Discussion:
Creation of file using ZwCreateFile.
(too old to reply)
Suneet Agera
2003-11-13 12:20:25 UTC
Permalink
I want to create a file using the ZwCreateFile function
and I am working in kernel mode. In his book on Windows
Driver Model Walter Oney says :
"Depending on where your device falls in the
initialization sequence, you might or might not have
access to files using normal pathnames like \??
\C:\dir\file.ext. To be safe, put your data files into
some directory below the system root directory and use a
filename like \SystemRoot\dir\file.ext."

Now initially I was doing the first and I was being
returned the error :Object Path not valid. So now I
decided to do the latter. To get SystemRoot I am using the
Windows API GetWindowsDirectory. However I get an error
while building and I suspect its bcoz GetWindowsDirectory
works only in User mode. Can someone tell me the kernel
mode API to get the SystemRoot?

Or do u thinnk something else is wrong.
vipin
2003-11-13 14:36:14 UTC
Permalink
There is no api to obtain it in kernel mode unless you do
an ioctl from usermode.
vipin
-----Original Message-----
I want to create a file using the ZwCreateFile function
and I am working in kernel mode. In his book on Windows
"Depending on where your device falls in the
initialization sequence, you might or might not have
access to files using normal pathnames like \??
\C:\dir\file.ext. To be safe, put your data files into
some directory below the system root directory and use a
filename like \SystemRoot\dir\file.ext."
Now initially I was doing the first and I was being
returned the error :Object Path not valid. So now I
decided to do the latter. To get SystemRoot I am using
the
Windows API GetWindowsDirectory. However I get an error
while building and I suspect its bcoz GetWindowsDirectory
works only in User mode. Can someone tell me the kernel
mode API to get the SystemRoot?
Or do u thinnk something else is wrong.
.
Ray Trent
2003-11-13 17:44:33 UTC
Permalink
I can't think of any non-hack ways of finding that either (some of the
ImagePath values for some of the Microsoft drivers seem to contain the
full path to %systemroot%, but that seems foolhardy to rely on).

The only reliable way I can think of is also something of a hack: you
could put the pathname in your registry keys during installation (using
a coinstaller if necessary).
Post by vipin
There is no api to obtain it in kernel mode unless you do
an ioctl from usermode.
vipin
-----Original Message-----
I want to create a file using the ZwCreateFile function
and I am working in kernel mode. In his book on Windows
"Depending on where your device falls in the
initialization sequence, you might or might not have
access to files using normal pathnames like \??
\C:\dir\file.ext. To be safe, put your data files into
some directory below the system root directory and use a
filename like \SystemRoot\dir\file.ext."
Now initially I was doing the first and I was being
returned the error :Object Path not valid. So now I
decided to do the latter. To get SystemRoot I am using
the
Windows API GetWindowsDirectory. However I get an error
while building and I suspect its bcoz GetWindowsDirectory
works only in User mode. Can someone tell me the kernel
mode API to get the SystemRoot?
Or do u thinnk something else is wrong.
.
--
../ray\..
Maxim S. Shatskih
2003-11-13 21:48:06 UTC
Permalink
Post by Ray Trent
I can't think of any non-hack ways of finding that either (some of the
More so: this is never needed :-)

For what this is needed? to access files from a driver. Then just use
\SystemRoot\... directly and this is all.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
***@storagecraft.com
http://www.storagecraft.com
CheckAbdoul
2003-11-13 17:44:01 UTC
Permalink
You can parse the boot.ini file to get the harddisk number, partition number
and win directory name and make a string as follows

CHAR sYourFile[256] = {0};

sprintf( sYourFile,
"\\Device\\HardDisk%s\\Partition%s%s\\system32\\yourfile.xyz",
sDiskNo,
sPartNo,
sWinDir
);

HTH.
--
Cheers
Check Abdoul [VC++ MVP]
-----------------------------------
Post by Suneet Agera
I want to create a file using the ZwCreateFile function
and I am working in kernel mode. In his book on Windows
"Depending on where your device falls in the
initialization sequence, you might or might not have
access to files using normal pathnames like \??
\C:\dir\file.ext. To be safe, put your data files into
some directory below the system root directory and use a
filename like \SystemRoot\dir\file.ext."
Now initially I was doing the first and I was being
returned the error :Object Path not valid. So now I
decided to do the latter. To get SystemRoot I am using the
Windows API GetWindowsDirectory. However I get an error
while building and I suspect its bcoz GetWindowsDirectory
works only in User mode. Can someone tell me the kernel
mode API to get the SystemRoot?
Or do u thinnk something else is wrong.
Maxim S. Shatskih
2003-11-13 20:56:07 UTC
Permalink
Post by Suneet Agera
initialization sequence, you might or might not have
access to files using normal pathnames like \??
\C:\dir\file.ext. To be safe, put your data files into
some directory below the system root directory and use a
filename like \SystemRoot\dir\file.ext."
...and even such a pathname can be used only at System start stage. In the init
paths of Boot drivers, you have no filesystem access, period.

