我想將設備路徑轉換爲文件路徑。從NT獲取文件路徑/設備名稱
我想通過進程ID獲取進程的名字,所以我用這個代碼
PsLookupProcessByProcessId(processId,&pEProcess);
ObOpenObjectByPointer(pEProcess,
OBJ_KERNEL_HANDLE,
NULL,
0,
NULL,
KernelMode,
&hProcess);
ObDereferenceObject (pEProcess);
nts = ZwQueryInformationProcess (hProcess,27,0,0,&ulSize);
但它給路徑\Device\hardDiskVolume1\windows\system32\taskmgr.exe
但我想這是一個普通的文件名C:\windows\system32\taskmgr.exe
Dobb博士的文章(Jim Conyngham的NT Handle-to-Path Conversion)描述了一種從句柄到DOS路徑名的方法:請參閱GetFileNameFromHandleNT()的listing。
就你而言,由於你已經擁有設備路徑,所以你不需要該代碼的起始部分來完成句柄到存儲器映射到設備路徑的工作。
// From device file name to DOS filename
BOOL GetFsFileName(LPCTSTR lpDeviceFileName, CString& fsFileName)
{
BOOL rc = FALSE;
TCHAR lpDeviceName[0x1000];
TCHAR lpDrive[3] = _T("A:");
// Iterating through the drive letters
for (TCHAR actDrive = _T('A'); actDrive <= _T('Z'); actDrive++)
{
lpDrive[0] = actDrive;
// Query the device for the drive letter
if (QueryDosDevice(lpDrive, lpDeviceName, 0x1000) != 0)
{
// Network drive?
if (_tcsnicmp(_T("\\Device\\LanmanRedirector\\"), lpDeviceName, 25) == 0)
{
//Mapped network drive
char cDriveLetter;
DWORD dwParam;
TCHAR lpSharedName[0x1000];
if (_stscanf( lpDeviceName,
_T("\\Device\\LanmanRedirector\\;%c:%d\\%s"),
&cDriveLetter,
&dwParam,
lpSharedName) != 3)
continue;
_tcscpy(lpDeviceName, _T("\\Device\\LanmanRedirector\\"));
_tcscat(lpDeviceName, lpSharedName);
}
// Is this the drive letter we are looking for?
if (_tcsnicmp(lpDeviceName, lpDeviceFileName, _tcslen(lpDeviceName)) == 0)
{
fsFileName = lpDrive;
fsFileName += (LPCTSTR)(lpDeviceFileName + _tcslen(lpDeviceName));
rc = TRUE;
break;
}
}
}
return rc;
}