Search code examples
winapivisual-c++vb6wdk

Opening a handle to a driver from user mode

I have a driver and I created a symbolic name to it. The symbolic name is ...

L"\\DosDevices\\hook"

When I try to access the device object using CreateFile() from usermode, I always get an error, "The system cannot find the file specified".

I tried using CreateFile() with the following paths ...

"\\.\hook"
"\\Device\\hook"
"\\\\.\\hook"
"\\.\hook"

but it still doesn't work. However if i try the same API call in Visual Basic 6, "\\.\\hook" works correctly, however the documentation says that it should be "\\\\.\\hook". What is the problem here ? What is the purpose of all these "\" and how do i make it work with Visual C++ ?

Solution

  • First comes what Chris was pointing out

    "\\.\hook"       -> "\\\\.\\hook"

    Thus the third variant you gave should have worked. "\\Device\\hook" will most definitely not work with a Win32 API. Those are limited to what's beneath \\DosDevices or \\?? and its variation (per-session namespaces). \\DosDevices and \\?? are usually the same location with one being a symbolic link to the other depending on the exact OS version.

    There are several possible reasons why it fails. One being the namespaces and that you got those wrong. Internally the path \\.\ (I left out the syntactic escaping of backslashes here) translates to \??\, which is done at the boundary between Win32 and native API. The latter path (\??\...) is what the native API and the OS itself understand. Any other reason would require that you post the actual code you are trying to run (the CreateFile call in particular). Thus, more information would be required. One question would be whether you accidentally pass a wide string to an ANSI function and thus end up looking for a path that does not exist. And there are a multitude of other possibilities all of which would be easy to rule out when you post your code.

    \\DosDevices\... as well is the native path to the object. Don't use it from the Win32 API. See DefineDosDevice/QueryDosDevice for a glimpse on the mechanisms underneath.

    For experimentation I recommend WinObj from Sysinternals and to read up the "Windows Internals" series of books or any book on Windows drivers should have a breakdown of the topics.