What do you want this for? If you opened the handle, you should know what sharing you specified. If this handle was passed to you, then sharing will have been dealt with by them
Sent from Surface Pro
From: Arun M. Krishnakumar
Sent: Sunday, October 26, 2014 10:38 PM
To: Windows File Systems Devs Interest List
I know that it is possible to get the ShareMode from the FILE_OBJECT in a mini-filter. But I am unable to know this from user-mode. There is an object address that I get as part of each entry returned by NtQuerySystemInformation but I cannot access that memory area.
Is there any other way ?
Thanks,
Arun
On Sun, Oct 26, 2014 at 1:51 AM, Arun M. Krishnakumar wrote:
Hi,
(This is a user-land API question. I hope it’s okay to ask here as it’s windows and FS related. Kindly help me redirect this in case this is the wrong forum.)
I have an case where I need to determine in user-mode the share-mode of a file handle opened by another process, mainly to determine if the file is opened exclusively (sharemode = 0). I do the following:
1. Set Debug Privilege
2. NtQuerySystemInformation
3. OpenProcess
4. NtDuplicateObject (process, handle)
5. NtQueryObject(duplicate-handle, ObjectBasicInformation)
The issue is that the Object Attributes returned by the NtQueryObject is always zero. I was hoping that there would be an OBJ_EXCLUSIVE indicating that the open is exclusive. Is this a valid assumption for this problem ?
Is there some other way I can get the shared-mode, other than (attempting to open the file as that would be slower)?
P.S.: The calls above have worked with no errors. I can also get the file path etc from other similar calls. I’m stuck only at the share-mode.
Thanks,
— NTFSD is sponsored by OSR OSR is hiring!! Info at http://www.osr.com/careers For our schedule of debugging and file system seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer