Reputation: 788
How can I get symbol link name in windows NT driver?
I'm writing a windows nt driver. I define a DEVICE_EXTENSION
typedef struct _DEVICE_EXTENSION {
PDEVICE_OBJECT pDevice;
UNICODE_STRING ustrDeviceName;
UNICODE_STRING ustrSymLinkName;
} DEVICE_EXTENSION, *PDEVICE_EXTENSION;
And I create a device,
status = IoCreateDevice(pDriverObject,
sizeof(DEVICE_EXTENSION),
&devName,
FILE_DEVICE_UNKNOWN,
0, TRUE,
&pDevObj);
if (!NT_SUCCESS(status))
{
DbgPrint("CreateDevice Error...\n");
return status;
}
pDevObj->Flags |= DO_BUFFERED_IO;
pDevExt = (PDEVICE_EXTENSION)pDevObj->DeviceExtension;
pDevExt->pDevice = pDevObj;
pDevExt->ustrDeviceName = devName;
UNICODE_STRING symLinkName;
RtlInitUnicodeString(&symLinkName, DOS_DEVICE_NAME);
pDevExt->ustrSymLinkName = symLinkName;
status = IoCreateSymbolicLink(&symLinkName, &devName);
you can see, I store symLinkName in DEVICE_EXTENSION pDevExt. When it unloads from device, I read this symLinkName
NTSTATUS status;
PDEVICE_OBJECT pNextObj;
DbgPrint(("Enter DriverUnload\n"));
pNextObj = pDriverObject->DeviceObject;
UNICODE_STRING pLinkName;
while (pNextObj != NULL)
{
PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)pNextObj->DeviceExtension;
RtlCopyUnicodeString(&pLinkName, &(pDevExt->ustrSymLinkName));
DbgPrint("Start delete symlinkname %wZ ...\n", &pLinkName);n // meet a error
status = IoDeleteSymbolicLink(&pLinkName);
if (!NT_SUCCESS(status))
{
DbgPrint("Delete SymbolLink Error\n");
goto finish;
}
pNextObj = pNextObj->NextDevice;
IoDeleteDevice(pDevExt->pDevice);
}
Before executing IoDeleteSymbolicLink, I want to print this pLinkName, but I meet a error.
To solve this problem ,I try many methods.
while (pNextObj != NULL)
{
PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)pNextObj->DeviceExtension;
// RtlCopyUnicodeString(&pLinkName, &(pDevExt->ustrSymLinkName));
RtlInitUnicodeString(&pLinkName, DOS_DEVICE_NAME);
DbgPrint("Start delete symlinkname %wZ ...\n", &pLinkName);
status = IoDeleteSymbolicLink(&pLinkName);
if (!NT_SUCCESS(status))
{
DbgPrint("Delete SymbolLink Error\n");
goto finish;
}
pNextObj = pNextObj->NextDevice;
IoDeleteDevice(pDevExt->pDevice);
}
this will execute successfully, but I don't know why this happen.
Upvotes: 0
Views: 231
Answers (1)
Reputation: 497
I guess you are using this #pragma alloc_text(INIT, DriverEntry) in your code. If so, this is the explanation:
/*
* These compiler directives tell the Operating System how to load the
* driver into memory. The "INIT" section is discardable as you only
* need the driver entry upon initialization, then it can be discarded.
*
*/
After loading, INIT sesison will be discarded and your pDevExt->ustrSymLinkName data has been released if it is in that session. You can remove all #pragma alloc_text to avoid this problem.
Upvotes: 1
Related Questions
- How to find target of symbolic link in Windows C++ program
- Determining symbol names of the DLL
- How do I get the version of a driver on Windows from C++
- How do you get Symbols from the Windows linker?
- Best way to get volume name of symbolic link target [NTFS]
- C++ Windows 7 Get Symbolic Names of Installed drivers
- How can I get more information about symbol by it's address in memory
- Enumerate all symbolic links in kernel driver
- Getting the symbols of kernel32
- How to get Driver Name?