How to convert "\Device\HarddiskVolume1\" to "C:\"
in [Win32 Kernel]
|
Prev: Help - inline assembly in driver code
Next: WiFi how to send OIDs from user mode (windows vista)
From: Arkady Frenkel on 7 Jan 2007 03:05 Sure, but that not suit all his his purposes as OP wrote from beginning Arkady "Doron Holan [MS]" <doronh(a)nospam.microsoft.com> wrote in message news:ez4n3rIMHHA.5016(a)TK2MSFTNGP04.phx.gbl... > in user mode you can just use QueryDosDevice to get the mapping without > using undocumented user mode APIs. > > d > > -- > Please do not send e-mail directly to this alias. this alias is for > newsgroup purposes only. > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > "Arkady Frenkel" <arkadyf(a)hotmailxdotx.com> wrote in message > news:ur0tK99LHHA.1252(a)TK2MSFTNGP02.phx.gbl... >> You can use ZwQueryDirectoryObject() for "GLOBAL??" too. >> You can see the results in WinObj.exe from sysinternals.com >> Arkady >> >> "Mario Beutler" <mario.beutler(a)wolke7.net> wrote in message >> news:1167897103.865952.302420(a)42g2000cwt.googlegroups.com... >>> Anton, thank you for your clear answer! >>> >>> Mario >>> >>> anton bassov wrote: >>>> If you need a generic solution that works in both kernel and user mode, >>>> the whole things can be done like ZwOpenSymbolicLink() - >>>> ZwQuerySymbolicLink() sequence for each drive letter (A;B;C;D,etc. If >>>> the target volume is mounted on a partition of a basic disk, you will >>>> get a string in the form "\Device\HarddiskVolumeX\...". If the target >>>> volume is mounted on a partition of a removable USB disk, you will get >>>> a string in the form "\Device\HarddiskX\DP(1)0-0+b\..." If the target >>>> volume is a network drive, you will get a string in the form >>>> "\Device\LanmanRedirector\ServerX\...". ). In other words, you have no >>>> chance to miss your target string. >>>> >>>> >>>> If you want a solution that works only in the kernel mode, you can >>>> check IoVolumeDeviceToDosName() (or RtlVolumeDeviceToDosName(), if you >>>> want your code to run on W2K as well ) documentation on MSDN.... >>>> >>>> >>>> Anton Bassov >>>> >>>> Mario Beutler wrote: >>>> > Hello, >>>> > >>>> > How to convert the following full file names into "normal" file >>>> > names: >>>> > \Device\HarddiskVolume1\windows\system32\lsass.exe >>>> > \Device\Harddisk5\DP(1)0-0+b\test.exe >>>> > \Device\LanmanRedirector\Server007\TEMP\test.exe >>>> > >>>> > I need the "normal" file names like: >>>> > C:\windows\system32\lsass.exe >>>> > J:\test.exe (<-This is a USB drive.) >>>> > \\Server007\TEMP\test.exe >>>> > >>>> > I tried GetVolumePathNamesForVolumeName, >>>> > GetVolumeNameForVolumeMountPoint, GetFullPathName and >>>> > QueryDosDevice - >>>> > but nothing seems to work for all cases (e.g. USB, network shares). >>>> > Any ideas? Thanks. >>>> > >>>> > Mario >>> >> >> > >
From: anton bassov on 7 Jan 2007 12:37 Arkady, > Sure, but that not suit all his his purposes as OP wrote from beginning I just avoided mentioning QueryDosDevice() simply because the OP made that clear that it supposedly does not work for him. Instead, I proposed him a solution with ZwOpenSymbolicLinkObject() - ZwQuerySymbolicLinkObject() pair , and he seems to be happy with it. The funny part here is that ZwOpenSymbolicLinkObject()-ZwQuerySymbolicLinkObject() pair, is, in actuality, nothing more that just QueryDosDevice()'s internal implementation - he is going to achieve *EXACTLY* the same results with QueryDosDevice()..... Anton Bassov Arkady Frenkel wrote: > Sure, but that not suit all his his purposes as OP wrote from beginning > Arkady > > "Doron Holan [MS]" <doronh(a)nospam.microsoft.com> wrote in message > news:ez4n3rIMHHA.5016(a)TK2MSFTNGP04.phx.gbl... > > in user mode you can just use QueryDosDevice to get the mapping without > > using