ZwOpenFile

Gary_Little-3 · February 8, 2010, 4:04pm

Ok, I give up. The following code works when compiled for 64 bit Win7 but
fails in the same incarnation compiled and run under 32 bit Win7:

// adjust NULL terminated string since attributes and ZwOpenFile

// do not like NULL terminated strings.

usFileName.Length = (USHORT) (regValue->DataLength -
sizeof(WCHAR));

usFileName.MaximumLength = (USHORT) regValue->DataLength;

usFileName.Buffer = (PWCH) &regValue->Data;

InitializeObjectAttributes(

&fileAttributes,

&usFileName,

OBJ_CASE_INSENSITIVE |
OBJ_KERNEL_HANDLE,

NULL,

NULL

);

status = ZwOpenFile(

&fHandle,

GENERIC_READ,

&fileAttributes,

&ioStatusBlock,

FILE_SHARE_READ,

0

);

if (NT_SUCCESS(status))

“regValue” is a KEY_VALUE_PARTIAL_INFORMATION pointer and was filled in by a
ZwQueryValueKey that acquired the fully qualified path name:
“C:\Temp\DomainNames.csv”. On the 32 bit version of Win7 I get a 0xC000003B
error or “Object Path Component was not a directory object”. No it wasn’t,
but the RootDirectory in fileAttributes is a NULL and the ObjectName field
is a fully qualified path name. Thinking it might be the
Length/MaximumLength issue I modifed Length and MaximumLength to include the
NULL and not include the NULL. Thus far, no matter what it always fails with
the stated error. My next trick is to open the directory, and set
RootDirectory to the handle.

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

OSR_Community_User · February 8, 2010, 4:12pm

If the path is really c:\ you need to prepend ??\ to it. c: is not a
directory object. ??\ is.

Bill Wandel

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Monday, February 08, 2010 4:04 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] ZwOpenFile

Ok, I give up. The following code works when compiled for 64 bit Win7 but
fails in the same incarnation compiled and run under 32 bit Win7:

// adjust NULL terminated string since attributes and ZwOpenFile

// do not like NULL terminated strings.

usFileName.Length = (USHORT) (regValue->DataLength -
sizeof(WCHAR));

usFileName.MaximumLength = (USHORT) regValue->DataLength;

usFileName.Buffer = (PWCH) &regValue->Data;

InitializeObjectAttributes(

&fileAttributes,

&usFileName,

OBJ_CASE_INSENSITIVE |
OBJ_KERNEL_HANDLE,

NULL,

NULL

);

status = ZwOpenFile(

&fHandle,

GENERIC_READ,

&fileAttributes,

&ioStatusBlock,

FILE_SHARE_READ,

0

);

if (NT_SUCCESS(status))

“regValue” is a KEY_VALUE_PARTIAL_INFORMATION pointer and was filled in by a
ZwQueryValueKey that acquired the fully qualified path name:
“C:\Temp\DomainNames.csv”. On the 32 bit version of Win7 I get a 0xC000003B
error or “Object Path Component was not a directory object”. No it wasn’t,
but the RootDirectory in fileAttributes is a NULL and the ObjectName field
is a fully qualified path name. Thinking it might be the
Length/MaximumLength issue I modifed Length and MaximumLength to include the
NULL and not include the NULL. Thus far, no matter what it always fails with
the stated error. My next trick is to open the directory, and set
RootDirectory to the handle.

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Gary_Little-3 · February 8, 2010, 5:01pm

Ok, I suspected that, BUT … why the freaking heck does it WORK in 64 bit
Windows!?!?!? That should have failed on both platforms.

Doron? PeterGV? Tim?

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
Sent: Monday, February 08, 2010 3:12 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

If the path is really c:\ you need to prepend ??\ to it. c: is not a
directory object. ??\ is.

