ZwCreateFie Problem Please Help

[Shalini]

Hi
I am using ZwCreateFile to open my PhysicalDrive0 from the Filter driver
that i have written.
For example i write that in the DriverEntry function as this

RtlInitUnicodeString( &fileNameUnicodeString, L"\\Device\\Harddisk0");
InitializeObjectAttributes( &objectAttributes, &fileNameUnicodeString,
OBJ_CASE_INSENSITIVE, NULL, NULL );
rc = ZwCreateFile( &hFileHandle, SYNCHRONIZE|FILE_ANY_ACCESS,
&objectAttributes,
&IoStatus,
NULL,
0,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FI
LE,
NULL,
0);

KdPrint((DRIVERNAME "Created the File %X\n",hFileHandle));
But always the hFileHandle is NULL.
and also the NTSTATUS returns -1073741788.
The Win32 error code for the NTSTATUS would be 6 saying invalid handle.

I also tried other ways namely "\\\\.\\PhysicalDrive0 or
\\Device\\PhysicalDrive0 but any time it was not successful

Apart from ZwCreateFile is it possible to access raw sectors from the Hard
disk,
If there is any other way also i can use that actually..
I thought i could use ZwCreateFile and then ZwReadFile to read some sectors
from the disk.
If there is any other way to read raw sectors i cud also use that


Any hints/Suggestions?

Thanks and Expecting ur replies
Regards
Shal

 

[aphillips]

I too am trying to access raw disk sectors (from user mode). I have
been able to using CreateFile but there are several annoyances with
that (see below). So I tried using NtOpenFile/NtCreateFile (which is
the user mode equivalent of ZwOpenFile/ZwCreateFile I believe).

Anyway I also found that you can't open "\device\harddisk0" using
NtCreateFile, while "\device\harddisk0\partition0", "\device\floppy0"
and "\device\cdrom0" all work fine. I assume that is because
"\device\harddisk0" is a "directory" and not a "file" - like trying to
open "\device".

I don't want to just access a partition but the whole device. I assume
there is something like "\device\harddisk0\wholedevice" but I haven't
been able to find any documentation if that is the case.

Using CreateFile

I have used CreateFile to open "\\.\PhysicalDrive0" and even
"\\.\CdRom0" OK, but I have had problems keeping the code consistent
between devices/OS versions and have found little annoying problems:

1. CreateFile cannot open "\\.\Floppy0". The only way I have found to
open a floppy is using "\\.\A:" but I want to be able to access all
devices even if not mounted on a volume letter.

2. Finding the size of the device is a problem. I can use
IOCTL_DISK_GET_LENGTH_INFO under XP but it does not work under Windows
2000/NT and does not work for floppies. I can calculate the size using
IOCTL_DISK_GET_DRIVE_GEOMETRY but this does not allow for reserved
sectors before the first cluster (boot sector etc). I could work it
out from value in the boot sector but I want this to work with any disk
not just one using NTFS or FAT.

What I ended up doing was using "\\.\PhysicalDrive0" for hard disks and
"\\.\A:" for floppies. I use IOCTL_DISK_GET_DRIVE_GEOMETRY to get the
approximate disk size then do a "binary search" out from the end to
find the very last sector that can be read.

(I haven't even mentioned the problems with 9X/ME.)

However, I would prefer to use NtOpenFile (or NtCreateFile) for
consistency and so I can just use NtQueryInformationFile (using
EndOfFile flag in FileStandardInfo) to get the size of the device.
However, the problem with "\device\harddisk0" has me stumped.