How to convert "\Device\HarddiskVolume1\" to "C:\"
in [Win32 Kernel]
|
Prev: Help - inline assembly in driver code
Next: WiFi how to send OIDs from user mode (windows vista)
From: Mario Beutler on 3 Jan 2007 04:53 Hello, How to convert the following full file names into "normal" file names: \Device\HarddiskVolume1\windows\system32\lsass.exe \Device\Harddisk5\DP(1)0-0+b\test.exe \Device\LanmanRedirector\Server007\TEMP\test.exe I need the "normal" file names like: C:\windows\system32\lsass.exe J:\test.exe (<-This is a USB drive.) \\Server007\TEMP\test.exe I tried GetVolumePathNamesForVolumeName, GetVolumeNameForVolumeMountPoint, GetFullPathName and QueryDosDevice - but nothing seems to work for all cases (e.g. USB, network shares). Any ideas? Thanks. Mario
From: anton bassov on 3 Jan 2007 17:03 If you need a generic solution that works in both kernel and user mode, the whole things can be done like ZwOpenSymbolicLink() - ZwQuerySymbolicLink() sequence for each drive letter (A;B;C;D,etc. If the target volume is mounted on a partition of a basic disk, you will get a string in the form "\Device\HarddiskVolumeX\...". If the target volume is mounted on a partition of a removable USB disk, you will get a string in the form "\Device\HarddiskX\DP(1)0-0+b\..." If the target volume is a network drive, you will get a string in the form "\Device\LanmanRedirector\ServerX\...". ). In other words, you have no chance to miss your target string. If you want a solution that works only in the kernel mode, you can check IoVolumeDeviceToDosName() (or RtlVolumeDeviceToDosName(), if you want your code to run on W2K as well ) documentation on MSDN.... Anton Bassov Mario Beutler wrote: > Hello, > > How to convert the following full file names into "normal" file names: > \Device\HarddiskVolume1\windows\system32\lsass.exe > \Device\Harddisk5\DP(1)0-0+b\test.exe > \Device\LanmanRedirector\Server007\TEMP\test.exe > > I need the "normal" file names like: > C:\windows\system32\lsass.exe > J:\test.exe (<-This is a USB drive.) > \\Server007\TEMP\test.exe > > I tried GetVolumePathNamesForVolumeName, > GetVolumeNameForVolumeMountPoint, GetFullPathName and QueryDosDevice - > but nothing seems to work for all cases (e.g. USB, network shares). > Any ideas? Thanks. > > Mario
From: Mario Beutler on 4 Jan 2007 02:51 Anton, thank you for your clear answer! Mario anton bassov wrote: > If you need a generic solution that works in both kernel and user mode, > the whole things can be done like ZwOpenSymbolicLink() - > ZwQuerySymbolicLink() sequence for each drive letter (A;B;C;D,etc. If > the target volume is mounted on a partition of a basic disk, you will > get a string in the form "\Device\HarddiskVolumeX\...". If the target > volume is mounted on a partition of a removable USB disk, you will get > a string in the form "\Device\HarddiskX\DP(1)0-0+b\..." If the target > volume is a network drive, you will get a string in the form > "\Device\LanmanRedirector\ServerX\...". ). In other words, you have no > chance to miss your target string. > > > If you want a solution that works only in the kernel mode, you can > check IoVolumeDeviceToDosName() (or RtlVolumeDeviceToDosName(), if you > want your code to run on W2K as well ) documentation on MSDN.... > > > Anton Bassov > > Mario Beutler wrote: > > Hello, > > > > How to convert the following full file names into "normal" file names: > > \Device\HarddiskVolume1\windows\system32\lsass.exe > > \Device\Harddisk5\DP(1)0-0+b\test.exe > > \Device\LanmanRedirector\Server007\TEMP\test.exe > > > > I need the "normal" file names like: > > C:\windows\system32\lsass.exe > > J:\test.exe (<-This is a USB drive.) > > \\Server007\TEMP\test.exe > > > > I tried GetVolumePathNamesForVolumeName, > > GetVolumeNameForVolumeMountPoint, GetFullPathName and QueryDosDevice - > > but nothing seems to work for all cases (e.g. USB, network shares). > > Any ideas? Thanks. > > > > Mario
