access NTFS ADS from kernel mode driver

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Drivers
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Issue with IoGetDeviceInterfaces() I am trying to get list of hard disks in my computer with IoGetDeviceInterface(). Here is the code: DbgPrint( "About to list hard disk devices\n" ); nResult = IoGetDeviceInterfaces( (LPGUID)&GUID_DEVCLASS_DISKDRIVE, NULL, 0, &pDeviceList ); if (nResult != STATUS_SUCCESS) { DbgPrint( "IoGetDeviceInterfaces() failed with error %d\n", nResult ); } else { pTemp = pDeviceList; DbgPrint( "Printing device list (%d)\n", 0xffff & *pTemp ); while (*pTemp != UNICODE_NULL) { RtlInitUnicodeString( &sTemp, pTemp ); nResult = IoGetDeviceObjectPointer ( &sTemp, FILE_ALL_ACCESS, NULL, &pDO ); if (nResult != STATUS_SUCCESS) { DbgPrint( "IoGetDeviceObjectPointer() returned %x\n", nResult ); } else { // TODO: ObDeferenceObject( pDO ) } pTemp += (sTemp.Length + sizeof( UNICODE_NULL )) / sizeof( WCHAR ); } // TODO: ExFreePool( pDeviceList ); } I used code in src\Swtuner\BDAtuner\gentuner\Filter.cpp as an example. It's quite strange, but I am getting empty list. Here are the debug printouts: About to list hard disk devices Printing device list (0) This is despite I do have a hard disk in my machine. Also, devcon shows it clearly. Any ideas what's the problem and how to get this thing working? Thanks! Tag: access NTFS ADS from kernel mode driver Tag: 92954
  - 2
    - Authenticode on Win2003 Hi, I am trying to sign a driver for Win2003 with authenticode using a valid certificate which I successfully used for signing user mode software. After lots of digging through a number "step by step" guides by Microsoft I managed to create a cat file and sign it. When I install the driver, I can't see it differs in any way from the unsigned version. I see the same "unsigned driver" prompt, and the driver is shown unsigned in Device Manager. I would expect at least an "invalid signature" warning or so - after all, the INF file refers to CAT. I've come across http://www.osronline.com/showThread.cfm?link=105933 where people say a driver is displayed as unsigned in Device Manager unless it has a WHQL signature. Now let's say my driver is signed with Authenticode. How can a user check the validity of my driver's authenticode signature AFTER the driver is installed? Thanks Tag: access NTFS ADS from kernel mode driver Tag: 92949
  - 3
    - wdk build option -why In WDK, to build my driver if I do just "build", for some reason it doesn't recompile one C source file even if one of the header files that it includes gets renewed. I just found out that it does recompile the file if I do "build -v". Then I found out doing "build -v" ALWAYS recompile this file even if nothing is newer than the obj file. So I wanted to know why it recompiles this particular C source file, thus I did "build -v -why". Then it says: Compiling myfile.c because (Case 5) *2 Can you tell me what it means? Thanks. Tag: access NTFS ADS from kernel mode driver Tag: 92948
  - 4
    - Is this newsgroup managed at all? Hi, This newsgroup is listed at http://msdn2.microsoft.com/en-us/subscriptions/aa974230.aspx as "managed". The MSDN subscription terms promise an answer from Microsoft within two business days if a question was asked in a managed newsgroup using a registered alias. I see some attempts by apparently Microsoft's employees to answer questions at other managed newsgroups, like http://groups.google.com/group/microsoft.public.dotnet.languages.csharp/browse_frm/thread/b478be458ad64061/90807618033bfbd5?lnk=st&q=muriwai+group%3Amicrosoft.public.dotnet.languages.csharp&rnum=2&hl=en#90807618033bfbd5. This does not seems to be the case here. I am just curious. Thanks Tag: access NTFS ADS from kernel mode driver Tag: 92947
  - 5
    - kmdf kbfiltr.sys on Win2000 When I build kbfiltr for Win2000 and install the filter using the sample INF file, I can use kbftest to access the driver. If I reinstall the driver on top of itself on Win2000, the device stops working and kbftest can no longer access the driver. Note that reinstalling on top of itself is is not a problem on WinXP or Vista. How can I reinstall kbfiltr.sys on top of itself under Win2000? I need a programatic way to do this. Tag: access NTFS ADS from kernel mode driver Tag: 92945
  - 6
    - Loading Windows XP over DOS We have a bootable CD that is designed to boot MS-DOS7, load himem.sys and emm386.exe, connect to and map a network drive. It has become necessary to load Windows XP at that point after DOS is loaded and without a reboot. To that end, I have written a DOS program that locates the Windows boot record, loads it into memory and starts running it. I immediately get a divide by zero error after I jump to the Windows boot record. I tried clearing the bottom 64K of memory (did nothing) and then clearing all memory except the segment containing the Windows boot record (forced reboot) and neither method permitted Windows to load. Is there a way (maybe clearing a memory location, changing an interrupt vector, forcing drivers to unload) to make DOS go away quietly and continue loading Windows without rebooting the system? Thanks, Evan Hicks Tag: access NTFS ADS from kernel mode driver Tag: 92942
  - 7
    - SetupDiGetDriverInstallParams returns 0 for Rank identifier score I have an application that is looking at existing drivers. It creates an HDEVINFO with all present devices using SetupDiGetClassDevs, walks through them with SetupDiEnumDeviceInfo, gets a bunch of information with SetupDiGetDeviceRegistryProperty, and finds the current driver. All of that works. When it calls SetupDiGetDriverInstallParams, the Flags returned look correct, but the Rank returned does not. On XP, the Rank returned is always 0. On Vista, the Rank returned is usually 0dff0000, although for one NVidia driver it is 0dfd0000. Comparing the Rank returned by SetupDiGetDriverInstallParams with the Rank shown in windows\inf\setupapi.dev.log, the upper word matches, but the lower word has been masked out. For example, the NVidia driver logs a Rank of 0dfd0001. In other words, the API is not returning the identifier score. Is this a SetupDiGetDriverInstallParams API bug? Am I doing something incorrectly in the call? Or is the SetupDiGetDriverInstallParams API not intended for this scenario? -- martin Tag: access NTFS ADS from kernel mode driver Tag: 92941
  - 8