Bill Wandel

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Monday, February 08, 2010 4:04 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] ZwOpenFile

Ok, I give up. The following code works when compiled for 64 bit Win7 but
fails in the same incarnation compiled and run under 32 bit Win7:

// adjust NULL terminated string since attributes and ZwOpenFile

// do not like NULL terminated strings.

usFileName.Length = (USHORT) (regValue->DataLength -
sizeof(WCHAR));

usFileName.MaximumLength = (USHORT) regValue->DataLength;

usFileName.Buffer = (PWCH) &regValue->Data;

InitializeObjectAttributes(

&fileAttributes,

&usFileName,

OBJ_CASE_INSENSITIVE |
OBJ_KERNEL_HANDLE,

NULL,

NULL

);

status = ZwOpenFile(

&fHandle,

GENERIC_READ,

&fileAttributes,

&ioStatusBlock,

FILE_SHARE_READ,

0

);

if (NT_SUCCESS(status))

“regValue” is a KEY_VALUE_PARTIAL_INFORMATION pointer and was filled in by a
ZwQueryValueKey that acquired the fully qualified path name:
“C:\Temp\DomainNames.csv”. On the 32 bit version of Win7 I get a 0xC000003B
error or “Object Path Component was not a directory object”. No it wasn’t,
but the RootDirectory in fileAttributes is a NULL and the ObjectName field
is a fully qualified path name. Thinking it might be the
Length/MaximumLength issue I modifed Length and MaximumLength to include the
NULL and not include the NULL. Thus far, no matter what it always fails with
the stated error. My next trick is to open the directory, and set
RootDirectory to the handle.

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

OSR_Community_User · February 8, 2010, 5:04pm

Are the two test systems somehow configured differently?

Is it failing on permissions?

Best regards,
Robin.

On Feb 08, 2010 22:00, Gary G. Little wrote:

Ok, I suspected that, BUT … why the freaking heck does it WORK in 64
bit Windows!?!?!? That should have failed on both platforms.

Doron? PeterGV? Tim?

*From:* xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] *On Behalf Of *Bill Wandel
*Sent:* Monday, February 08, 2010 3:12 PM
*To:* Windows System Software Devs Interest List
*Subject:* RE: [ntdev] ZwOpenFile

If the path is really c:\ you need to prepend ??\ to it. c: is not a
directory object. ??\ is.

Bill Wandel

*From:* xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] *On Behalf Of *Gary G. Little
*Sent:* Monday, February 08, 2010 4:04 PM
*To:* Windows System Software Devs Interest List
*Subject:* [ntdev] ZwOpenFile

Ok, I give up. The following code works when compiled for 64 bit Win7
but fails in the same incarnation compiled and run under 32 bit Win7:

// adjust NULL terminated string since attributes and
ZwOpenFile

// do not like NULL terminated strings.

usFileName.Length = (USHORT) (regValue->DataLength -
sizeof(WCHAR));

usFileName.MaximumLength = (USHORT) regValue->DataLength;

usFileName.Buffer = (PWCH) &regValue->Data;

InitializeObjectAttributes(

&fileAttributes,

&usFileName,

OBJ_CASE_INSENSITIVE |
OBJ_KERNEL_HANDLE,

NULL,

NULL

);

status = ZwOpenFile(

&fHandle,

GENERIC_READ,

&fileAttributes,

&ioStatusBlock,

FILE_SHARE_READ,

0

);

if (NT_SUCCESS(status))

“regValue” is a KEY_VALUE_PARTIAL_INFORMATION pointer and was filled
in by a ZwQueryValueKey that acquired the fully qualified path name:
“C:\Temp\DomainNames.csv”. On the 32 bit version of Win7 I get a
0xC000003B error or “Object Path Component was not a directory
object”. No it wasn’t, but the RootDirectory in fileAttributes is a
NULL and the ObjectName field is a fully qualified path name. Thinking
it might be the Length/MaximumLength issue I modifed Length and
MaximumLength to include the NULL and not include the NULL. Thus far,
no matter what it always fails with the stated error. My next trick is
to open the directory, and set RootDirectory to the handle.

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

__________ Information from ESET Smart Security, version of virus
signature database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus
signature database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus
signature database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Peter_Viscarola_OSR · February 8, 2010, 5:12pm

A mystery.

Robin raised a good question as to environment configuration…

Does it WORK on both systems if you prepend ??\ or \DosDevices\ or \Global??\ or whatever?

Peter
OSR

Gary_Little-3 · February 8, 2010, 5:31pm

It’s litearlly the same machine. I initially was testing on 64 bit Win7, but
my client is loading it on 32 bit Win7 so I bounced the laptop back to 32
bit Win7.

I am about to find out if the "??" will resolve the problem for 32 bit
Win7. Testing it on 64 bit Win7 will require installing it over the 32 bit
install I just did, and I’m really not brave enough to load and run it on my
64 bit main development system. This is a one horse shop here (me) on a
limited budget (unemployment).

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Monday, February 08, 2010 4:12 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwOpenFile

A mystery.

