, that appears to be the offering for which the OS gods were
> looking. Did that come from documentation, or like me, trying everything
> you
> could think of until you hit the right combination, better known as the
> shotgun approach to programming? If you have documentation I would love to
> have the link. So far everywhere I have looked, even in the WDK, goes
> traipsing off into .Net and C#.
>
> So then the question becomes why didn’t the 64bit OS fail in the same
> manner? Is the global name space different between the two OS’s?
>
> Gary G. Little
> H (952) 223-1349
> C (952) 454-4629
> xxxxx@comcast.net
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
> Sent: Tuesday, February 09, 2010 12:11 PM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] ZwOpenFile
>
>> \??\C:\Temp\DomainNames.csv
>
> Try ??\Global\C:\Temp\DomainNames.csv
>
> –
> Maxim S. Shatskih
> Windows DDK MVP
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> Information from ESET Smart Security, version of virus
> signature
> database 4851 (20100209)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> Information from ESET Smart Security, version of virus
> signature
> database 4852 (20100209)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> Information from ESET Smart Security, version of virus
> signature
> database 4852 (20100209)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> Information from ESET Smart Security, version of virus
> signature
> database 4852 (20100209)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> Information from ESET Smart Security, version of virus
> signature
> database 4854 (20100210)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

Thanks Thomas. That increases the warm fuzzy feeling that ??\Global\ is the
correct way to address the file.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Thomas F. Divine
Sent: Wednesday, February 10, 2010 10:58 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] ZwOpenFile

See the WDK topic “Local and Global MS-DOS Device Names”.

Thomas F. Divine
http://www.rawether.net

From: “Bill Wandel”
Sent: Wednesday, February 10, 2010 11:36 AM
To: “Windows System Software Devs Interest List”
Subject: RE: [ntdev] ZwOpenFile

> Gary,
>
> I know that you got this working by using Global but I am trying to
> understand why that was necessary. ??\Gobal\ should always work so maybe
> the rule becomes that we should always use it just to be safe. I think
> that
> it is valid starting with XP.
> FWIW I have completed two fairly simple WFP drivers, one of which is in a
> shipping product and the other for a company that went out of business
> last
> week.
>
> Bill Wandel
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]
> On Behalf Of Gary G. Little
> Sent: Wednesday, February 10, 2010 10:08 AM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] ZwOpenFile
>
> I currently open the file from DriverEntry which makes reading the file
> only
> during driver load/initialization. That will need to change to do dynamic
> updates of the loaded file without having to start/stop it.
>
> Thanks for the information. Looks like you, David, and are about the only
> folks working on WFP drivers.
>
> Gary G. Little
> H (952) 223-1349
> C (952) 454-4629
> xxxxx@comcast.net
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
> Sent: Tuesday, February 09, 2010 7:54 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] ZwOpenFile
>
> Gary,
>
> I ran a x86 WIN7 test with my driver that uses ZwCreateFile to open a
> configuration file. The path used is ??\c:\some path. The file was opened
> from DriverEntry and it opened successfully. The file also opened
> successfully from a work item.
> In a somewhat related issue, I know that if you use NtCreateFile from a
> user
> app you will get session 1 instead of the global directory if you use ??<br>> instead of ??\Global. I ran into this last week.
>
> Bill Wandel
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]
> On Behalf Of Gary G. Little
> Sent: Tuesday, February 09, 2010 4:10 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] ZwOpenFile
>
> Thanks Max, that appears to be the offering for which the OS gods were
> looking. Did that come from documentation, or like me, trying everything
> you
> could think of until you hit the right combination, better known as the
> shotgun approach to programming? If you have documentation I would love to
> have the link. So far everywhere I have looked, even in the WDK, goes
> traipsing off into .Net and C#.
>
> So then the question becomes why didn’t the 64bit OS fail in the same
> manner? Is the global name space different between the two OS’s?
>
> Gary G. Little
> H (952) 223-1349
> C (952) 454-4629
> xxxxx@comcast.net
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
> Sent: Tuesday, February 09, 2010 12:11 PM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] ZwOpenFile
>
>> \??\C:\Temp\DomainNames.csv
>
> Try ??\Global\C:\Temp\DomainNames.csv
>
> –
> Maxim S. Shatskih
> Windows DDK MVP
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> Information from ESET Smart Security, version of virus
> signature
> database 4851 (20100209)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> Information from ESET Smart Security, version of virus
> signature
> database 4852 (20100209)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> Information from ESET Smart Security, version of virus
> signature
> database 4852 (20100209)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> Information from ESET Smart Security, version of virus
> signature
> database 4852 (20100209)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> Information from ESET Smart Security, version of virus
> signature
> database 4854 (20100210)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Information from ESET Smart Security, version of virus signature
database 4854 (20100210)

The message was checked by ESET Smart Security.

http://www.eset.com

Information from ESET Smart Security, version of virus signature
database 4854 (20100210)

The message was checked by ESET Smart Security.

http://www.eset.com

Hmmmm…

I happy, very happy, that Gary got this working. I’m just not sure WHY he got it working, or what was wrong in the first place.