    - USB driver performance question I am developing an application that communicates with a proprietary USB composite device (mass storage, HID). The USB device acts as a USB-IR cable to permit our application to talk to IR devices through the HID interface. We have very stringent performance requirements for device communication and we're having some interesting results as we test some differing configurations. From a USB configuration perspective the Smart Pix supports a control pipe, 2 bulk pipes (IN/OUT) and an interrupt IN pipe. We use the control pipe for HID OUT reports and the interrupt IN pipe for HID IN reports. Our issue is limited to the use of the HID interface, therefore, the control and interrupt out pipes. We're seeing some widely disparate download times when communicating with the devices through the cable. Some of our preliminary testing has focused on the differences in the USBPORT.SYS device driver versions. Here's a list that shows what we found: Windows XP SP 1, USBPORT.SYS Version 5.1.2600.1106 -> 60 seconds with Hub 2.0 Version 5.1.2600.1151 -> 120 seconds with Hub 2.0 Version 5.1.2600.1243 -> 120 seconds with Hub 2.0 Version 5.1.2600.2180 -> 120 seconds with Hub 2.0 For this experiment, the application software, PC hardware device with data and Hub were kept constant. Can anybody shed some light on what could be causing the differences? Is there a way for me to find out what the specific changes were made in the driver versions? Thanks in advance for your assistance. Brad Tag: access NTFS ADS from kernel mode driver Tag: 92940
  - 9
    - code 10 Cannot start driver I just recently bought a new toshiba laptop and the cd-rw/dvd drive will now not play any of my program cd's and reads that there is a code 10 when i try to run it. It also doesn't recognize the drive in the network profile but has it as having a problem in the hardware file. The drive will not start. Will someone PLEASE help me out with this one. It would be greatly appreciated. Thanks Tag: access NTFS ADS from kernel mode driver Tag: 92935
  - 10
    - Vista bug in safe-removal of CardBus Hello I have a CardBus device that embeds a NEC USB 2.0 host controller. It's a multi-function PCI device with 3 PCI functions (2x OHCI, 1x EHCI). I plug it in a laptop installed with WinVista RTM 32-bit (Build 6000). The safe-removal tray shows the 3 host controllers part of the USB 2.0 host controller. Now when I safely remove one of them, they all disappear from the safe-removal tray. However, in the device manager things look painful: all Root Hub child devices are gone, the host I safely removed has an exclamation mark, but the two other hosts remain enabled (without their Root Hubs that is). To make things worse, I disabled and re-enanled one of the enabled hosts and guess what it could enumerate USB devices again; the host even popped up in the safe- removal tray again. I got myself a CardBus device with an embedded NXP ISP-1364 and tried the same. Vista did it wrong again. Safe removal works fine in Win2K and WinXP; all hosts are stopped. Vista's behaviour is similar to Win98. This is really sad for customers. When a customer safely removes the device, part of the device is still active. When the customer yanks out the device, Vista may still crash because one or two USB hosts are active (Note: all Windows versions will crash sooner or later when you unplug an active USB host controller). Tag: access NTFS ADS from kernel mode driver Tag: 92929
  - 11
    - Is it the only way to allocate a Power IRP using PoRequestPowerIrp? Hello, DDK says the we can use PoRequestPowerIrp to allocate a Power IRP send to the top of the driver stack when power policy owner receivce a system set-power IRP. Now, in my design, I need to duplicate the Device set-power IRP and send them to different device object below my driver. Is it the only way to allocate a Power IRP using PoRequestPowerIrp? Thanks. God will bless you and your family! Wayne Gong gong_weying@yahoo.com.cn Tag: access NTFS ADS from kernel mode driver Tag: 92921
  - 12
    - Sort-of-Newbie Question(s) Greetings! I have written once a communication device driver for Windows 95, then Windows 2000 many years ago... then life took me to higher level programming and I completely forgot about writing device drivers. Now, life takes me back to what seems to be a need to implement a device driver - this time for Windows XP and Vista. So, my first question (before starting to look for the right source of literature, development kits etc.) is: is the driver model for XP/ Vista still WDM (as introduced in Windows 98/2000)? Now... I am not really sure I must implement the virtual audio device that is needed for the system as device driver. My goal is to create an audio device that is available to other applications in the system (just like the default ones) - an audio device that is not really tied to hardware but takes its input from an incoming data stream and outputs it to a buffer that is read by another application. Thus, I am wondering: can this be accomplished only by writing a device driver? Or can this be done using user-mode Win32 API? If indeed I arrived to the right group (meaning this is a classic device driver task) could you please give me a hint or a tip what to look for when searching for a tutorial or even a sample for creating such a (virtual?) audio device? Thanks in advance, Don Tag: access NTFS ADS from kernel mode driver Tag: 92908
  - 13
    - Header Files for DX10 in WDK 6000 Dear all, Does anyone have any information regarding the header files that need for developed the display driver for DX10? The files, D3d10umddi.h and Dxgiddi.h, may be not packaged in WDK 6000. Thanks a lot~~~ Jason Tag: access NTFS ADS from kernel mode driver Tag: 92906
  - 14
    - uninstall an intermediate network filter driver? Does anyone have any information regarding the uninstallation of the ndis im driver programmatically? When removing a device (used passthru as an example) using the SetupDiCallClassInstaller's DIF_REMOVE command, the class installer fails to access the device. Manually one can remove it via the network adapter's service, however it cannot even be uninstalled manually via the device manager. So is there perhaps another method used? Any additional guidance would be appreciated! snippet from the setupapi.log: #-147 Loading class installer module for "Passthru Miniport". #V132 File "C:\WINDOWS\INF\certclas.inf" (key "certclas.inf") is signed in catalog "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5INF.CAT". #V286 Verification using alternate platform (Platform = 2, High Version = 5.1, Low Version = 5.0). #V132 File "C:\WINDOWS\system32\NetCfgx.dll" (key "NetCfgx.dll") is signed in catalog "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5.CAT". #-166 Device install function: DIF_REMOVE. #E154 Class installer failed. Error 5: Access is denied. Thanks! Tag: access NTFS ADS from kernel mode driver Tag: 92904
  - 15
    - ZwDeviceIoControl Hi, Can someone tell me which .lib file I need to link against when calling the ZwDeviceIoControl? Thanks, Prasanna Tag: access NTFS ADS from kernel mode driver Tag: 92897
  - 16
