file name from remote proc

Nope... that will not help... 1st func is for FileDirInfo and second is overkill.

Look at this:

ZwQueryInformationFile returns information about the given file. When FileInformationClass equals FileNameInformation, the file name is returned in the FILE_NAME_INFORMATION structure. The precise syntax of the file name depends on a number of factors: If the file was opened by submitting a full path and file name to ZwCreateFile, then ZwQueryInformationFile returns that full path and file name. If the ObjectAttributes->RootDirectory handle was opened by name in a call to ZwCreateFile, and subsequently the file was opened by ZwCreateFile relative to this root directory handle, then the full path and file name are returned. If the ObjectAttributes->RootDirectory handle was opened by file ID (using the FILE_OPEN_BY_FILE_ID flag) in a call to ZwCreateFile, and subsequently the file was opened by ZwCreateFile relative to this root directory handle, then only the relative path will be returned. However, if the user has SeChangeNotifyPrivilege (described in Platform SDK documentation), the full path and file name will be returned in all cases. If only the relative path is returned, the file name string will not begin with a backslash. If the full path and file name are returned, the string will begin with a single backslash, regardless of its location. Thus the file C:\dir1\dir2\filename.ext will appear as \dir1\dir2\filename.ext, while the file \\server\share\dir1\dir2\filename.ext will appear as \server\share\dir1\dir2\filename.ext.

It seems that this is FULL path :)

Anyway, I'll keep this function since it is much faster then NTQO and it doesn't block my app (probably less memory intensive).


Thx EP_X0FF for your help. That will be it. No more question here.
Stay good, and if you need any help in computer fields, drop me a line.


homepage

Edited by majkinetor - 15 May 2006 at 8:38am

Hej there.

When I am using NtQueryObject I get names OK but for some reason application can't exit ! I put breakpoint at last line of main function (return 0) and it is reached everytime, but after that, applicatin doesn't close itself, and it can't be killed. I had to rename project output on every compile to avoid restarting computer every 5 minutes. I used this kind of code to debug:
print(1), NTQO(), print(2);

And I got output like this:
12
12
112
12
112
...

So, threead is terminated if NTQO hangs but this function blocks my code on some other level....

I didn't find solution to this, so I switched to other function, NtQueryInformationFile. Now application doesn't hang but another quite interesting problem arised. It doesn't return device location, but raltive path: instead \Device\HarddiskVolumeX\Windows\System32 it give me \Windows\System32 only. I looked into code of guy who wrote WhoUses.exe on CodeGuru and he was using the same procedure to get filename, but he got complite names ?!

This is Visual Studio picture that will clarify this. U can see that lpBuffer doesn't have device information.
This is not so big problem but hard disk could have the same paths on different partitions locked at the same time.


Visual Studio Debug Screenshot

I don't know what is going on here, since when my console application that I am using for test hang, I can not delete it for very long period of time (it is up for more then 20 minutes now...). TaskInfo & Proc Exp can not kill it also.

You are right, that is too big project for simple plugin, it already took me much time to come to this stage.

Anyway you were of great help and I thank you for that.
Your english is fine by me.

Thank you EP_X0FF.
I switched to NtQO function and everything is ok up to the part where it hangs for long period of time. I have to open thread to execute this function and kill it after some short time.

I have to ask for opinion here if you have time: Since I am trying to create Total Commander so called content plugin this needs to be fast, because it will be called for each file in the directory. The plugin is supouse to return information about file's lock status and to return string containing names of applications which hold the lock. I am caching information on the first file (I create a snapshot of all open files in the system) and look into cache on all other subsequent files. Therefore, above procedure will be executed only once, but it still have to be fast to alow TC to function normaly (lets say, everything up to 2 seconds should be fine).

I am concerned here how big impact on procedure speed will have creating new thread for every file handle in the system (on my system, currently > 1000)

thx

This is how I declared those functions:

HANDLE OpenProcess( DWORD processId ) {      // Open the process for handle duplication      return ::OpenProcess( PROCESS_DUP_HANDLE, TRUE, processId ); } HANDLE DuplicateHandle( HANDLE hProcess, HANDLE hRemote ) {      HANDLE hDup = NULL;      // Duplicate the remote handle for our process      ::DuplicateHandle( hProcess, hRemote,    GetCurrentProcess(),&hDup, 0, FALSE, DUPLICATE_SAME_ACCESS );      return hDup; }

Edited by majkinetor - 11 May 2006 at 8:49am