Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C++ Driver API
Hi,

I have used a code which hooks ZwQueryDirectryFile in ssdt and whenever this function is called, my function, NewZwQueryDirectryFile, is executed. I need to know the full pathes of the files in the opened directory but I only get the names. Is there any way I can get the full path of the files in the direcory?
I can not use functions like GetFileNameFromHandle which are included in windows.h because I am writing a driver and including "windows.h" casues me a lot of trouble.

P.S.
I am trying to write an anti-virus.

Thank you.
Posted 11-Jun-12 21:12pm
lilyNaz536
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

You can try to use ZwQueryInformationFile (using FileNameInformation class) with directory handle passed to ZwQueryDirectryFile
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

If including Windows.h creates a problem for you, then use those functions without including Windows.h
 
Just call LoadLibrary and then GetProcAddress to load up the function and then call it, that'd be the simplest solution, like shown below...
 
typedef DWORD (CALLBACK* LP_GFPNBH)(HANDLE, LPTSTR, DWORD, DWORD);
HMODULE hModule = ::LoadLibrary("Kernel32.dll");
LP_GFPNBH func = (LP_GFPNBH)::GetProcAddress(hModule, "GetFinalPathNameByHandle");
 
// Calling function:
func(...parameters...);
  Permalink  
v4

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 300
1 Sergey Alexandrovich Kryukov 176
2 PhilLenoir 164
3 Richard MacCutchan 160
4 Sharmanuj 146
0 Sergey Alexandrovich Kryukov 6,081
1 OriginalGriff 5,115
2 CPallini 2,473
3 Richard MacCutchan 1,597
4 Abhinav S 1,505


Advertise | Privacy | Mobile
Web01 | 2.8.140814.1 | Last Updated 21 Jun 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100