I'm attempting to replace some legacy DefineDosDevice userspace code (which doesn't work on Vista with Administrator users due to the fact that the elevated and normal session are represented by different DosDevice stores, therefore creating the rather strange scenario that the drive is visible if created from unelevated processes, but invisible if created from an elevated process).
The replacement for this, as I've found out through examining the Truecrypt source and this WDM sample is to issue IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION messages to mountmgr.sys and then IOCTL_MOUNTMGR_CREATE_POINT / IOCTL_MOUNTMGR_DELETE_POINT.
So this is what I'm doing - my code looks like this:
Firstly, various locals:
NTSTATUS ntStatus;
PDEVICE_EXTENSION device_extension;
UNICODE_STRING uVolumeName;
ULONG mntNameLen = 0;
ULONG mntPointLen = 0;
PMOUNTMGR_TARGET_NAME mntName = NULL;
PMOUNTMGR_CREATE_POINT_INPUT mntPoint = NULL;
Then, I construct and make my two requests. The first fails with the above status code. The second fails with a different status code (but isn't expected to work if the first fails).
mntNameLen = sizeof(MOUNTMGR_TARGET_NAME) + device_extension->sDevName.Length;
mntName = ExAllocatePool(PagedPool, mntNameLen);
mntName->DeviceNameLength = device_extension->sDevName.Length;
RtlCopyMemory(mntName->DeviceName, device_extension->sDevName.Buffer,
mntName->DeviceNameLength);
ntStatus = MakeDeviceIoRequest (MOUNTMGR_DEVICE_NAME,
IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION,
mntName, mntNameLen, 0, 0);
mntPointLen = sizeof(PMOUNTMGR_CREATE_POINT_INPUT) +
device_extension->sDevName.Length + uVolumeName.Length;
mntPoint = ExAllocatePool(PagedPool, mntPointLen);
mntPoint->SymbolicLinkNameOffset = sizeof (MOUNTMGR_CREATE_POINT_INPUT);
RtlCopyMemory(&mntPoint+mntPoint->SymbolicLinkNameOffset,
uVolumeName.Buffer, uVolumeName.Length * sizeof(WCHAR));
mntPoint->SymbolicLinkNameLength = uVolumeName.Length;
mntPoint->DeviceNameOffset = mntPoint->SymbolicLinkNameOffset +
mntPoint->SymbolicLinkNameLength;
RtlCopyMemory(&mntPoint+mntPoint->DeviceNameOffset,
device_extension->sDevName.Buffer, device_extension->sDevName.Length);
mntPoint->DeviceNameLength = device_extension->sDevName.Length;
ntStatus = MakeDeviceIoRequest(MOUNTMGR_DEVICE_NAME,
IOCTL_MOUNTMGR_CREATE_POINT, mntPoint,
mntPointLen, 0, 0);
Then I create the symbolic link \GLOBAL??\L: -> \Device\DeviceName
ntStatus = IoCreateSymbolicLink(&uVolumeName, &(device_extension->sDevName));
DbgPrint("Mapped %wZ -> %wZ\n", &uVolumeName, &(device_extension->sDevName));
RtlFreeUnicodeString(&uVolumeName);
if ( mntName != NULL )
{
ExFreePool(mntName);
}
if ( mntPoint != NULL)
{
ExFreePool(mntPoint);
}
However, the ntStatus response from the mount manager is 0xC0000010 STATUS_INVALID_DEVICE_REQUEST; my device string is of the form \Device\DevName and responds to each of:
and a list of other IOCTLs expected for a storage device. However, I have breakpoints set on all these routines and none of them are reached.
My Device is created via this little snippet:
// Security descriptor
RtlInitUnicodeString(&sddl,
_T("D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;GA;;;BU)(A;;GA;;;WD)"));
// named device
status = IoCreateDeviceSecure(
DriverObject,
sizeof(DEVICE_EXTENSION),
&device_name, // \Device\DeviceName
DeviceType, // valid devicetype.
0,
FALSE,
&sddl, // security descriptor
NULL, // no idea what this does.
&device_object // output device object.
);
So, then, down to some questions:
IoCallDriver and I'm reasonably confident that is not the problem.CreateDevice a problem? I ask because I read this blog post which implies something about device names, FDOs and PDOs that I honestly don't quite understand.Notes: I have some restrictions. The code I am building on top of is fairly legacy, so I'm including ntddk.h and wdmsec.h; I can't change these to wdm.h or ntifs.h at this stage.
Before diving into this any further, is there any chance you can move your calls to DefineDosDevice into a service? Calling it from a service puts the link in the Global directory, which will entirely get rid of the aliasing issue that you have.
If you can't do that, my first guess is that you're not handling some other required mount manager IOCTL. I know you have breakpoints on all of the specific IOCTLs, but do you have a breakpoint in your default handler? Usually that's where STATUS_INVALID_DEVICE_REQUEST comes from.