undocumented user mode APIs. > > > > d > > > > -- > > Please do not send e-mail directly to this alias. this alias is for > > newsgroup purposes only. > > This posting is provided "AS IS" with no warranties, and confers no > > rights. > > > > > > "Arkady Frenkel" <arkadyf(a)hotmailxdotx.com> wrote in message > > news:ur0tK99LHHA.1252(a)TK2MSFTNGP02.phx.gbl... > >> You can use ZwQueryDirectoryObject() for "GLOBAL??" too. > >> You can see the results in WinObj.exe from sysinternals.com > >> Arkady > >> > >> "Mario Beutler" <mario.beutler(a)wolke7.net> wrote in message > >> news:1167897103.865952.302420(a)42g2000cwt.googlegroups.com... > >>> Anton, thank you for your clear answer! > >>> > >>> Mario > >>> > >>> anton bassov wrote: > >>>> If you need a generic solution that works in both kernel and user mode, > >>>> the whole things can be done like ZwOpenSymbolicLink() - > >>>> ZwQuerySymbolicLink() sequence for each drive letter (A;B;C;D,etc. If > >>>> the target volume is mounted on a partition of a basic disk, you will > >>>> get a string in the form "\Device\HarddiskVolumeX\...". If the target > >>>> volume is mounted on a partition of a removable USB disk, you will get > >>>> a string in the form "\Device\HarddiskX\DP(1)0-0+b\..." If the target > >>>> volume is a network drive, you will get a string in the form > >>>> "\Device\LanmanRedirector\ServerX\...". ). In other words, you have no > >>>> chance to miss your target string. > >>>> > >>>> > >>>> If you want a solution that works only in the kernel mode, you can > >>>> check IoVolumeDeviceToDosName() (or RtlVolumeDeviceToDosName(), if you > >>>> want your code to run on W2K as well ) documentation on MSDN.... > >>>> > >>>> > >>>> Anton Bassov > >>>> > >>>> Mario Beutler wrote: > >>>> > Hello, > >>>> > > >>>> > How to convert the following full file names into "normal" file > >>>> > names: > >>>> > \Device\HarddiskVolume1\windows\system32\lsass.exe > >>>> > \Device\Harddisk5\DP(1)0-0+b\test.exe > >>>> > \Device\LanmanRedirector\Server007\TEMP\test.exe > >>>> > > >>>> > I need the "normal" file names like: > >>>> > C:\windows\system32\lsass.exe > >>>> > J:\test.exe (<-This is a USB drive.) > >>>> > \\Server007\TEMP\test.exe > >>>> > > >>>> > I tried GetVolumePathNamesForVolumeName, > >>>> > GetVolumeNameForVolumeMountPoint, GetFullPathName and > >>>> > QueryDosDevice - > >>>> > but nothing seems to work for all cases (e.g. USB, network shares). > >>>> > Any ideas? Thanks. > >>>> > > >>>> > Mario > >>> > >> > >> > > > >
From: Arkady Frenkel on 8 Jan 2007 02:21 Yes, only Mario can explain why he doesn't like QueryDosDevice() , for sure for "C:\" it do return "\Device\HarddiskVolume1\" :) Arkady "anton bassov" <soviet_bloke(a)hotmail.com> wrote in message news:1168191460.213505.46690(a)42g2000cwt.googlegroups.com... > Arkady, > >> Sure, but that not suit all his his purposes as OP wrote from beginning > > I just avoided mentioning QueryDosDevice() simply because the OP made > that clear that it supposedly does not work for him. Instead, I > proposed him a solution with ZwOpenSymbolicLinkObject() - > ZwQuerySymbolicLinkObject() pair , and he seems to be happy with it. > The funny part here is that > ZwOpenSymbolicLinkObject()-ZwQuerySymbolicLinkObject() pair, is, in > actuality, nothing more that just QueryDosDevice()'s internal > implementation - he is going to achieve *EXACTLY* the same results with > QueryDosDevice()..... > > > > Anton Bassov > > > > Arkady Frenkel wrote: >> Sure, but that not suit all his his purposes as OP wrote from beginning >> Arkady >> >> "Doron Holan [MS]" <doronh(a)nospam.microsoft.com> wrote in message >> news:ez4n3rIMHHA.5016(a)TK2MSFTNGP04.phx.gbl... >> > in user mode you can just use QueryDosDevice to get the mapping without >> > using undocumented user