Reputation: 491
Can we get the Device object detail / name from a Device handle
I am writing a DeviceIoControl API hook application which will trace all the DeviceIoControl() calls a target application makes. Following is the signature of DeviceIoControl for easy reference :
BOOL WINAPI DeviceIoControl(
In HANDLE hDevice,
In DWORD dwIoControlCode,
_In_opt_ LPVOID lpInBuffer,
In DWORD nInBufferSize,
_Out_opt_ LPVOID lpOutBuffer,
In DWORD nOutBufferSize,
_Out_opt_ LPDWORD lpBytesReturned,
_Inout_opt_ LPOVERLAPPED lpOverlapped
);
My problem here is, how do I figure-out which device is this Ioctl being targetted to, i.e. How do I reverse the hDevice HANDLE and find the actual device.
Upvotes: 1
Views: 1002
Answers (1)
Reputation: 596196
Use NtQueryObject() to determine the type and name of the object that the handle represents. You might also need to use QueryDosDevice() to resolve hardware device names to local filesystem paths. See this article to get you started:
HOWTO: Enumerate handles
http://forum.sysinternals.com/howto-enumerate-handles_topic18892.html
Once you know the device type, you can
then use type-specific APIs, like GetVolumeInformationByHandle(), GetFileInformationByHandleEx(), etc to get more detailed information.
Upvotes: 2
Related Questions
- How to get friendly device name from DEV_BROADCAST_DEVICEINTERFACE and Device Instance ID
- Get information about device using SetupAPI
- Get parent information of a USB device C++
- How to get USB Device handle using device instance handle?
- How to get device properties in windows in c++?
- Retrieve device model name using C++ on windows desktop
- How to get usb storage device details in vc++
- Get the information about the USB device inserted
- Get Device name
- how to get USB hardware id using device id?