    - USB Device "Code 10" failure under Vista I have a kernel-mode driver (WDF) that works fine in all versions except for Vista. In Vista during driver installation I get a "This device cannot start (Code 10)" error. I believe I have traced it down to a call of WdfUsbTargetDeviceSelectConfig() which is returning STATUS_INVALID_PARAMETER. I'm confused because this driver works fine under non-vista versions (at least Win2k, and XP). Does anyone know of anything that might be causing this? I have examined the parameters and can't see where anyone of them is invalid. My call looks like: status = WdfUsbTargetDeviceSelectConfig(pDeviceContext->UsbDevice, WDF_NO_OBJECT_ATTRIBUTES, &configParams); Where pDeviceContext->UsbDevice was set with a call to WdfUsbTargetDeviceCreate() which returned STATUS_SUCCESS and configParams was initialized with WDF_USB_DEVICE_SELECT_CONFIG_PARAMS_INIT_SINGLE_INTERFACE() Thanks. Greg Tag: access NTFS ADS from kernel mode driver Tag: 92893
  - 17
    - What is WLH and WNET I am to build an x64 driver for AMD64 Windows XP, AMD64 Windows 2003 Server, and AMD64 Widows Vista. I am to use WDK 6000, the RTM build for Vista. I use nmake and set the environment as "fre AMD64 WNET". The resulting driver works fine in above AMD64 machines. Please first help me define the meaning of WLH and WNET. And then compare the differences between them. Thanks. Tag: access NTFS ADS from kernel mode driver Tag: 92888
  - 18
    - PCMCIA PCCARD Performance With a custom driver, my 16bit PCCARD shows poor performance. I'd like to know how can I increase the speed. The PCMCIA spec says that IO mode should reach 7.84MB/s, but I only see 0.18MB/s. The PcCard under development supports both IO and memory modes. With IO mode, each read is spaced 2 us apart. The actual read itself only takes 300ns, but there is a gap of no activity on the bus. I presume that this gap may be the result of the PCMCIA to PCI bridge that's involved. I have found that I can issue a READ_PORT_ULONG and get the bus to show two 16bit reads that are only ns apart. The next pair again comes only after a 1.7us wait. How can I have that kind of bus turnaround all the time? What can I do to reduce the time between reads? Is there a way to tune the PCMCIA driver? Are there a set of CIS tuples that would make a difference? The saddest part is the fact that on the same PC system, the Linux driver is able to go 5 to 6 times faster than the Windows driver. The main difference between the two is the way they setup and perhaps use the PCMCIA bridge. In either case, we want more performance. Any help would be greatly appreciated, Eric Tag: access NTFS ADS from kernel mode driver Tag: 92886
  - 19
    - problem in creating a new process(intereactive) in session 1 from session 0 in Vista i tried to spawn an intereactive process from driver installation service in vista but the GUI was not shown on desktop. This is for Vista-32 only I used the following approach in my driver installer: 1) Got the duplicate token of the explorer.exe(which always runs in session 1) and made it primary. 2) Passed this to CreateProcessAsUser. 3) During installation from Found New Hardware Wizard.. I got the error "rundll32" host process has stopped working" and could not got the GUI on desktop. Is it possible to create a new process in session 1 from session 0 if Yes then Please tell me an alternative way to create a new process(intereactive) in session 1 from session 0 in Vista. Thanks and Regards, Ajay Tag: access NTFS ADS from kernel mode driver Tag: 92885
  - 20
    - Is it a Bug for DTM in USB Digital TV Tuner Card Testing Hi everyone, I develop the driver for a USB Digital TV Tuner Card. I exactly followed the instruction of DTM to do the test on Vista. But after creating the submission, I found I am not "offered" the TV Tuner Test and the USB Test. But if I select "View By Driver" in Device Console and select my device in the list, the right tests disappear. Is this a bug for DTM? And anybody knows how to deal with this? I am appreciated to your reply. Tag: access NTFS ADS from kernel mode driver Tag: 92881
  - 21
    - Understanding Basics Hi All, I am basically an application developer and i am new to driver world. I am tasked to develop an application which talks to an API. This API will inturn talk to USB-Serial driver. I have the binaries of API and driver available with me. I have few questions which may be basics to everyone this group. I am excited to know the internals of what the API and driver does. 1) The application which i need to develop uses the API to talk to USB- Serial. I want to know to which end my application will initiate the calls. Is it the serial end or USB end? My assumption is my app will talk to serial end which inturn converts the serial requests to USB. 2) If the answer for above question is serial interface first, then I guess i need to configure the serial port settings i.e. baud rate etc.. and write some data to serial interface in my app. 3) How can i test the USB-serial data transfer? My assumption is at one end i use hyperterminal or similiar application and at other end i have an application which has handle to USB device and waits for the data. If the data matches it should be correct. These questions may sound pretty easier to all of you, but help me to understand the architecture. Thank You. Regards, Tim Tag: access NTFS ADS from kernel mode driver Tag: 92879
  - 22
    - Problem in porting USBD_CreateConfigurationRequestEx to KMDF Hi, I have ported the USB part of NDIS-WDM driver from to KMDF. I am facing issue while porting the configuration select function. My device has 1 configuration and 1 Interface with 6 alternate settings so I call UsbPhyConfigureDevice routine for each of the AltSetting:- The NDIS-WDM piece of code is as under:- for (AltSetting = 0; AltSetting <= MAX_DOWN_RATE_TABLE_SIZE; AltSetting ++) { DataInterfaceDescriptor = USBD_ParseConfigurationDescriptorEx( ConfigurationDescriptor, ConfigurationDescriptor, USB_PHY_DATA_INTERFACE_INDEX, AltSetting, -1, -1, -1); if ( NULL == DataInterfaceDescriptor) { DBGPRINT( DBG_PRINT_MODULE_USB_ALL, DBG_PRINT_LEVEL_ERR, ("Device has no data class interfaces alternate setting %u \n",AltSetting)); return( STATUS_UNSUCCESSFUL); } InterfaceList[USB_PHY_DATA_INTERFACE_INDEX].InterfaceDescriptor = DataInterfaceDescriptor; UsbPhy->DataInterfaceOnAlternateSetting = AltSetting; // Configure the device NtStatus = UsbPhyConfigureDevice( UsbPhy, ConfigurationDescriptor, InterfaceList); } NTSTATUS UsbPhyConfigureDevice( PUSB_PHY UsbPhy, PUSB_CONFIGURATION_DESCRIPTOR ConfigurationDescriptor, PUSBD_INTERFACE_LIST_ENTRY InterfaceList ) { NTSTATUS NtStatus; PURB Urb; PUSBD_INTERFACE_INFORMATION DataInterface; DBGPRINT( DBG_PRINT_MODULE_USB_ALL, DBG_PRINT_LEVEL_TRACE, ("UsbPhyConfigureDevice\n")); ASSERT( UsbPhy); ASSERT( ConfigurationDescriptor); ASSERT( InterfaceList); // // Create the URB for the configuration request. Prior to submitting the // URB to USBD for processing, we can alter the default settings for each // interface as desired. // Urb = USBD_CreateConfigurationRequestEx( ConfigurationDescriptor, InterfaceList); if ( NULL == Urb ) { return( STATUS_INSUFFICIENT_RESOURCES); } /* ISO pipe requires user to indicate the maximum Transfer size. ** We are allocating 64k (0xFFFF) transfer size. ** This variable probably allocates memory in the host controller */ DataInterface = InterfaceList[USB_PHY_DATA_INTERFACE_INDEX].Interface; DataInterface->Pipes[0].MaximumTransferSize = 0xFFFF; // // Pass the configuration request to USBD with the default settings // NtStatus = UsbPhyCallUSBD( UsbPhy, Urb); if ( !NT_SUCCESS( NtStatus)) { DBGPRINT( DBG_PRINT_MODULE_USB_ALL, DBG_PRINT_LEVEL_ERR, ("Configure attempt failed\n")); FREE_MEMORY( Urb, sizeof(URB)); return( NtStatus); } DataInterface = InterfaceList[USB_PHY_DATA_INTERFACE_INDEX].Interface; // // Save the handle for this configuration as well as the interface // information needed when changing the device settings (i.e changing // the alternate setting for an interface) // UsbPhy->ConfigurationHandle = Urb->UrbSelectConfiguration.ConfigurationHandle; UsbPhy->DataInterfaceNumber = DataInterface->InterfaceNumber; return( STATUS_SUCCESS); } This Above piece of code is working fine. The ported function is:- pDeviceContext = GetWdfDeviceInfo(gFMiniportDevice); if(pDeviceContext == NULL) return NULL; UsbInterface = WdfUsbTargetDeviceGetInterface( pDeviceContext->Adapter.FUsbDevice, USB_PHY_DATA_INTERFACE_INDEX); for (AltSetting = 0; AltSetting <= MAX_DOWN_RATE_TABLE_SIZE; AltSetting++) { WdfUsbInterfaceGetDescriptor(UsbInterface, AltSetting, DataInterfaceDescriptor); if ( NULL == DataInterfaceDescriptor) { DBGPRINT( DBG_PRINT_MODULE_USB_ALL, DBG_PRINT_LEVEL_ERR, ("Device has no data class interfaces alternate setting %u \n",AltSetting)); return( STATUS_UNSUCCESSFUL); } // Configure the device NtStatus = UsbPhyConfigureDevice(UsbPhy, ConfigurationDescriptor, DataInterfaceDescriptor); } NTSTATUS UsbPhyConfigureDevice( PUSB_PHY UsbPhy, PUSB_CONFIGURATION_DESCRIPTOR ConfigurationDescriptor, PUSB_INTERFACE_DESCRIPTOR DataInterfaceDescriptor ) { NTSTATUS NtStatus; int i; WDF_OBJECT_ATTRIBUTES PipeAttrib; PWDF_DEVICE_INFO pDeviceContext = NULL; WDF_USB_DEVICE_SELECT_CONFIG_PARAMS configParams; PUSB_INTERFACE_DESCRIPTOR InterfaceDescriptors[MAX_NUM_OF_INTERFACES]; DBGPRINT( DBG_PRINT_MODULE_USB_ALL, DBG_PRINT_LEVEL_TRACE, ("UsbPhyConfigureDevice\n")); ASSERT( UsbPhy); ASSERT( ConfigurationDescriptor); ASSERT( DataInterfaceDescriptor); InterfaceDescriptors[0] = DataInterfaceDescriptor; pDeviceContext = GetWdfDeviceInfo(gFMiniportDevice); if(pDeviceContext == NULL) return NULL; WDF_USB_DEVICE_SELECT_CONFIG_PARAMS_INIT_INTERFACES_DESCRIPTORS( &configParams, ConfigurationDescriptor, InterfaceDescriptors, MAX_NUM_OF_INTERFACES); WDF_OBJECT_ATTRIBUTES_INIT(&PipeAttrib); WDF_OBJECT_ATTRIBUTES_SET_CONTEXT_TYPE(&PipeAttrib, USB_PIPE_STRUCTURE); NtStatus = WdfUsbTargetDeviceSelectConfig(pDeviceContext- >Adapter.FUsbDevice, &PipeAttrib, &configParams); if (NT_SUCCESS(NtStatus)) { UsbPhy->NumberConfiguredPipes = WdfUsbInterfaceGetNumConfiguredPipes(UsbPhy->UsbInterface); } return( STATUS_SUCCESS); } WdfUsbTargetDeviceSelectConfig return NtStatus NT_SUCCESS but My device is coming as "Disabled" under network Connections. I am not even able to enable the device. Am I missing out something? Not even able to shutdown the device. Please help. I dont know how to set the default configuration while selecting the configuration. Tag: access NTFS ADS from kernel mode driver Tag: 92876
  - 23
    - Using Ndis WDM with a 32 bit microcontroller I got a microcontroller connected over a pci bridge to my pc. This controller got its own ethernet controller, 32 bit cpu and other peripherals like gpio. I want to use microcontrollers ethernet controller for my internet connection. For that purpose a small driver, running on the microcontroller, will sent me interrupts over pci and vice versa. Is it possible to use a Ndis WDM driver and modify it to make DMA transfers to controllers memory?(Pci bridge got a DMA channel) Or should i develop a WDM pci driver and use it with Ndis WDM driver? Did someone tried that before? How robust will be this model? Tag: access NTFS ADS from kernel mode driver Tag: 92875
  - 24
    - NdisMEthIndicateReceive - porting to ndis 6.0 Hi, Please let me know if someone knows the mechanism of porting NdisMEthIndicateReceive fuinction to ndis 6.0. Theres no direct replacement; neither could i find the explained theory of indicating ethernet packet to ndis 6.0. Think it could be done with NdisMIndicateReceiveNetBufferLists. Pleae reconfirm.. Tanks of thanks! shweta Tag: access NTFS ADS from kernel mode driver Tag: 92873
  - 25
    - Padding ethernet packet (net buffer list) with NdisRetreatNetBufferDataStart !? Hi, I m padding ethernet packet (= net buffer list) to make it 64B long. If I use NdisRetreatNetBufferDataStart then the data space allocated in net buffer list will be filled up with zeros? Please reconfirm.. Thanks a ton in advance! Shweta Tag: access NTFS ADS from kernel mode driver Tag: 92871
- Next
  - 1
    - Evenafter IRR is set, the interrrupt service routine didn't execute Hi All, We have a board which has it's own 8253[PIT] and 8259[PIC]. The 8253 is configured to raise a timer interrupt on every 20ms and 8259 is configuered to fw that request to the device driver. In normal case, the things work fine, 8253 raises interrupt in every 20ms and driver interrupt service routine is executed. The problem happens if the application run for long time[ >1day], driver interrupt service routine is never called-up, eventhough the 8253 raises the timer interrupt. So I added some diagnostic code to dump the values of the 8253 and 8259 internal registers during failure cases. This shows that 8253 is counting and re-counting without any problem. IMR registers is not masking the timer interrupt, however IRR register shows that the bit which corresponds to the timer interrupt is already set, ISR register is not having that bit set. Based on this, I conclude that, 8253 raises the interrupt and IRR is set correctly, but 8259 is waiting for the CPU to sent the INTA, but it didn't happen, so it couldn't set ISR and fw the request to the driver. The question I have here is, What should be done to identify why the CPU didn't sent INTA? any other ideas? Thanks. Tag: access NTFS ADS from kernel mode driver Tag: 92870
  - 2
    - device driver upgrade problem Hi, I have a problem with upgrade. I have a package which includes updated .inf and .sys files. From log I see that files are copied to drvstore and installation/upgrade is done (fresh installation works fine) - but after that (in upgrade) difxapp finds another copy of the driver with same component ID and uninstalls it. Result is that when I try to do upgrade difxapp uninstalls my driver. The reason why it finds another copy of the driver is that in upgrade it copies files to different folder in drvstore than in fresh installation. Folder name includes a code or ID number (I'm not sure what code is it). So my question is ... should it behave like this ? why it copies files to different folder ? and what should I do to avoid this ? My driver is not signed (yet), I have mainly tested with XP (also win2000) and I'm using installshield 12 to make a package (but I dont think the problem is there ...). Any suggestions are welcome :) Jussir Tag: access NTFS ADS from kernel mode driver Tag: 92869
  - 3
    - fail to write files in SystemRoot in Vista Hi, I have a driver that works well in WinXP. In this driver, device property page write some information in systemroot directory. (just like logging files). But in Vista, the property page fails to write because it has no authority, so some relative feature can't work. 1. I've tried to change the writing file to non-system directory, but I found that INF failed to use dirIDs failed. [DestinationDirs] CopyFiles.ProperPageLog = 53, VendorDir ;try to copy to user profile directory the 53 dirID works in winXP but no in Vista, I've tried "25 (Shared Directory)", "16427 (Program Files\Common)"...they all fail in Vista. 2. another question, if I copy the files in installation package, how to access this diretory in dirver (ex. "16427 Program Files\Common")? As far as know, the \\SystemRoot refer to "c:\windows", but can't access other directory. I think absolute directory like \\dosdevices\\c:\\ is bad idea. I'm not sure I'm in right way, please help me and thanks! Tag: access NTFS ADS from kernel mode driver Tag: 92868
  - 4
    - peculiar observation with AMD64Bit and Intel Dual Core Machines, in Low Powered States Hi, I Have a peculiar observation with AMD64Bit and Intel Dual Core Machines in low Powered States. Operating System : WinXP SP2. 32 - Bit OS Machine : Intel PIV, Intel Chip Set With the above configuration machine, Go to low powered state, Disconnect the any USB device in the low powered state, ReConnect the USB device in the low powered state, and then come back from the low powered state. Under these conditions i get a if i try to access the device as soon as i am back from the low powered state i get a STATUS_DEVICE_NOT_CONNECTED status and then the driver unloads and reloads and works fine. But the same procedure if i follow with the following machine, Operating System : WinXP SP2. 32 - Bit OS Machine : Either Intel Core Duo or AMD 64 i do not get a STATUS_DEVICE_NOT_CONNECTED instead i get a STATUS_SUCCESS and device functions properly. Why is this happening ??? Thanks and Regards, Neo Tag: access NTFS ADS from kernel mode driver Tag: 92867
  - 5
    - Padding ethernet packet (net buffer list) with NdisRetreatNetBufferDataStart !? Hi, I m padding ethernet packet (= net buffer list) to make it 64B long. If I use NdisRetreatNetBufferDataStart then the data space allocated in net buffer list will be filled up with zeros? Please reconfirm.. Thanks a ton in advance! Shweta Tag: access NTFS ADS from kernel mode driver Tag: 92866
  - 6
    - Evenafter IRR bit is set there is no Interrupt service routine execution... We have a board which has it's own 8253[PIT] and 8259 [PIC]. The 8253 is configued to raise an interrupt in every 20ms. Everything works fine, However in long run the driver stopped to get the timer interrupt. So I added some diagnostics code which dumps the internal registers of 8253 and 8259 during the failure case. This log shows that the 8253 is counting correctly. The IMR is not masking the timer interrupt and the bit corresponds to the timer interrupt is set in the IRR. The timer interrupt bit is not set in the ISR register. So conclusion I made here is that, 8253 raised on timer interrupt and corresponding bit in IRR is set and it's waiting for the CPU to sent the INTA, however the CPU is not acknowledging, so driver interruptServiceRoutine is not called-up. Question I have here is, What should be done to identify why the CPU didn't send INTA? What should be done to identify why the InterruptServiceRoutine is not called-up? Thanks. Tag: access NTFS ADS from kernel mode driver Tag: 92864
  - 7
    - problem about 2 Notification Events Dear all: I create 2 event objs, one in Application and the other in Driver.I ues them to notify each other. 1) the App create a new thread to wait for the event Driver will set 2)Driver sets the event that the thread waits for, then Driver turns to wait for the other event <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< In Application : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< unsigned ThreadId; DWORD BytesReturned; // to get the Device handle // hDevice=CreateFile(MY_DEVICE_NAME,GENERIC_READ | GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); // //create an event // hShareE = CreateEvent(NULL,TRUE,FALSE,NULL); // //send a IRQ to driver with the event handle // DeviceIoControl(hDevice,SHARE_EVENT_CRT,&hShareE,4,NULL,0,&BytesReturned,NULL); // //create a new thread // _beginthreadex(NULL,0,&ppppp,(void*)hShareE,0,&ThreadId); <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< In a new thread: <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< unsigned __stdcall ppppp(void*(hShareE)) { while(1) { //wait // WaitForSingleObject((HANDLE) hShareE,INFINITE); // //notify user // ::MessageBox(NULL,"Event Set!",NULL,MB_OK); ResetEvent((HANDLE) hShareE); } _endthreadex(0); return 0; } <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< In Driver: <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< //event name ,handle, pointer // WCHAR wEventNameBuf[]=L"\\BaseNamedObjects\\SharedEvent"; UNICODE_STRING uEventName; PKEVENT pEventApp,pEventDrv; HANDLE hEventDrv,hEventApp; // //mutex // KMUTEX H_FuncMutex; //IRQ about creating event // case SHARE_EVENT_CRT: RtlCopyMemory(&hEventApp,pIrp->AssociatedIrp.SystemBuffer,4); // //get the pointer from handle of event that the App created // ObReferenceObjectByHandle(hEventApp,EVENT_MODIFY_STATE,*ExEventObjectType,pIrp->RequestorMode,(PVOID*) &pEventApp,NULL); //driver creates the other event // RtlInitUnicodeString(&uEventName,wEventNameBuf); pEventDrv = IoCreateNotificationEvent(&uEventName,&hEventDrv); if(pEventDrv != NULL) KeClearEvent(pEventDrv); break; <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< A hook func in Driver: <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< //get in Critical section // KeWaitForMutexObject(&H_FuncMutex,Executive,KernelMode,FALSE,NULL); // //set the event to notify the new thread // KeSetEvent(pEventApp, IO_NO_INCREMENT, TRUE); //wait for the other event // KeWaitForSingleObject((PKEVENT)pEventDrv,Executive,UserMode,0,0); KeClearEvent(pEventDrv); //get out Critical section // KeReleaseMutex(&H_FuncMutex,FALSE); In the hook func, KeSetEvent is successful, but the thread is not active. and, if i delete the followings: <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< //wait for the other event // KeWaitForSingleObject((PKEVENT)pEventDrv,Executive,UserMode,0,0); KeClearEvent(pEventDrv); <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< the thread will be active. somebody know what happen, and how to solve it. Thank you!! Tag: access NTFS ADS from kernel mode driver Tag: 92856
  - 8
    - re:Cant_find_a_driver_this_site_will_Ask_MDREPAIRS Cant_find_a_driver_this_site_will_Email_Mark http://www.mdrepairs.com Tag: access NTFS ADS from kernel mode driver Tag: 92854
  - 9
    - re:Cant_find_a_driver_this_site_will_Ask_MDREPAIRS Cant_find_a_driver_this_site_will_Email_Mark http://www.mdrepairs.com Tag: access NTFS ADS from kernel mode driver Tag: 92853
  - 10
    - How to get ShutdownType and SystemState in kmdf driver? WDM power management irp provides ShutdownType and SystemState information. But the kmdf power management callback functions EvtDeviceArmWakeFromSx and EvtDeviceDisarmWakeFromSx don't have these information. How can the kmdf driver power management functions get these information from kmdf if it need these information? -- johnzchen Tag: access NTFS ADS from kernel mode driver Tag: 92852
  - 11
    - How to track window changes ? Hi, I need to have a user application receive some notification whenever it's visibility changes. For example, I need to know when the window becomes partially or completely covered up, when something that had obscured part of the window is removed making more of the window visible, or when the window is destroyed, etc. I'm using windows XP / XP embedded. I am also writing a KMDF driver for a device that is display-related, but I am not writing, nor can I modify the display driver itself. Here is the original approach: The user app could pass the window handle to the driver. The driver could call EngCreateWnd, and specify a WNDOBJCHANGEPROC callback that would get invoked when GDI changes the window visibility. The driver could pass a list of visible rectangles back to the user app. The problem with this approach is that I don't have access to any of the SURFOBJ information that is needed by the EngCreateWnd call to create the window object. I have also considered the method identified in "Tracking Window Changes" http://msdn2.microsoft.com/en-us/library/ms797870.aspx but the application's ExtEscape call needs a device context. From what I can tell, this "Device Context" is different from a device context which I define for my device. That makes me think that the DrvEscape will be invoked in the display driver, not my driver. Does anyone know how a driver can get the needed information to do this ? Or better yet, is there possibly something we are missing in the user mode interface that can notify an application when when window visibility changes? (This would be more that just a Paint Event) Thanks in advance, Jay Tag: access NTFS ADS from kernel mode driver Tag: 92850
  - 12
    - DTM: INFTest failure Hi All, I'm trying to complete "Driver Reliability" tests on the driver using DTM on Vista x86. And every time I got INFTest failure with the log like following: === Inftest is running ... Command line: "C:\WTT\JobsWorkingDir\Tasks\WTTJobRun46B67F2B-7841-4AA6-829D-685B8C0D7C91\i386\inftest.exe" -wdk -p C:\WTT\JobsWorkingDir\Tasks\WTTJobRun46B67F2B-7841-4AA6-829D-685B8C0D7C91 -f /LG -l C:\Windows\inf\ Current directory : C:\WTT\JobsWorkingDir\Tasks\WTTJobRun46B67F2B-7841-4AA6-829D-685B8C0D7C91 Passing extra flags to Chkinf: /LG FindPerl : ChkinfPath = C:\WTT\JobsWorkingDir\Tasks\WTTJobRun46B67F2B-7841-4AA6-829D-685B8C0D7C91 FindPerl : perl.exe found on the system! Setting chkinf directory as : C:\WTT\JobsWorkingDir\Tasks\WTTJobRun46B67F2B-7841-4AA6-829D-685B8C0D7C91\chkinf.bat Processing command line ... Find First File operation failed! Bailing out ... Could not find user specified INF files. Bailing out ...Could not expand user supplied lists of infs into individual filenames. Running InfTest : Could not expand user supplied list of infs. Clearing list of infs ... Processing command line ... DONE! The inftest check failed to run. Please check the debug logs for more information. === Also, I cannot find any ways to contact DTM support team directly. Any help very appreciated! Tag: access NTFS ADS from kernel mode driver Tag: 92844
  - 13
    - Removal of Protocol driver with Device Driver Is there an approved method for a driver to request the removal of a proprietary network protocol which is installed with the driver? The reason I ask is that I wish to change the interface name the protocol uses, and while the protocol gets installed with the driver, it does not appear to get uninstalled with the driver. When an updated driver is later installed, the protocol associated with it does not appear to get installed because the old protocol from the previous driver is still resident. Tag: access NTFS ADS from kernel mode driver Tag: 92829
  - 14
    - Driver unInstallation problem on Vista/XP - 64 bit Hi List, Basically I have a echo driver with the property (start type = 1). I am using DIFx API to install and unInstall this driver. Installation seems to go through fine. after this, for loading the echo driver, I reboot the system and drivers get loaded. Now if I try Un-Installing the drivers, it fails to do so. When I see the detailed log, it says "Trying to unload the driver", "retrying to unload the driver" and finally it gives up saying "you need to reboot the system". However as per the requirement I should be able to install and uninstall the drivers without reboot. My question is what may be the reason for this failure? Also Is there a way to tell DIFx API not to try unloading the driver; but simply uninstall them. Any pointers would be of great help. TIA Regards Jatin Tag: access NTFS ADS from kernel mode driver Tag: 92825
  - 15
    - Error No 800B0101 While Using DifXApi.dll Hi, I have been trying to install a particular device driver using difxapi.dll on vista32 platform. Although i am able to load the dll but when i call the "DriverPackageInstallA" with the path of the inf file and other parameters, i am getting an error message 0x800B0101. I looked out for this error and found out that it means "A required certificate is not within its validity period.". But i am unable to understand how it relates to my module. Can anyone please tell me where the problem could be? Tag: access NTFS ADS from kernel mode driver Tag: 92824
  - 16