I would like to add to Walter - since most of PnP/WDM drivers are loaded at
System start stage, where the drive letters are not created yet - I would
suggest to never ever use drive letters in such drivers.

FS filters are another song though, and would be subject to another set of
rather complex rules.
Post by Suneet Agera
decided to do the latter. To get SystemRoot I am using the
Windows API GetWindowsDirectory.
Sheer nonsense, the \SystemRoot\system32\drivers\... path is valid by itself, I
even suspect that it is valid in user mode too if prefixed by \?\
Post by Suneet Agera
while building and I suspect its bcoz GetWindowsDirectory
works only in User mode. Can someone tell me the kernel
mode API to get the SystemRoot?
You must not get SystemRoot in kernel mode, this is never necessary. Just use
it literally in the pathnames.

Also forget about using any Win32 functions in kernel mode. Neither of them can
be used. This is another world. Some have kernel-mode analogs, some have no.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
***@storagecraft.com
http://www.storagecraft.com
suneet.agera@wipro.com
2003-11-14 06:57:20 UTC
Permalink
I used systemroot literally as you and a few others
suggested. Well I forgot to tell u that I am on Win ME and
the issue (I think) is that ZwXXX routines cannot be used
in Win 9x. I give below what Walter Oney says. I
experienced the same : A windows Protection error. Do u
know any other routine to create a file in kernel mode?

Walter Oney says:

"The ZwXxx routines for accessing disk files don't work in
the retail release of Windows 98 because of two basic
problems-one from the architecture of Windows and the
other from what looks like an ordinary bug.

The first problem with file access has to do with the
order in which Windows 98 initializes various virtual
device drivers. The Configuration Manager (CONFIGMG.VXD)
initializes before the Installable File System Manager
(IFSMGR.VXD). WDM drivers for devices that exist at
startup time receive their IRP_MN_START_DEVICE requests
during CONFIGMG's initialization phase. But, since IFSMGR
hasn't initialized at that point, it's not possible to
perform file I/O operations by using ZwCreateFile and the
other functions discussed earlier in the chapter.
Furthermore, there's no way for a WDM driver to defer
handling IRP_MN_START_DEVICE until file system
functionality becomes available. If you don't have a
debugger like Soft-Ice/W running, the symptom you will see
is a blue screen complaining of a Windows Protection Error
while initializing CONFIGMG.

The second and more crippling problem with file access has
to do with the validity checking that ZwReadFile,
ZwWriteFile, and ZwQueryInformationFile do on their
arguments. If you supply an IO_STATUS_BLOCK in kernel-mode
memory (and there's basically no way to do anything else),
these functions probe a virtual address that doesn't
exist. The resulting page fault gets caught by a
structured exception handler and results in you getting
back STATUS_ACCESS_VIOLATION even when you've done
everything right. There is no workaround for this problem
in the July 1998 retail release of Windows 98."

However has there been an improvement in Win ME in this
regard than Win 98? I am working on a ME OS.
-----Original Message-----
Post by Suneet Agera
initialization sequence, you might or might not have
access to files using normal pathnames like \??
\C:\dir\file.ext. To be safe, put your data files into
some directory below the system root directory and use a
filename like \SystemRoot\dir\file.ext."
....and even such a pathname can be used only at System
start stage. In the init
paths of Boot drivers, you have no filesystem access,
period.
I would like to add to Walter - since most of PnP/WDM
drivers are loaded at
System start stage, where the drive letters are not
created yet - I would
suggest to never ever use drive letters in such drivers.
FS filters are another song though, and would be subject
to another set of
rather complex rules.
Post by Suneet Agera
decided to do the latter. To get SystemRoot I am using
the
Post by Suneet Agera
Windows API GetWindowsDirectory.
Sheer nonsense, the \SystemRoot\system32\drivers\... path
is valid by itself, I
even suspect that it is valid in user mode too if
prefixed by \?\
Post by Suneet Agera
while building and I suspect its bcoz
GetWindowsDirectory
Post by Suneet Agera
works only in User mode. Can someone tell me the kernel
mode API to get the SystemRoot?
You must not get SystemRoot in kernel mode, this is never
necessary. Just use
it literally in the pathnames.
Also forget about using any Win32 functions in kernel
mode. Neither of them can
be used. This is another world. Some have kernel-mode
analogs, some have no.
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
http://www.storagecraft.com
.
Loading...