Robin raised a good question as to environment configuration…

Does it WORK on both systems if you prepend ??\ or \DosDevices\ or
\Global??\ or whatever?

Peter
OSR

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

OSR_Community_User · February 8, 2010, 5:40pm

I’m not sure exactly what I’m suggesting here, but could wow64 registry redirection be at play here somehow?

mm

Gary_Little-3 · February 8, 2010, 6:21pm

Right now I cannot say. The code I wrote to prefix the "??" barfed in the
middle of the RtlStringCopyCchW function so right now I’m debunking my
modifications.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Monday, February 08, 2010 4:41 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwOpenFile

I’m not sure exactly what I’m suggesting here, but could wow64 registry
redirection be at play here somehow?

mm

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

Gary_Little-3 · February 8, 2010, 7:24pm

After pre-pending "\??", all that has happened is that the error code has
changed. I now get 0xC0000033, or “Object name Invalid”.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Monday, February 08, 2010 5:20 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Right now I cannot say. The code I wrote to prefix the "??" barfed in the
middle of the RtlStringCopyCchW function so right now I’m debunking my
modifications.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Monday, February 08, 2010 4:41 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwOpenFile

I’m not sure exactly what I’m suggesting here, but could wow64 registry
redirection be at play here somehow?

mm

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

OSR_Community_User · February 8, 2010, 8:22pm

When you say “went back to 32-bit”, did you install 64-bit over the top
of an existing 32-bit install?

Aside from the 32/64-bit difference, are they the same edition? It’s not
that you’re running Win 7 32-bit Home and Win 7 x64 Pro or anything is it?

Best regards,
Robin.

On Feb 09, 2010 00:23, Gary G. Little wrote:

After pre-pending "\??", all that has happened is that the error code has
changed. I now get 0xC0000033, or “Object name Invalid”.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Monday, February 08, 2010 5:20 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Right now I cannot say. The code I wrote to prefix the "??" barfed in the
middle of the RtlStringCopyCchW function so right now I’m debunking my
modifications.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Monday, February 08, 2010 4:41 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwOpenFile

I’m not sure exactly what I’m suggesting here, but could wow64 registry
redirection be at play here somehow?

mm

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Gary_Little-3 · February 8, 2010, 10:08pm

Win7 Ultimate from my MSDN subscription, in both cases, on the same laptop.
The 32 bit install was on top of the 64 bit install.

So far I’ve eleminated ??\ and \DosDevices\ as having to be added.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Robin Goodchild
Sent: Monday, February 08, 2010 7:22 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] ZwOpenFile

When you say “went back to 32-bit”, did you install 64-bit over the top
of an existing 32-bit install?

Aside from the 32/64-bit difference, are they the same edition? It’s not
that you’re running Win 7 32-bit Home and Win 7 x64 Pro or anything is it?

Best regards,
Robin.

On Feb 09, 2010 00:23, Gary G. Little wrote:

After pre-pending "\??", all that has happened is that the error code
has
changed. I now get 0xC0000033, or “Object name Invalid”.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Monday, February 08, 2010 5:20 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Right now I cannot say. The code I wrote to prefix the "??" barfed in
the
middle of the RtlStringCopyCchW function so right now I’m debunking my
modifications.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Monday, February 08, 2010 4:41 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwOpenFile

I’m not sure exactly what I’m suggesting here, but could wow64 registry
redirection be at play here somehow?

mm

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus
signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus
signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus
signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus
signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

OSR_Community_User · February 8, 2010, 11:15pm

Gary,

I think that you need to take a step back and actually verify the path that
is in the UNICODE_STRING that is in the OBJECT_ATTRIBUTES structure. Are you
sure that you are getting a UNICODE_STRING from the registry query? Changing
the error from not a directory suggests that the rest of the string is not
what you think it is.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Monday, February 08, 2010 10:08 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Win7 Ultimate from my MSDN subscription, in both cases, on the same laptop.
The 32 bit install was on top of the 64 bit install.

So far I’ve eleminated ??\ and \DosDevices\ as having to be added.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Robin Goodchild
Sent: Monday, February 08, 2010 7:22 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] ZwOpenFile

When you say “went back to 32-bit”, did you install 64-bit over the top of
an existing 32-bit install?

Aside from the 32/64-bit difference, are they the same edition? It’s not
that you’re running Win 7 32-bit Home and Win 7 x64 Pro or anything is it?

Best regards,
Robin.