mode APIs. >> > >> > d >> > >> > -- >> > Please do not send e-mail directly to this alias. this alias is for >> > newsgroup purposes only. >> > This posting is provided "AS IS" with no warranties, and confers no >> > rights. >> > >> > >> > "Arkady Frenkel" <arkadyf(a)hotmailxdotx.com> wrote in message >> > news:ur0tK99LHHA.1252(a)TK2MSFTNGP02.phx.gbl... >> >> You can use ZwQueryDirectoryObject() for "GLOBAL??" too. >> >> You can see the results in WinObj.exe from sysinternals.com >> >> Arkady >> >> >> >> "Mario Beutler" <mario.beutler(a)wolke7.net> wrote in message >> >> news:1167897103.865952.302420(a)42g2000cwt.googlegroups.com... >> >>> Anton, thank you for your clear answer! >> >>> >> >>> Mario >> >>> >> >>> anton bassov wrote: >> >>>> If you need a generic solution that works in both kernel and user >> >>>> mode, >> >>>> the whole things can be done like ZwOpenSymbolicLink() - >> >>>> ZwQuerySymbolicLink() sequence for each drive letter (A;B;C;D,etc. >> >>>> If >> >>>> the target volume is mounted on a partition of a basic disk, you >> >>>> will >> >>>> get a string in the form "\Device\HarddiskVolumeX\...". If the >> >>>> target >> >>>> volume is mounted on a partition of a removable USB disk, you will >> >>>> get >> >>>> a string in the form "\Device\HarddiskX\DP(1)0-0+b\..." If the >> >>>> target >> >>>> volume is a network drive, you will get a string in the form >> >>>> "\Device\LanmanRedirector\ServerX\...". ). In other words, you have >> >>>> no >> >>>> chance to miss your target string. >> >>>> >> >>>> >> >>>> If you want a solution that works only in the kernel mode, you can >> >>>> check IoVolumeDeviceToDosName() (or RtlVolumeDeviceToDosName(), if >> >>>> you >> >>>> want your code to run on W2K as well ) documentation on MSDN.... >> >>>> >> >>>> >> >>>> Anton Bassov >> >>>> >> >>>> Mario Beutler wrote: >> >>>> > Hello, >> >>>> > >> >>>> > How to convert the following full file names into "normal" file >> >>>> > names: >> >>>> > \Device\HarddiskVolume1\windows\system32\lsass.exe >> >>>> > \Device\Harddisk5\DP(1)0-0+b\test.exe >> >>>> > \Device\LanmanRedirector\Server007\TEMP\test.exe >> >>>> > >> >>>> > I need the "normal" file names like: >> >>>> > C:\windows\system32\lsass.exe >> >>>> > J:\test.exe (<-This is a USB >> >>>> > drive.) >> >>>> > \\Server007\TEMP\test.exe >> >>>> > >> >>>> > I tried GetVolumePathNamesForVolumeName, >> >>>> > GetVolumeNameForVolumeMountPoint, GetFullPathName and >> >>>> > QueryDosDevice - >> >>>> > but nothing seems to work for all cases (e.g. USB, network >> >>>> > shares). >> >>>> > Any ideas? Thanks. >> >>>> > >> >>>> > Mario >> >>> >> >> >> >> >> > >> > >
From: eran.borovik on 8 Jan 2007 03:32 One should remember that in dynamic volumes the story is more complicated, because the drive letter points to another symbolic link instead of the device object name. The second symbolic link is in the device name space and therefore isn't really accessible from user-mode with QueryDosDevice. Regards, Eran. Arkady Frenkel wrote: > Yes, only Mario can explain why he doesn't like QueryDosDevice() , for sure > for "C:\" it do return "\Device\HarddiskVolume1\" :) > Arkady > > "anton bassov" <soviet_bloke(a)hotmail.com> wrote in message > news:1168191460.213505.46690(a)42g2000cwt.googlegroups.com... > > Arkady, > > > >> Sure, but that not suit all his his purposes as OP wrote from beginning > > > > I just avoided mentioning QueryDosDevice() simply because the OP made > > that clear that it supposedly does not work for him. Instead, I > > proposed him a solution with ZwOpenSymbolicLinkObject() - > > ZwQuerySymbolicLinkObject() pair , and he seems to be happy with it. > > The funny part here is that > > ZwOpenSymbolicLinkObject()-ZwQuerySymbolicLinkObject() pair, is, in > > actuality, nothing more