Hi,
In our driver, it calls ZwQueryFullAttributesFile to know two things.
- Existence of the file/directory
- To acquire the attributes(File or Directory)
It works fine on Windows XP and later, but not on 2000.
On Windows 2000, it fails to locale the entry point and the driver won’t be loaded.
ZwQueryFullAttributesFile is available on Windows 2000 and later
according to msdn ( http://msdn.microsoft.com/en-us/library/cc546462.aspx)
Does anyone know the way to get it work?
or
Is there alternative way to know the above two thing without opening the object?
Thanks in advance.
>>Is there alternative way to know the above two thing without opening the object?
Are you sure this API is not opening an object. it takes an object_attribute struct which is used in all object creation API if I am guessing it correctly.
Hello,
If what you want is to load your driver than why don’t you try to use MmGetSystemRoutineAddress to lookup ZwQueryFullAttributesFile function pointer. however, I use this function on Windows 2000 and having no problem at all.
This API is not exported from the lib supplied with WDK version and neither is declared in ntddk.h.
I believe it is at WDK side and if doc states that it is supported on W2k it should be supported.
you can try what andy suggested to retrieve a pointer to ZwQueryFullAttributesFile . Or first simply check the IAT of Ntoskrnl.exe at any 2K machine.
Thanks for the replies.
I checked IAT of ntoskrnl.exe on 2K machines and could not find ZwQueryFullAttributesFile…
I’ll try what Andy sugested. The driver needs to be loaded for our system at least. If we fail to get the pointer of the function, just call ZwCreateFile and get the attributes of the file.
Oops My mistake,
check EAT and not IAT as this should be exported by ntoskrnl.exe.
if it is there that you can use MmGetSystemRoutineAddress else No, you have to do createfile/query attribute stuff pon ur own.
You could open and query the directory that contains the file.
Bill Wandel
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@sciencepark.co.jp
Sent: Tuesday, February 24, 2009 9:24 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] ZwQueryFullAttributesFile
Hi,
In our driver, it calls ZwQueryFullAttributesFile to know two things.
- Existence of the file/directory
- To acquire the attributes(File or Directory)
It works fine on Windows XP and later, but not on 2000.
On Windows 2000, it fails to locale the entry point and the driver won’t be
loaded.
ZwQueryFullAttributesFile is available on Windows 2000 and later
according to msdn ( http://msdn.microsoft.com/en-us/library/cc546462.aspx)
Does anyone know the way to get it work?
or
Is there alternative way to know the above two thing without opening the
object?
Thanks in advance.
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
ZwQueryFullAttributesFile was not on EAT either.
I tried MmGetSystemRoutineAddress and now the driver is loaded.
It fails to get address of ZwQueryFullAttributesFile on Window 2000, of course.
In case of failure, I’ll createfile and query information.
Thanks for the replies. It helped me a lot!