In the context of the system process: ??\ == \DosDevices\ == \Global??\ … That is, always the global name table. Which makes sense… what session would the system process be IN?

I must admit to never having heard of the construction \DosDevices\Global

From user mode, \DosDevices\ == ??\ and should result in the local session-based name table being used, and if the target is not found, the global name table would be searched.

I guess (even after reading this thread) I’m not entirely sure whether Gary was opening this file from his driver entry entry point (mentioned at one point) or from an application.

In any case, I’ll be, at the very least, perplexed – but interested to discover – if somebody tells me that some variation of Windows works differently from what I described above.

Peter
OSR

The driver is Demant Start.
The file is opened and read during DriverEntry.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Wednesday, February 10, 2010 3:17 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwOpenFile

Hmmmm…

I happy, very happy, that Gary got this working. I’m just not sure WHY he
got it working, or what was wrong in the first place.

In the context of the system process: ??\ == \DosDevices\ == \Global??\
… That is, always the global name table. Which makes sense… what
session would the system process be IN?

I must admit to never having heard of the construction \DosDevices\Global

From user mode, \DosDevices\ == ??\ and should result in the local
session-based name table being used, and if the target is not found, the
global name table would be searched.

I guess (even after reading this thread) I’m not entirely sure whether Gary
was opening this file from his driver entry entry point (mentioned at one
point) or from an application.

In any case, I’ll be, at the very least, perplexed – but interested to
discover – if somebody tells me that some variation of Windows works
differently from what I described above.

Peter
OSR

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4855 (20100210) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4856 (20100210) __________

The message was checked by ESET Smart Security.

http://www.eset.com

I’m trying to cogently summarize the problem and the result…

And you’re saying that, from the context of the system process:

a) A ZwCreateFile for the name ??\C:\bob.txt did not work on 32-bit Win7 (with C: in the global name table)

b) That same operation and format DID work on x64 Win7 (with C: in the global name table)

c) A name of the form ??\Global\C:\bob.txt DID work on both 32-bit and x64 Win7?

Does that summarize the problem and result?

If so, that would be a problem and probably break existing code, and that has me mildly concerned.

Or am I the only one who appears to be concerned about the implications of this because I’m missing something that’s really obvious to everyone else?

Peter
OSR

I am also very concerned about this. But, I tested on 32 bit WIN7 the other
day and did not have any problems. My driver opens ??\c:\file from both
DriverEntry and from a work item.
I don’t understand how Gary got just C:\file to work under x64 W7. The only
way this can work is if the root handle value of the OBJECT_ATTRIBUTES
structure referenced ??.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of xxxxx@osr.com
Sent: Thursday, February 11, 2010 9:49 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwOpenFile

I’m trying to cogently summarize the problem and the result…

[quote]
The file is opened and read during DriverEntry [/quote]

And you’re saying that, from the context of the system process:

a) A ZwCreateFile for the name ??\C:\bob.txt did not work on 32-bit Win7
(with C: in the global name table)

b) That same operation and format DID work on x64 Win7 (with C: in the
global name table)

c) A name of the form ??\Global\C:\bob.txt DID work on both 32-bit and x64
Win7?

Does that summarize the problem and result?

If so, that would be a problem and probably break existing code, and that
has me mildly concerned.

Or am I the only one who appears to be concerned about the implications of
this because I’m missing something that’s really obvious to everyone else?

Peter
OSR

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Right. That formulation of the name SHOULDN’T work, I agree. If it does work, it’s a coincidence or a bug, but not anything that should cause a serious problem.

And if you tested the name format ??\C:\bob.txt from the context of the system process on 32-bit Win7, and that WORKS like it should, then we’ll have to ascribe this to a garden-variety bug in Gary’s code, or cosmic rays or some weird butterfly effect.

Thanks for the reply Bill…

Peter
OSR

Bugs are that which I am currently seeking and stomping whenever found. I
would be the last to state my code does not have a bug, but thus far
everything I have seen indicates this multi-legged critter is external.