that just QueryDosDevice()'s internal > > implementation - he is going to achieve *EXACTLY* the same results with > > QueryDosDevice()..... > > > > > > > > Anton Bassov > > > > > > > > Arkady Frenkel wrote: > >> Sure, but that not suit all his his purposes as OP wrote from beginning > >> Arkady > >> > >> "Doron Holan [MS]" <doronh(a)nospam.microsoft.com> wrote in message > >> news:ez4n3rIMHHA.5016(a)TK2MSFTNGP04.phx.gbl... > >> > in user mode you can just use QueryDosDevice to get the mapping without > >> > using undocumented user mode APIs. > >> > > >> > d > >> > > >> > -- > >> > Please do not send e-mail directly to this alias. this alias is for > >> > newsgroup purposes only. > >> > This posting is provided "AS IS" with no warranties, and confers no > >> > rights. > >> > > >> > > >> > "Arkady Frenkel" <arkadyf(a)hotmailxdotx.com> wrote in message > >> > news:ur0tK99LHHA.1252(a)TK2MSFTNGP02.phx.gbl... > >> >> You can use ZwQueryDirectoryObject() for "GLOBAL??" too. > >> >> You can see the results in WinObj.exe from sysinternals.com > >> >> Arkady > >> >> > >> >> "Mario Beutler" <mario.beutler(a)wolke7.net> wrote in message > >> >> news:1167897103.865952.302420(a)42g2000cwt.googlegroups.com... > >> >>> Anton, thank you for your clear answer! > >> >>> > >> >>> Mario > >> >>> > >> >>> anton bassov wrote: > >> >>>> If you need a generic solution that works in both kernel and user > >> >>>> mode, > >> >>>> the whole things can be done like ZwOpenSymbolicLink() - > >> >>>> ZwQuerySymbolicLink() sequence for each drive letter (A;B;C;D,etc. > >> >>>> If > >> >>>> the target volume is mounted on a partition of a basic disk, you > >> >>>> will > >> >>>> get a string in the form "\Device\HarddiskVolumeX\...". If the > >> >>>> target > >> >>>> volume is mounted on a partition of a removable USB disk, you will > >> >>>> get > >> >>>> a string in the form "\Device\HarddiskX\DP(1)0-0+b\..." If the > >> >>>> target > >> >>>> volume is a network drive, you will get a string in the form > >> >>>> "\Device\LanmanRedirector\ServerX\...". ). In other words, you have > >> >>>> no > >> >>>> chance to miss your target string. > >> >>>> > >> >>>> > >> >>>> If you want a solution that works only in the kernel mode, you can > >> >>>> check IoVolumeDeviceToDosName() (or RtlVolumeDeviceToDosName(), if > >> >>>> you > >> >>>> want your code to run on W2K as well ) documentation on MSDN.... > >> >>>> > >> >>>> > >> >>>> Anton Bassov > >> >>>> > >> >>>> Mario Beutler wrote: > >> >>>> > Hello, > >> >>>> > > >> >>>> > How to convert the following full file names into "normal" file > >> >>>> > names: > >> >>>> > \Device\HarddiskVolume1\windows\system32\lsass.exe > >> >>>> > \Device\Harddisk5\DP(1)0-0+b\test.exe > >> >>>> > \Device\LanmanRedirector\Server007\TEMP\test.exe > >> >>>> > > >> >>>> > I need the "normal" file names like: > >> >>>> > C:\windows\system32\lsass.exe > >> >>>> > J:\test.exe (<-This is a USB > >> >>>> > drive.) > >> >>>> > \\Server007\TEMP\test.exe > >> >>>> > > >> >>>> > I tried GetVolumePathNamesForVolumeName, > >> >>>> > GetVolumeNameForVolumeMountPoint, GetFullPathName and > >> >>>> > QueryDosDevice - > >> >>>> > but nothing seems to work for all cases (e.g. USB, network > >> >>>> > shares). > >> >>>> > Any ideas? Thanks. > >> >>>> > > >> >>>> > Mario > >> >>> > >> >> > >> >> > >> > > >> > > >
From: Mario Beutler on 17 Jan 2007 03:05 Arkady Frenkel wrote: > Yes, only Mario can explain why he doesn't like QueryDosDevice() , for sure > for "C:\" it do return "\Device\HarddiskVolume1\" :) > Arkady There is no easy and fast way to translate "\Device\LanmanRedirector\Server007\TEMP\test.exe" via QueryDosDevice. Mario
First
|
Prev
|
Pages: 1 2 Prev: Help - inline assembly in driver code Next: WiFi how to send OIDs from user mode (windows vista) |