I am working on a project where I need to have read access to all files on
the system to which I have privileges as per ACL.
There are some files that are opened in exclusive mode by services that
start early at boot. I don’t have control over the processes and I have not
opened the handle.
I know that one way to get this access is to do a CreateFile. I wanted to
know if there was another way.
In any case I have been able to work using CreateFile and it doesn’t seem
to be too time-intensive.
Thanks,
On Mon, Oct 27, 2014 at 3:29 PM, Marion Bond wrote:
> What do you want this for? If you opened the handle, you should know
> what sharing you specified. If this handle was passed to you, then sharing
> will have been dealt with by them
>
> Sent from Surface Pro
>
> From: Arun M. Krishnakumar
> Sent: Sunday, October 26, 2014 10:38 PM
> To: Windows File Systems Devs Interest List
>
> I know that it is possible to get the ShareMode from the FILE_OBJECT in a
> mini-filter. But I am unable to know this from user-mode. There is an
> object address that I get as part of each entry returned by
> NtQuerySystemInformation but I cannot access that memory area.
>
> Is there any other way ?
>
> Thanks,
> Arun
>
> On Sun, Oct 26, 2014 at 1:51 AM, Arun M. Krishnakumar
> wrote:
>
>> Hi,
>>
>> (This is a user-land API question. I hope it’s okay to ask here as it’s
>> windows and FS related. Kindly help me redirect this in case this is the
>> wrong forum.)
>>
>> I have an case where I need to determine in user-mode the share-mode of a
>> file handle opened by another process, mainly to determine if the file is
>> opened exclusively (sharemode = 0). I do the following:
>>
>> 1. Set Debug Privilege
>> 2. NtQuerySystemInformation
>> 3. OpenProcess
>> 4. NtDuplicateObject (process, handle)
>> 5. NtQueryObject(duplicate-handle, ObjectBasicInformation)
>>
>> The issue is that the Object Attributes returned by the NtQueryObject is
>> always zero. I was hoping that there would be an OBJ_EXCLUSIVE indicating
>> that the open is exclusive. Is this a valid assumption for this problem ?
>>
>> Is there some other way I can get the shared-mode, other than (attempting
>> to open the file as that would be slower)?
>>
>> P.S.: The calls above have worked with no errors. I can also get the file
>> path etc from other similar calls. I’m stuck only at the share-mode.
>>
>> Thanks,
>>
>>
> — NTFSD is sponsored by OSR OSR is hiring!! Info at
> http://www.osr.com/careers For our schedule of debugging and file system
> seminars visit: http://www.osr.com/seminars To unsubscribe, visit the
> List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTFSD is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>