    - problem about 802.11 miniport driver indicating NDIS_STATUS_DOT11_CONNECTION_COMPLETION I have a 802.11 miniport driver for Vista, and my user mode app use a private OID to transfer all the other OIDs(such as OID_DOT11_RESET_REQUST) to the miniport driver, to query or set. Then the app send OID to the miniport "bypass" the nwifi IM driver. For some reason I must use a app to control my miniport instead of ACM. The problem is: I use my app to make the driver connect a AP, the miniport driver connect the AP and indicate NDIS_STATUS_DOT11_CONNECTION_COMPLETION as well as NDIS_STATUS_DOT11_ASSOCIATION_COMPLETION(I can see it by dbgview, auth and assoc is OK), but if I use ipconfig, it show that the media is disconnect. But I use the Vista's ACM to connect the AP with same miniport driver, and the driver also indicate the NDIS_STATUS_XXX, ipconfig show that media is connected. Why? Do the nwifi IM driver need some else information to decide the media state? Because of "bypass" the IM driver? I tried to send OID directly to IM, but some OIDs failed, such as OID_DOT11_RESET_REQUST. It seems that the IM driver do NOT allow some OIDs to get to miniport. Thanks for your help! -- Arthur Tu best regards Tag: access NTFS ADS from kernel mode driver Tag: 92822
  - 17
    - Kernel Mode Encryption API's : Help Needed. I want to do kernel mode AES encryption beacuse i am developing a encryption filter driver. Is there any k-mode library available for the same? Plz Help. Regards, Aman. Tag: access NTFS ADS from kernel mode driver Tag: 92821
  - 18
    - Porting of TransferDataHandler function to ndis 6.0 Hi, I have this doubt regarding porting TransferDataHandler function that was previously getting registered to ndis 5.1 through NDIS_MINIPORT_CHARACTERISTICS -> TransferDataHandler. i just want to reconfirm if in NDIS 6.0, its getting registered through NDIS_MINIPORT_DRIVER_CHARACTERISTICS->MiniportOidRequest- >NDIS_OID_REQUEST->RequestType= NdisRequestTransferData . DDK says that this request type is redundant. Thanks a ton in advance! shweta Tag: access NTFS ADS from kernel mode driver Tag: 92820
  - 19
    - update: WDK 6000 build.exe dependency issue I reported this issue to the NDIS team during our weekly call with MSFT. Now I got an ACK that the WDK team is able to reproduced in Redmond. It's being taken care of. -- Calvin Guan (expiring DDK MVP) Sr. Staff Engineer NetXtreme NTX Miniport Broadcom Corporation Connecting Everything(r) Tag: access NTFS ADS from kernel mode driver Tag: 92796
  - 20
    - FilterAttach gives 0x80070032, different results on different computers, same code given usermode program tester.exe and kernel minifilter tester.sys and tester.inf, and cleaning out all tester.* from c:\winnt\*, and removing all pertinant "tester" fom the registery, using the same compiled code on two machines, I install the usermode program (which is a service) and the driver with: sc create testerService binpath= c:\tester\tester.exe rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 c:\tester \tester.inf sc queryex testerService sc queryex testerDriver and both are loaded. Everything else I can think of being equal, upon starting the service, one machine calls FilterAttach() successfully and one machine receives 0x80070032 from FilterAttach() !!! What to do!? it appears that the returned hr is encoding ERROR_NOT_SUPPORTED, so what to do! I can find ZERO documentation on this behavior short of my previous and somewhat related post. the difference being that this error is being received not on a single attempted FilterAttach(). Tag: access NTFS ADS from kernel mode driver Tag: 92795
  - 21
    - FilterAttach gives 0x80070032, different results on different computers, same code given usermode program tester.exe and kernel minifilter tester.sys and tester.inf, and cleaning out all tester.* from c:\winnt\*, and removing all pertinant "tester" fom the registery, using the same compiled code on two machines, I install the usermode program (which is a service) and the driver with: sc create testerService binpath= c:\tester\tester.exe rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 c:\tester \tester.inf sc queryex testerService sc queryex testerDriver and both are loaded. Everything else I can think of being equal, upon starting the service, one machine calls FilterAttach() successfully and one machine receives 0x80070032 from FilterAttach() !!! What to do!? it appears that the returned hr is encoding ERROR_NOT_SUPPORTED, so what to do! I can find ZERO documentation on this behavior short of my previous and somewhat related post. the difference being that this error is being received not on a single attempted FilterAttach(). Tag: access NTFS ADS from kernel mode driver Tag: 92794
  - 22
    - FilterAttach gives 0x80070032, different results on different computers, same code given usermode program tester.exe and kernel minifilter tester.sys and tester.inf, and cleaning out all tester.* from c:\winnt\*, and removing all pertinant "tester" fom the registery, using the same compiled code on two machines, I install the usermode program (which is a service) and the driver with: sc create testerService binpath= c:\tester\tester.exe rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 c:\tester \tester.inf sc queryex testerService sc queryex testerDriver and both are loaded. Everything else I can think of being equal, upon starting the service, one machine calls FilterAttach() successfully and one machine receives 0x80070032 from FilterAttach() !!! What to do!? it appears that the returned hr is encoding ERROR_NOT_SUPPORTED, so what to do! I can find ZERO documentation on this behavior short of my previous and somewhat related post. the difference being that this error is being received not on a single attempted FilterAttach(). Tag: access NTFS ADS from kernel mode driver Tag: 92793
  - 23
    - DriverEntry return question After my driver is installed, it has discovered at DriverEntry time that the registry has not been set up correctly, it returns STATUS_REGISTRY_CORRUPT and the XP Home Sp2 system crashes.... bummer. What should be returned from a driver if the driver cannot initialize and wants to be taken out of the game? -- Gak - Finecats Tag: access NTFS ADS from kernel mode driver Tag: 92790
  - 24
    - Error Handling In Port Monitor Is it appropriate to pause or cancel print jobs under error conditions (via SetJob) from a Port Monitor or Language Monitor rather than just return a null to the Spooler for StartDocPort / WritePort / EndDocPort? Is there a specification of what the spooler expects the PM / LM to do under error conditions? Thanks for your help! Tag: access NTFS ADS from kernel mode driver Tag: 92789
  - 25
    - Protocol Removal Is there an approved method for a driver to request the removal of a proprietary network protocol which is installed with the driver? The reason I ask is that I wish to change the interface name the protocol uses, and while the protocol gets installed with the driver, it does not appear to get uninstalled with the driver. When an updated driver is later installed, the protocol associated with it does not appear to get installed because the old protocol from the previous driver is still resident. Tag: access NTFS ADS from kernel mode driver Tag: 92781