On Feb 09, 2010 00:23, Gary G. Little wrote:

After pre-pending "\??", all that has happened is that the error
code
has
changed. I now get 0xC0000033, or “Object name Invalid”.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Monday, February 08, 2010 5:20 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Right now I cannot say. The code I wrote to prefix the "??" barfed
in
the
middle of the RtlStringCopyCchW function so right now I’m debunking my
modifications.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Monday, February 08, 2010 4:41 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwOpenFile

I’m not sure exactly what I’m suggesting here, but could wow64
registry redirection be at play here somehow?

mm

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus
signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus
signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus
signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus
signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4849 (20100208) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Doron_Holan · February 8, 2010, 11:42pm

For instance, there is no guarantee that the string data you read out of the registry is null terminated. In fact you should defensively code for this possibility

d

tiny phone keyboard + fat thumbs = you do the muth

-----Original Message-----
From: Bill Wandel
Sent: Monday, February 08, 2010 8:15 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Gary,

I think that you need to take a step back and actually verify the path that
is in the UNICODE_STRING that is in the OBJECT_ATTRIBUTES structure. Are you
sure that you are getting a UNICODE_STRING from the registry query? Changing
the error from not a directory suggests that the rest of the string is not
what you think it is.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Monday, February 08, 2010 10:08 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Win7 Ultimate from my MSDN subscription, in both cases, on the same laptop.
The 32 bit install was on top of the 64 bit install.

So far I’ve eleminated ??\ and \DosDevices\ as having to be added.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Robin Goodchild
Sent: Monday, February 08, 2010 7:22 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] ZwOpenFile

When you say “went back to 32-bit”, did you install 64-bit over the top of
an existing 32-bit install?

Aside from the 32/64-bit difference, are they the same edition? It’s not
that you’re running Win 7 32-bit Home and Win 7 x64 Pro or anything is it?

Best regards,
Robin.

On Feb 09, 2010 00:23, Gary G. Little wrote:
> After pre-pending "\??", all that has happened is that the error
> code
has
> changed. I now get 0xC0000033, or “Object name Invalid”.
>
> Gary G. Little
> H (952) 223-1349
> C (952) 454-4629
> xxxxx@comcast.net
>
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
> Sent: Monday, February 08, 2010 5:20 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] ZwOpenFile
>
> Right now I cannot say. The code I wrote to prefix the "??" barfed
> in
the
> middle of the RtlStringCopyCchW function so right now I’m debunking my
> modifications.
>
> Gary G. Little
> H (952) 223-1349
> C (952) 454-4629
> xxxxx@comcast.net
>
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
> xxxxx@evitechnology.com
> Sent: Monday, February 08, 2010 4:41 PM
> To: Windows System Software Devs Interest List
> Subject: RE:[ntdev] ZwOpenFile
>
> I’m not sure exactly what I’m suggesting here, but could wow64
> registry redirection be at play here somehow?
>
>
> mm
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> Information from ESET Smart Security, version of virus
signature
> database 4849 (20100208)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> Information from ESET Smart Security, version of virus
signature
> database 4849 (20100208)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> Information from ESET Smart Security, version of virus
signature
> database 4849 (20100208)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> Information from ESET Smart Security, version of virus
signature
> database 4849 (20100208)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
>

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Information from ESET Smart Security, version of virus signature
database 4849 (20100208)

The message was checked by ESET Smart Security.

http://www.eset.com

Information from ESET Smart Security, version of virus signature
database 4849 (20100208)

The message was checked by ESET Smart Security.

http://www.eset.com

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Crispin_Wright · February 9, 2010, 3:53am

If it’s Win7 Ultimate is there any mileage in you bouncing your laptop back to 64 bit and then using the virtual machine xp mode stuff to create a Win7 32 bit machine so at least you can compare side by side, or are you relying on specific hardware being present on the box?

Maxim_S_Shatskih · February 9, 2010, 3:54am

>“C:\Temp\DomainNames.csv”

Can be a question of drive letters.

Is C: existing in the second Win7 installation?

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

Gary_Little-3 · February 9, 2010, 12:23pm

Yes, C: is the b oot drive and does exist on the laptop I am using for test.
The 64 bit OS did not like the NULL at the end of the Length count so I
decremented the Length by the size of a WCHAR, which seemed to appease the
OS gods. At least under 64 bit Win7 I was able to open
“C:\Temp\DomainNames.csv”.

