How to explore hard disk files using c++ driver developping?

Junior Poster in Training

52 posts since Mar 2012

Reputation Points: 10

Solved Threads: 0

Skill Endorsements: 0

0

What is wrong with using win32 api functions FindFirstFile() and FindNextFile() ? Can't DDK programs access win32 api?

Ancient Dragon

Achieved Level 70

Team Colleague

32,275 posts since Aug 2005

Reputation Points: 5,852

Solved Threads: 2,590

Skill Endorsements: 70

1

Here is a MS whitepaper detailing the requirements for Kernel mode interaction with User Mode. That is, how to call Win32 API (FindFirstFile/FindNextFile) from the kernel.

The kernel mode functions that are required to implement FindFirstFile/FindNextFile equivalent are as follows:

RtlInitUnicodeString
NtCreateFile
NtCreateEvent
NtQueryDirectoryFile
NtWaitForSingleObject
RtlUnicodeStringToAnsiString
NtClose

Also, keep in mind that you'll have to define all the required structs etc. and there are a lot of them.

Junior Poster

185 posts since Feb 2008

Reputation Points: 35

Solved Threads: 24

Skill Endorsements: 0

0

Body I have tried this but I got error ( "Winternel.h" No such file or directory ) even though I have already WinDDK installed so why I have this message

Junior Poster in Training

52 posts since Mar 2012

Reputation Points: 10

Solved Threads: 0

Skill Endorsements: 0

1

Body I have tried this but I got error ( "Winternel.h" No such file or directory ) even though I have already WinDDK installed so why I have this message

You are getting this message because you have not downloaded and installed the latest Windows 7 SDK

The Winternl.h header file is included in the SDK.

Junior Poster

185 posts since Feb 2008

Reputation Points: 35

Solved Threads: 24

Skill Endorsements: 0

0

Thanx

Junior Poster in Training

52 posts since Mar 2012

Reputation Points: 10

Solved Threads: 0

Skill Endorsements: 0

0

Dear BobS0327, I have download it and install it but when I am using VS 2008 visual ddk the problem stay same and when I use VS 2010 visual ddk I got alot of error in "winternl.h", what's going on?????
Though, I am using windows xp.

Junior Poster in Training

52 posts since Mar 2012

Reputation Points: 10

Solved Threads: 0

Skill Endorsements: 0

0

Well, the Windows SDK for Windows 7 has the Winternl.h file in the c:\Programs (x86)\Microsoft SDKs\Windows\v70a\Include folder.

Junior Poster

185 posts since Feb 2008

Reputation Points: 35

Solved Threads: 24

Skill Endorsements: 0

0

But I am using windows xp and I know this folder where he is. And I have include it in VS 2008 and VS 2010 but I have same error.

Junior Poster in Training

52 posts since Mar 2012

Reputation Points: 10

Solved Threads: 0

Skill Endorsements: 0

0

I am assuming that you have determined that the winternl.h header file does reside on your hard drive and that you are using a Visual Studio project to build your application. With that said, you must add the full (complete) path of the folder that contains winternl.h to your project. It is added to the "Include Directories" field which is located within the property page of the project.

Junior Poster

185 posts since Feb 2008

Reputation Points: 35

Solved Threads: 24

Skill Endorsements: 0

0

I have did that already before you tald me, but the problem stay same.
However, my problem split into 2 : the first in VS 2008 I got message contains "no such file or directory" and the second in VS 2010 I got alot of errors no one of them contains the privous message, I am assuming that the sdk last version did not work with VS 2008, it works with VS 2010 but I got alot alot of errors, here are the errors that I have got:
Error 1 error C2146: syntax error : missing ';' before identifier 'ContextRecord' c:\programfiles\microsoftsdks\windows\v7.0a\include\winnt.h 6361 1 test

Error 2 error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\program files\microsoft sdks\windows\v7.0a\include\winnt.h 6361 1 test
Error 3 error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\program files\microsoft sdks\windows\v7.0a\include\winnt.h 6361 1 test

Error 4 error C2065: 'PCONTEXT' : undeclared identifier c:\program files\microsoft sdks\windows\v7.0a\include\winnt.h 12983 1 test
Error 5 error C2146: syntax error : missing ')' before identifier 'ContextRecord' c:\program files\microsoft sdks\windows\v7.0a\include\winnt.h 12984 1 test

Warning 6 warning C4229: anachronism used : modifiers on data are ignored c:\program files\microsoft sdks\windows\v7.0a\include\winnt.h 12984 1 test
Error 7 error C2182: 'RtlCaptureContext' : illegal use of type 'void' c:\program files\microsoft sdks\windows\v7.0a\include\winnt.h 12984 1 test

Error 8 error C2491: 'RtlCaptureContext' : definition of dllimport data not allowed c:\program files\microsoft sdks\windows\v7.0a\include\winnt.h 12984 1 test
Error 9 error C2059: syntax error : ')' c:\program files\microsoft sdks\windows\v7.0a\include\winnt.h 12984 1 test

Error 10 error C2143: syntax error : missing ';' before '__stdcall' c:\program files\microsoft sdks\windows\v7.0a\include\winnt.h 13372 1 test
Error 11 error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\program files\microsoft sdks\windows\v7.0a\include\winnt.h 13372 1 test

Error 12 error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\program files\microsoft sdks\windows\v7.0a\include\winnt.h 13376 1 test
Error 13 error C3861: '__readfsdword': identifier not found c:\program files\microsoft sdks\windows\v7.0a\include\winnt.h 14982 1 test

these errors in VS 2010

Junior Poster in Training

52 posts since Mar 2012

Reputation Points: 10

Solved Threads: 0

Skill Endorsements: 0

0

You really shouldn't be using the winternl.h header file. Here is the warning found in the winternl.h file:

/************************************************************************
* *
* winternl.h -- This module defines the internal NT APIs and data *
* structures that are intended for the use only by internal core *
* Windows components. These APIs and data structures may change *
* at any time. *
* *
* These APIs and data structures are subject to changes from one *
* Windows release to another Windows release. To maintain the *
* compatiblity of your application, avoid using these APIs and *
* data structures. *
* *
* The appropriate mechanism for accessing the functions defined in *
* this header is to use LoadLibrary() for ntdll.dll and *
* GetProcAddress() for the particular function. By using this *
* approach, your application will be more resilient to changes *
* for these functions between Windows releases. If a function *
* prototype does change, then GetProcAddress() for that function *
* might detect the change and fail the function call, which your *
* application will be able to detect. GetProcAddress() may not *
* be able to detect all signature changes, thus avoid using these *
* internal functions. Instead, your application should use the *
* appropriate Win32 function that provides equivalent or similiar *
* functionality. *
* *
* Copyright (c) Microsoft Corp. All rights reserved. *
* *
************************************************************************/

IMHO, your errors are caused by the inappropriate use of the winternl.h and/or other headers that are related to the undocumented functions.

Please refer to this link for an example of how to create your own header file for the undocumented functions etc. Refer to test.h. Essentially, what you want to do is just create a header file containing only the undocumented declarations that are required for your application.

The InitializeNativeFunctions in that thread gives you an example of how to use LoadLibrary for loading the undocumented funtions. This is the method suggested by MS in the above warning.

Junior Poster

185 posts since Feb 2008

Reputation Points: 35

Solved Threads: 24

Skill Endorsements: 0

0

Thank you borther, that was very helpful I will tried and I will reply you if any problem occured.
Thanx again.