Hi,

I read some sample codes from MSDN site about NTFS ADS "alternate data
stream" but they're for user mode program. I want to access it in a kernel
mode driver. Can anyone give me a hint please?

Thanks,

Ken

Top

Re: access NTFS ADS from kernel mode driver by cristalink

cristalink
Wed Mar 14 19:46:16 CDT 2007

Exactly in the same way - append :stream_name to the file name.

"kenh59" <kenh59@discussions.microsoft.com> wrote in message
news:C157A845-434D-4DE3-BCEB-C41EF8AFE961@microsoft.com...
> Hi,
>
> I read some sample codes from MSDN site about NTFS ADS "alternate data
> stream" but they're for user mode program. I want to access it in a kernel
> mode driver. Can anyone give me a hint please?
>
> Thanks,
>
> Ken

Top

Re: access NTFS ADS from kernel mode driver by kenh59

kenh59
Fri Mar 16 19:49:30 CDT 2007

Thanks and I did the following and found it did work:

UNICODE_STRING fileNameUnicodeString;
OBJECT_ATTRIBUTES objectAttributes;
HANDLE hFileHandle, hStreamHandle;
NTSTATUS rc, rc2;
IO_STATUS_BLOCK IoStatus;
#define BUFFER_SIZE 50
CHAR buffer[BUFFER_SIZE]="test reading NTFS ADS from kernel mode";
size_t cb;
LARGE_INTEGER byteOffset;

RtlInitUnicodeString( &fileNameUnicodeString,
L"\\DosDevices\\C:\\TEST\\test-ads.txt:ads.txt");

InitializeObjectAttributes( &objectAttributes, &fileNameUnicodeString,
OBJ_CASE_INSENSITIVE, NULL, NULL );

rc = ZwCreateFile( &hFileHandle,
GENERIC_READ,
&objectAttributes, &IoStatus, NULL,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL, 0 );

if ( rc == STATUS_SUCCESS ) {
byteOffset.LowPart = byteOffset.HighPart = 0;
rc2 = ZwReadFile(hFileHandle, NULL, NULL, NULL, &IoStatus,
buffer, BUFFER_SIZE, &byteOffset, NULL);

if(rc2 == STATUS_SUCCESS) {
buffer[BUFFER_SIZE-1] = '\0';
DbgPrint(" %s\n", &buffer[0]);
}
else
DbgPrint("*** fail to ZwReadFile and error code = %x ***\n", rc2);

ZwClose(hFileHandle);
}
else
DbgPrint("*** fail to open %wZ and error code = %x
***\n",&fileNameUnicodeString, rc);

"cristalink" wrote:

> Exactly in the same way - append :stream_name to the file name.
>
>
>
> "kenh59" <kenh59@discussions.microsoft.com> wrote in message
> news:C157A845-434D-4DE3-BCEB-C41EF8AFE961@microsoft.com...
> > Hi,
> >
> > I read some sample codes from MSDN site about NTFS ADS "alternate data
> > stream" but they're for user mode program. I want to access it in a kernel
> > mode driver. Can anyone give me a hint please?
> >
> > Thanks,
> >
> > Ken
>
>
>

Top