Under a 32 bit Win7 Ultimate I have tried all of the following with no luck:

C:\Temp\DomainNames.csv
??\C:\Temp\DomainNames.csv
\??\C:\Temp\DomainNames.csv
\DosDevices\C:\Temp\DomainNames.csv
\DosDevices\C:\Temp\DomainNames.csv
\PhysicalDrive0\Temp\DomainNames.csv
\PhysicalDrive0\Temp\DomainNames.csv

The driver itself has Start set to 3, or Demand Start, the same as for the
64 bit OS. I’ve even tried setting MaximumLength to the same as Length as
well as +2 to account for a NULL.

So exactly WHAT is 32 bit Win7 Ultimate expecting for a fucking valid object
name!?!?!?!?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Tuesday, February 09, 2010 2:54 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] ZwOpenFile

“C:\Temp\DomainNames.csv”

Can be a question of drive letters.

Is C: existing in the second Win7 installation?

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4851 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4851 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

Peter_Wieland · February 9, 2010, 12:44pm

You could put a breakpoint on nt!ntopenfile & open the file from user-mode using a Win32 path & see what name is passed in. You’ll get a lot of hits on the BP but eventually you’ll find the one you want

-p

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Tuesday, February 09, 2010 9:22 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Yes, C: is the b oot drive and does exist on the laptop I am using for test.
The 64 bit OS did not like the NULL at the end of the Length count so I decremented the Length by the size of a WCHAR, which seemed to appease the OS gods. At least under 64 bit Win7 I was able to open “C:\Temp\DomainNames.csv”.

Under a 32 bit Win7 Ultimate I have tried all of the following with no luck:

C:\Temp\DomainNames.csv
??\C:\Temp\DomainNames.csv
\??\C:\Temp\DomainNames.csv
\DosDevices\C:\Temp\DomainNames.csv
\DosDevices\C:\Temp\DomainNames.csv
\PhysicalDrive0\Temp\DomainNames.csv
\PhysicalDrive0\Temp\DomainNames.csv

The driver itself has Start set to 3, or Demand Start, the same as for the
64 bit OS. I’ve even tried setting MaximumLength to the same as Length as well as +2 to account for a NULL.

So exactly WHAT is 32 bit Win7 Ultimate expecting for a fucking valid object name!?!?!?!?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Tuesday, February 09, 2010 2:54 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] ZwOpenFile

“C:\Temp\DomainNames.csv”

Can be a question of drive letters.

Is C: existing in the second Win7 installation?

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4851 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4851 (20100209) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Scott_Noone_OSR · February 9, 2010, 12:50pm

Running the app under a user debugger and stepping into the CreateFileW call
up to the NtCreateFile call would also work (usually what I do when I can’t
get the native API syntax correct).

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Peter Wieland” wrote in message
news:xxxxx@ntdev…
> You could put a breakpoint on nt!ntopenfile & open the file from user-mode
> using a Win32 path & see what name is passed in. You’ll get a lot of hits
> on the BP but eventually you’ll find the one you want
>
> -p
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
> Sent: Tuesday, February 09, 2010 9:22 AM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] ZwOpenFile
>
> Yes, C: is the b oot drive and does exist on the laptop I am using for
> test.
> The 64 bit OS did not like the NULL at the end of the Length count so I
> decremented the Length by the size of a WCHAR, which seemed to appease the
> OS gods. At least under 64 bit Win7 I was able to open
> “C:\Temp\DomainNames.csv”.
>
> Under a 32 bit Win7 Ultimate I have tried all of the following with no
> luck:
>
> C:\Temp\DomainNames.csv
> ??\C:\Temp\DomainNames.csv
> \??\C:\Temp\DomainNames.csv
> \DosDevices\C:\Temp\DomainNames.csv
> \DosDevices\C:\Temp\DomainNames.csv
> \PhysicalDrive0\Temp\DomainNames.csv
> \PhysicalDrive0\Temp\DomainNames.csv
>
> The driver itself has Start set to 3, or Demand Start, the same as for the
> 64 bit OS. I’ve even tried setting MaximumLength to the same as Length as
> well as +2 to account for a NULL.
>
> So exactly WHAT is 32 bit Win7 Ultimate expecting for a fucking valid
> object name!?!?!?!?
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
> Sent: Tuesday, February 09, 2010 2:54 AM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] ZwOpenFile
>
>>“C:\Temp\DomainNames.csv”
>
> Can be a question of drive letters.
>
> Is C: existing in the second Win7 installation?
>
> –
> Maxim S. Shatskih
> Windows DDK MVP
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> Information from ESET Smart Security, version of virus
> signature
> database 4851 (20100209)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> Information from ESET Smart Security, version of virus
> signature
> database 4851 (20100209)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>

Gary_Little-3 · February 9, 2010, 1:03pm

Hey, thanks to all of you, for the answers.