Under 64 bit Win7 ZwCreateFile did indeed accept and open a handle for
“C:\Temp\DomainNames.csv”. However, 32 bit Win7 refused every incantation of
global decorations I tried until Max suggested decorating the path with
"??\Global". I listed all of the attempts in an earlier post. {time passes
sung to the tune of Jeopardy} I chased that post down in OSROnline and here
are those attmepts:

C:\Temp\DomainNames.csv
??\C:\Temp\DomainNames.csv
\??\C:\Temp\DomainNames.csv
\DosDevices\C:\Temp\DomainNames.csv
\DosDevices\C:\Temp\DomainNames.csv
\PhysicalDrive0\Temp\DomainNames.csv
\PhysicalDrive0\Temp\DomainNames.csv

The one that is currently working:
??\Global\C:\Temp\DomainNames.csv

True all of them were simply “shotgunning” the problem. Again all of them
were tried on 32 bit Win7. Looks like I’m going to have to reinstall a 64
bit Win7 host and then create 32 bit VPCs of interested OS platforms.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Thursday, February 11, 2010 9:25 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwOpenFile

Right. That formulation of the name SHOULDN’T work, I agree. If it does
work, it’s a coincidence or a bug, but not anything that should cause a
serious problem.

And if you tested the name format ??\C:\bob.txt from the context of the
system process on 32-bit Win7, and that WORKS like it should, then we’ll
have to ascribe this to a garden-variety bug in Gary’s code, or cosmic rays
or some weird butterfly effect.

Thanks for the reply Bill…

Peter
OSR

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4858 (20100211) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4858 (20100211) __________

The message was checked by ESET Smart Security.

http://www.eset.com

Hmmmm… THAT is was confuses and concerns me.

Again, assuming we’re talking about being in kernel mode, and in the context of the system process:

??\C:\Temp\DomainNames.csv

is identical to

\DosDevices\C:\Temp\DomainNames.csv

And BOTH of those should work (assuming the presence of the drive named C and a directory on that drive named Temp).

Ah… is the directory on the media named “Temp” or is it named “temp”??? Likewise, does the filename case match? Was your create case sensitive, per chance?

The following:
C:\Temp\DomainNames.csv

Isn’t properly qualified as to the path to local C:

The following:

\??\C:\Temp\DomainNames.csv
\DosDevices\C:\Temp\DomainNames.csv
\PhysicalDrive0\Temp\DomainNames.csv

Are not valid name formations for a local file (they sorta look like a UNC path), and shouldn’t work (unless perhaps you have a remote system named PhysicalDrive0 and a share named temp… and I’m not sure that would be the correct format from kernel mode).

And like I said… I’ve never even heard of:

??\Global\C:\Temp\DomainNames.csv

It all gives me a headache. But I just want to be sure (a) I understand the rules about how this stuff works… which I think I do, and (b) that there isn’t some breaking change in Win7 that I don’t know about, that’s going to make my life, and that of some of our clients, “rather unpleasant”…

My head hurts,

Peter
OSR

What happens on Vista or XP?

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Thursday, February 11, 2010 8:19 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Bugs are that which I am currently seeking and stomping whenever found. I would be the last to state my code does not have a bug, but thus far everything I have seen indicates this multi-legged critter is external.

Under 64 bit Win7 ZwCreateFile did indeed accept and open a handle for “C:\Temp\DomainNames.csv”. However, 32 bit Win7 refused every incantation of global decorations I tried until Max suggested decorating the path with "??\Global". I listed all of the attempts in an earlier post. {time passes sung to the tune of Jeopardy} I chased that post down in OSROnline and here are those attmepts:

C:\Temp\DomainNames.csv
??\C:\Temp\DomainNames.csv
\??\C:\Temp\DomainNames.csv
\DosDevices\C:\Temp\DomainNames.csv
\DosDevices\C:\Temp\DomainNames.csv
\PhysicalDrive0\Temp\DomainNames.csv
\PhysicalDrive0\Temp\DomainNames.csv

The one that is currently working:
??\Global\C:\Temp\DomainNames.csv

True all of them were simply “shotgunning” the problem. Again all of them were tried on 32 bit Win7. Looks like I’m going to have to reinstall a 64 bit Win7 host and then create 32 bit VPCs of interested OS platforms.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Thursday, February 11, 2010 9:25 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwOpenFile

[quote]
I don’t understand how Gary got just C:\file to work under x64 W7 [/quote]

Right. That formulation of the name SHOULDN’T work, I agree. If it does work, it’s a coincidence or a bug, but not anything that should cause a serious problem.

And if you tested the name format ??\C:\bob.txt from the context of the system process on 32-bit Win7, and that WORKS like it should, then we’ll have to ascribe this to a garden-variety bug in Gary’s code, or cosmic rays or some weird butterfly effect.

Thanks for the reply Bill…

Peter
OSR

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature database 4858 (20100211) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature database 4858 (20100211) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

> Under 64 bit Win7 ZwCreateFile did indeed accept and open a handle for

“C:\Temp\DomainNames.csv”. However, 32 bit Win7 refused every incantation of

And what will !object and WinObj say on both systems? will the C: symlink be in a global space or in per-session one?

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

The code in the object manager is pretty clear.

