Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Needed help with using NtCreateFile()

Posted on 2011-09-20
2
Medium Priority
?
729 Views
Last Modified: 2012-06-21
I have written a program that queries the change journal records and lists them. The change journal returns:

1) filereferencenumber( combination of fileindex.high and fileindex.low) 2) parentfilereferencenumber(same as above except it is for directory) 3) szReason(Reason it appears in the change record) 4) Filename and Filelength.

I want to find the path of this file listed in the change journal. Most of the implementations I have seen keep track of all the filereferencenumber and query it to compare, or they use FindNextFile() functions ot traverse through the entire volume.

I came across a discussion where they say, they can open a file handle using just the filereferencenumber. http://www.tech-archive.net/Archive/Windows/microsoft.public.windows.file_system/2004-11/0244.html

The msdn article says, we have to load a library before calling Internal API's http://msdn.microsoft.com/en-us/library/bb432380%28v=vs.85%29.aspx

Can someone point me in the right direction and tell me exactly what to do? How do I use NtCreateFile()?

Or, is there a way to access file path using just the filereferencenumber?
0
Comment
Question by:zystemsgo
  • 2
2 Comments
 
LVL 35

Accepted Solution

by:
sarabande earned 2000 total points
ID: 36571827
those internal functions have no import library. so you not simply can call NtCreateFile aafter including a header but has to load the dll and get a function pointer out of the dll loaded.

that is done like

#include <wininternl.h>
....
HMODULE hdll = LoadLibrary("winnt.dll");
if (hdll == NULL)
{
    long err = GetLastError();
    return err;
}
FUNC_NTCREATEFILE pfunc = GetProcAddress(hdll, "NtCreateFile");
if (pfunc == NULL)
{
    long err = GetLastError();
    return err;
}
// call NtCreateFile 
NTSTATUS = pfunc(&filehandle, ....);

Open in new window


the FUNC_NTCREATEFILE is supposed to be the type of function pointer fitting to NtCreateFile. i don't have a copy of the winternal.h where such kind of  type should be declared. of course it has a different name than that i used.

in the docs to NtCreateFile they mention that the WDK (windows driver kit) would provide ntdll.lib, an import library for ntdll.dll. if you have the WDK installed you could include ntdef.h and call the NtCreateFile directly. you then would need to add ntdll.lib to the linker import modules.

Sara
0
 
LVL 35

Expert Comment

by:sarabande
ID: 36571831
it should have been

NTSTATUS nstat = pfunc(&filehandle, ....);

Sara
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
It is a real story and is one of my scariest tech experiences. Most users think that IT experts like us know how to fix all computer problems. However, if there is a time constraint and you MUST not fail the task or you will lose your job, a simple …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question