I have accounted for the NULL by changing the value of Length. And indeeed
in my testing the NULL is in the string read from the registry.

Actually, this sounds so frigging silly it’s unbelieveable. A file open
command in one OS does not work the same way in another OS. I could see that
if it were Linux vs Windows, or even Win7 vs Vista, but this is Win7 32 vs
Win7 64. Sorry, but there should VERY be little difference in this
functionality between those two. Which one is handling the string correctly?
32 or 64? Is "C:\

\" a valid object name or isn't it? If it
isn't, then what should a valid object name look like that will appease
ZwOpenFile and the OS gods?

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Monday, February 08, 2010 10:42 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

For instance, there is no guarantee that the string data you read out of the
registry is null terminated. In fact you should defensively code for this
possibility

d

tiny phone keyboard + fat thumbs = you do the muth

-----Original Message-----
From: Bill Wandel
Sent: Monday, February 08, 2010 8:15 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Gary,

I think that you need to take a step back and actually verify the path that
is in the UNICODE_STRING that is in the OBJECT_ATTRIBUTES structure. Are you
sure that you are getting a UNICODE_STRING from the registry query? Changing
the error from not a directory suggests that the rest of the string is not
what you think it is.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Monday, February 08, 2010 10:08 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile

Win7 Ultimate from my MSDN subscription, in both cases, on the same laptop.
The 32 bit install was on top of the 64 bit install.

So far I've eleminated \??\ and \DosDevices\ as having to be added.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Robin Goodchild
Sent: Monday, February 08, 2010 7:22 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] ZwOpenFile

When you say "went back to 32-bit", did you install 64-bit over the top of
an existing 32-bit install?

Aside from the 32/64-bit difference, are they the same edition? It's not
that you're running Win 7 32-bit Home and Win 7 x64 Pro or anything is it?

Best regards,
Robin.

On Feb 09, 2010 00:23, Gary G. Little wrote:
> After pre-pending "\\??\", all that has happened is that the error
> code
has
> changed. I now get 0xC0000033, or "Object name Invalid".
>
> Gary G. Little
> H (952) 223-1349
> C (952) 454-4629
> xxxxx@comcast.net
>
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
> Sent: Monday, February 08, 2010 5:20 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] ZwOpenFile
>
> Right now I cannot say. The code I wrote to prefix the "\??\" barfed
> in
the
> middle of the RtlStringCopyCchW function so right now I'm debunking my
> modifications.
>
> Gary G. Little
> H (952) 223-1349
> C (952) 454-4629
> xxxxx@comcast.net
>
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
> xxxxx@evitechnology.com
> Sent: Monday, February 08, 2010 4:41 PM
> To: Windows System Software Devs Interest List
> Subject: RE:[ntdev] ZwOpenFile
>
> I'm not sure exactly what I'm suggesting here, but could wow64
> registry redirection be at play here somehow?
>
>
> mm
>
> ---
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> __________Information from ESET Smart Security, version of virus
signature
> database 4849 (20100208)__________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> __________Information from ESET Smart Security, version of virus
signature
> database 4849 (20100208)__________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> ---
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> __________Information from ESET Smart Security, version of virus
signature
> database 4849 (20100208)__________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> __________Information from ESET Smart Security, version of virus
signature
> database 4849 (20100208)__________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> ---
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
>

---
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________Information from ESET Smart Security, version of virus signature
database 4849 (20100208)__________

The message was checked by ESET Smart Security.

http://www.eset.com

__________Information from ESET Smart Security, version of virus signature
database 4849 (20100208)__________

The message was checked by ESET Smart Security.

http://www.eset.com

---
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

---
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

---
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________Information from ESET Smart Security, version of virus signature
database 4849 (20100208)__________

The message was checked by ESET Smart Security.

http://www.eset.com

__________Information from ESET Smart Security, version of virus signature
database 4851 (20100209)__________

The message was checked by ESET Smart Security.

http://www.eset.com

Maxim_S_Shatskih · February 9, 2010, 1:11pm

> \??\C:\Temp\DomainNames.csv

Try ??\Global\C:\Temp\DomainNames.csv

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com