Problem with paths to files (in Kernel Mode)

Home Forums Discussions General Discussion Problem with paths to files (in Kernel Mode)

This topic contains 3 replies, has 3 voices, and was last updated by  lovepkfilter 10 years ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #5135

    Samael6
    Participant

    Hello,
    I have written small NtCreateFile intercepter (legacy driver). It will a filter with a list of denied files.
    But I have a problem with paths to files.
    The problem is in the next: windows has a several types for paths (DOS path, UNC, using symbolic links, etc). For example, I have seen these variants:


    - ??C:dirfile.ext
    - DosDevicesC:dirfile.ext
    - GLOBAL??C:dirfile.ext
    - DeviceHarddisk0Partition1dirfile.ext
    - DeviceHarddiskVolume1dirfile.ext
    - ??C:WINDOWSsystem32shell32.dll
    - DeviceLanmanRedirectorPHILKALINEAGE II - INTERLUDE (shared resource on PHILKA)
    - ??UNCPHILKALINEAGE II - INTERLUDE (again)
    - DEVICEHARDDISKVOLUME2PROGRAM FILESDEBUGVIEWDBGVIEW.EXE (starting app)

    As you can see, there are different variants to call a file.
    How can I support all these types? Is it possible to reduce all these types to one (any one)?

    Thank you.

    #6455

    Samael6
    Participant

    I have found a solution.
    No more help needed

    #6456

    alex_s
    Participant

    @samael6 wrote:

    I have found a solution.
    No more help needed

    VolumeDeviceToDosName ?

    #6457

    lovepkfilter
    Participant

    @alex_s wrote:

    @samael6 wrote:

    I have found a solution.
    No more help needed

    VolumeDeviceToDosName ?

    3ks alex_s

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.