From: Arkady Frenkel on 4 Jan 2007 04:04 You can use ZwQueryDirectoryObject() for "GLOBAL??" too. You can see the results in WinObj.exe from sysinternals.com Arkady "Mario Beutler" <mario.beutler(a)wolke7.net> wrote in message news:1167897103.865952.302420(a)42g2000cwt.googlegroups.com... > Anton, thank you for your clear answer! > > Mario > > anton bassov wrote: >> If you need a generic solution that works in both kernel and user mode, >> the whole things can be done like ZwOpenSymbolicLink() - >> ZwQuerySymbolicLink() sequence for each drive letter (A;B;C;D,etc. If >> the target volume is mounted on a partition of a basic disk, you will >> get a string in the form "\Device\HarddiskVolumeX\...". If the target >> volume is mounted on a partition of a removable USB disk, you will get >> a string in the form "\Device\HarddiskX\DP(1)0-0+b\..." If the target >> volume is a network drive, you will get a string in the form >> "\Device\LanmanRedirector\ServerX\...". ). In other words, you have no >> chance to miss your target string. >> >> >> If you want a solution that works only in the kernel mode, you can >> check IoVolumeDeviceToDosName() (or RtlVolumeDeviceToDosName(), if you >> want your code to run on W2K as well ) documentation on MSDN.... >> >> >> Anton Bassov >> >> Mario Beutler wrote: >> > Hello, >> > >> > How to convert the following full file names into "normal" file names: >> > \Device\HarddiskVolume1\windows\system32\lsass.exe >> > \Device\Harddisk5\DP(1)0-0+b\test.exe >> > \Device\LanmanRedirector\Server007\TEMP\test.exe >> > >> > I need the "normal" file names like: >> > C:\windows\system32\lsass.exe >> > J:\test.exe (<-This is a USB drive.) >> > \\Server007\TEMP\test.exe >> > >> > I tried GetVolumePathNamesForVolumeName, >> > GetVolumeNameForVolumeMountPoint, GetFullPathName and QueryDosDevice - >> > but nothing seems to work for all cases (e.g. USB, network shares). >> > Any ideas? Thanks. >> > >> > Mario >
From: Doron Holan [MS] on 5 Jan 2007 00:33 in user mode you can just use QueryDosDevice to get the mapping without using undocumented user mode APIs. d -- Please do not send e-mail directly to this alias. this alias is for newsgroup purposes only. This posting is provided "AS IS" with no warranties, and confers no rights. "Arkady Frenkel" <arkadyf(a)hotmailxdotx.com> wrote in message news:ur0tK99LHHA.1252(a)TK2MSFTNGP02.phx.gbl... > You can use ZwQueryDirectoryObject() for "GLOBAL??" too. > You can see the results in WinObj.exe from sysinternals.com > Arkady > > "Mario Beutler" <mario.beutler(a)wolke7.net> wrote in message > news:1167897103.865952.302420(a)42g2000cwt.googlegroups.com... >> Anton, thank you for your clear answer! >> >> Mario >> >> anton bassov wrote: >>> If you need a generic solution that works in both kernel and user mode, >>> the whole things can be done like ZwOpenSymbolicLink() - >>> ZwQuerySymbolicLink() sequence for each drive letter (A;B;C;D,etc. If >>> the target volume is mounted on a partition of a basic disk, you will >>> get a string in the form "\Device\HarddiskVolumeX\...". If the target >>> volume is mounted on a partition of a removable USB disk, you will get >>> a string in the form "\Device\HarddiskX\DP(1)0-0+b\..." If the target >>> volume is a network drive, you will get a string in the form >>> "\Device\LanmanRedirector\ServerX\...". ). In other words, you have no >>> chance to miss your target string. >>> >>> >>> If you want a solution that works only in the kernel mode, you can >>> check IoVolumeDeviceToDosName() (or RtlVolumeDeviceToDosName(), if you >>> want your code to run on W2K as well ) documentation on MSDN.... >>> >>> >>> Anton Bassov >>> >>> Mario Beutler wrote: >>> > Hello, >>> > >>> > How to convert the following full file names into "normal" file names: >>> > \Device\HarddiskVolume1\windows\system32\lsass.exe >>> > \Device\Harddisk5\DP(1)0-0+b\test.exe >>> > \Device\LanmanRedirector\Server007\TEMP\test.exe >>> > >>> > I need the "normal" file names like: >>> > C:\windows\system32\lsass.exe >>> > J:\test.exe (<-This is a USB drive.) >>> > \\Server007\TEMP\test.exe >>> > >>> > I tried GetVolumePathNamesForVolumeName, >>> > GetVolumeNameForVolumeMountPoint, GetFullPathName and QueryDosDevice - >>> > but nothing seems to work for all cases (e.g. USB, network shares). >>> > Any ideas? Thanks. >>> > >>> > Mario >> > >
|
Next
|
Last
Pages: 1 2 Prev: Help - inline assembly in driver code Next: WiFi how to send OIDs from user mode (windows vista) |