Hey, thanks to all of you, for the answers.
I have accounted for the NULL by changing the value of Length. And indeeed
in my testing the NULL is in the string read from the registry.
Actually, this sounds so frigging silly it’s unbelieveable. A file open
command in one OS does not work the same way in another OS. I could see that
if it were Linux vs Windows, or even Win7 vs Vista, but this is Win7 32 vs
Win7 64. Sorry, but there should VERY be little difference in this
functionality between those two. Which one is handling the string correctly?
32 or 64? Is "C:\
\" a valid object name or isn't it? If it
isn't, then what should a valid object name look like that will appease
ZwOpenFile and the OS gods?
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Monday, February 08, 2010 10:42 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile
For instance, there is no guarantee that the string data you read out of the
registry is null terminated. In fact you should defensively code for this
possibility
d
tiny phone keyboard + fat thumbs = you do the muth
-----Original Message-----
From: Bill Wandel
Sent: Monday, February 08, 2010 8:15 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile
Gary,
I think that you need to take a step back and actually verify the path that
is in the UNICODE_STRING that is in the OBJECT_ATTRIBUTES structure. Are you
sure that you are getting a UNICODE_STRING from the registry query? Changing
the error from not a directory suggests that the rest of the string is not
what you think it is.
Bill Wandel
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Monday, February 08, 2010 10:08 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] ZwOpenFile
Win7 Ultimate from my MSDN subscription, in both cases, on the same laptop.
The 32 bit install was on top of the 64 bit install.
So far I've eleminated \??\ and \DosDevices\ as having to be added.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Robin Goodchild
Sent: Monday, February 08, 2010 7:22 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] ZwOpenFile
When you say "went back to 32-bit", did you install 64-bit over the top of
an existing 32-bit install?
Aside from the 32/64-bit difference, are they the same edition? It's not
that you're running Win 7 32-bit Home and Win 7 x64 Pro or anything is it?
Best regards,
Robin.
On Feb 09, 2010 00:23, Gary G. Little wrote:
> After pre-pending "\\??\", all that has happened is that the error
> code
has
> changed. I now get 0xC0000033, or "Object name Invalid".
>
> Gary G. Little
> H (952) 223-1349
> C (952) 454-4629
> xxxxx@comcast.net
>
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
> Sent: Monday, February 08, 2010 5:20 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] ZwOpenFile
>
> Right now I cannot say. The code I wrote to prefix the "\??\" barfed
> in
the
> middle of the RtlStringCopyCchW function so right now I'm debunking my
> modifications.
>
> Gary G. Little
> H (952) 223-1349
> C (952) 454-4629
> xxxxx@comcast.net
>
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
> xxxxx@evitechnology.com
> Sent: Monday, February 08, 2010 4:41 PM
> To: Windows System Software Devs Interest List
> Subject: RE:[ntdev] ZwOpenFile
>
> I'm not sure exactly what I'm suggesting here, but could wow64
> registry redirection be at play here somehow?
>
>
> mm
>
> ---
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> __________Information from ESET Smart Security, version of virus
signature
> database 4849 (20100208)__________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> __________Information from ESET Smart Security, version of virus
signature
> database 4849 (20100208)__________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> ---
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> __________Information from ESET Smart Security, version of virus
signature
> database 4849 (20100208)__________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> __________Information from ESET Smart Security, version of virus
signature
> database 4849 (20100208)__________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> ---
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
>
---
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________Information from ESET Smart Security, version of virus signature
database 4849 (20100208)__________
The message was checked by ESET Smart Security.
http://www.eset.com
__________Information from ESET Smart Security, version of virus signature
database 4849 (20100208)__________
The message was checked by ESET Smart Security.
http://www.eset.com
---
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
---
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
---
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________Information from ESET Smart Security, version of virus signature
database 4849 (20100208)__________
The message was checked by ESET Smart Security.
http://www.eset.com
__________Information from ESET Smart Security, version of virus signature
database 4851 (20100209)__________
The message was checked by ESET Smart Security.
http://www.eset.com