If you specify a root directory handle in OBJECT_ATTRIBUTES then your path name cannot start with \ or you get back STATUS_OBJECT_PATH_SYNTAX_BAD.
If you don’t specify a root directory handle … then your path name MUST start with \ or you get the same status.

Looking at the code from ZwOpenFile() through to ObpLookupObjectName() I don’t how ZwOpenFile() could return anything other than that error given the snippet of code that started this thread.

-p

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Peter Wieland
Sent: Thursday, February 11, 2010 9:54 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

What happens on Vista or XP?

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Thursday, February 11, 2010 8:19 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Bugs are that which I am currently seeking and stomping whenever found. I would be the last to state my code does not have a bug, but thus far everything I have seen indicates this multi-legged critter is external.

Under 64 bit Win7 ZwCreateFile did indeed accept and open a handle for “C:\Temp\DomainNames.csv”. However, 32 bit Win7 refused every incantation of global decorations I tried until Max suggested decorating the path with "??\Global". I listed all of the attempts in an earlier post. {time passes sung to the tune of Jeopardy} I chased that post down in OSROnline and here are those attmepts:

C:\Temp\DomainNames.csv
??\C:\Temp\DomainNames.csv
\??\C:\Temp\DomainNames.csv
\DosDevices\C:\Temp\DomainNames.csv
\DosDevices\C:\Temp\DomainNames.csv
\PhysicalDrive0\Temp\DomainNames.csv
\PhysicalDrive0\Temp\DomainNames.csv

The one that is currently working:
??\Global\C:\Temp\DomainNames.csv

True all of them were simply “shotgunning” the problem. Again all of them were tried on 32 bit Win7. Looks like I’m going to have to reinstall a 64 bit Win7 host and then create 32 bit VPCs of interested OS platforms.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Thursday, February 11, 2010 9:25 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwOpenFile

[quote]
I don’t understand how Gary got just C:\file to work under x64 W7 [/quote]

Right. That formulation of the name SHOULDN’T work, I agree. If it does work, it’s a coincidence or a bug, but not anything that should cause a serious problem.

And if you tested the name format ??\C:\bob.txt from the context of the system process on 32-bit Win7, and that WORKS like it should, then we’ll have to ascribe this to a garden-variety bug in Gary’s code, or cosmic rays or some weird butterfly effect.

Thanks for the reply Bill…

Peter
OSR

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature database 4858 (20100211) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature database 4858 (20100211) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

As far as XP, that’s impossible since Windows Filtering Platform begins at
Vista, and will not run in XP. Currently I know the driver will not work in
Vista since I have use Win7 specific function calls, and I haven’t a Vista
platform currently available. That’s where the 64 bit host and multiple
VPC’s comes in.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Wieland
Sent: Thursday, February 11, 2010 11:54 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

What happens on Vista or XP?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Thursday, February 11, 2010 8:19 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Bugs are that which I am currently seeking and stomping whenever found. I
would be the last to state my code does not have a bug, but thus far
everything I have seen indicates this multi-legged critter is external.

Under 64 bit Win7 ZwCreateFile did indeed accept and open a handle for
“C:\Temp\DomainNames.csv”. However, 32 bit Win7 refused every incantation of
global decorations I tried until Max suggested decorating the path with
"??\Global". I listed all of the attempts in an earlier post. {time passes
sung to the tune of Jeopardy} I chased that post down in OSROnline and here
are those attmepts:

C:\Temp\DomainNames.csv
??\C:\Temp\DomainNames.csv
\??\C:\Temp\DomainNames.csv
\DosDevices\C:\Temp\DomainNames.csv
\DosDevices\C:\Temp\DomainNames.csv
\PhysicalDrive0\Temp\DomainNames.csv
\PhysicalDrive0\Temp\DomainNames.csv

The one that is currently working:
??\Global\C:\Temp\DomainNames.csv

True all of them were simply “shotgunning” the problem. Again all of them
were tried on 32 bit Win7. Looks like I’m going to have to reinstall a 64
bit Win7 host and then create 32 bit VPCs of interested OS platforms.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Thursday, February 11, 2010 9:25 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwOpenFile

[quote]
I don’t understand how Gary got just C:\file to work under x64 W7 [/quote]

Right. That formulation of the name SHOULDN’T work, I agree. If it does
work, it’s a coincidence or a bug, but not anything that should cause a
serious problem.

And if you tested the name format ??\C:\bob.txt from the context of the
system process on 32-bit Win7, and that WORKS like it should, then we’ll
have to ascribe this to a garden-variety bug in Gary’s code, or cosmic rays
or some weird butterfly effect.

Thanks for the reply Bill…

Peter
OSR

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4858 (20100211) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4858 (20100211) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4859 (20100211) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4859 (20100211) __________

The message was checked by ESET Smart Security.

http://www.eset.com