I can open, close, create files and directories using the Zw* functions available for Windows Kernel services. I can even open the underlying symbolic link object using ZwOpenSymbolicLinkObject, but I can't seem to actually make symbolic links.
It seems this level of the API is not aware of symbolic links, so how would I go about using this (filesystem!) feature without the Win32 API?
There isn't direct API to create reparse points.
You need to use ZwFsControlFileZwFsControlFile() to send FSCTL_SET_REPARSE_POINT ioctl with appropriate input buffers and parameters.
Don't have example though!
Related
I was reading through Windows process APIs, and was left with three questions:
What is the difference between base APIs and shell APIs? I read that shell APIs wrap base APIs e.g. ShellExecute() and ShellExecuteEx() wrap CreateProcess() but fail to understand the distinction.
How are base APIs and Shell APIs different from CRT functions (C Runtime). As again, exec() and spawn() CRT functions wrap CreateProcess() of the base API.
I understand that I can use base APIs and CRT functions from code directly by compiling and linking with the correct header files. How do I make use of Shell APIs?
1) What is the difference between base API's and shell API's?
They do different things. ShellExecute family does things in the same way as the shell, i.e. in the same way as windows explorer. It is not simply a wrapper around CreateProcess. For example, if you pass to ShellExecute the path to a word document, ShellExecute will look up in the registry to find out what is the correct way to open a word document, and do that.
ShellExecute can also do the other "verbs" you see on the Windows context menu, such as edit, print, etc.
2) How are base API's and Shell API's different from CRT functions
CRT functions are implemented on Windows so as to be compatible with the C standard. They are wrappers around CreateProcess, but the reason they exist is to be compatible not to offer additional functionality.
3) How do I make use of Shell API's
To use the shell APIs you simply include the header files and link the correct library, just as with any other API.
For example, ShellExecute:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb762153(v=vs.85).aspx
As you see at the bottom of the page it tells you which file to include and which library to link against.
Requirements
Minimum supported client: Windows XP [desktop apps only]
Minimum supported server: Windows 2000 Server [desktop apps only]
Header: Shellapi.h
Library: Shell32.lib
DLL: Shell32.dll (version 3.51 or later)
Unicode and ANSI names: ShellExecuteW (Unicode) and ShellExecuteA
(ANSI)
The shell (aka Windows Explorer) adds an extra layer of functionality. It manages file associations, it knows what EXE should be started when you ask it to "run" a document. If you pass the name of, say, a .html file then ShellExecuteEx() can figure out that a browser needs to be started. It also supports verbs, different things you can do with a document. Other than "open", the default verb, the "print" and "edit" verbs are common for example.
That's missing from CreateProcess(), it only knows how to start an executable file. Still with lots of options, review the MSDN docs for the security attributes and creation flag options.
Lots of those whistles are missing from the CRT functions, they work on any operating system so you cannot do much beyond specifying the executable name and the command line arguments.
Is it possible to create a new, arbitrary, file namespace scheme in Windows?
As best I understand, Windows currently understands two or three file system or file-system-like namespace schemes:
The namespace scheme we all know and love, eg, C:\path\to\file.
UNC paths, eg, \\server\path\to\file
One, perhaps uncommon scheme - the Windows NT Object Manager, eg, \\.\Device\COM1 - see WinObj on SysInternals, usually accessed by programs by calling CreateFile, though this is not really a file system.
Is it possible to implement a custom namespace scheme that would be universally, automatically used by the rest of the operating system? Perhaps a filter driver or some other specialized kernel-mode driver? I'm out of my league here, but I'm genuinely curious.
I don't have anything concrete, but lets say I wanted to implement a kernel driver that, not only understands how to read and write OpenVMS file systems, but also implements some sort of filter driver so that userland programs could use standard File-11 syntax to access such a filesystem.
For example, an existing program calls OpenFile("[DIR1.DIR2.DIR3]FILE.EXT;10"); and somehow a custom handler deals with it transparently, and lo, notepad can read and write VMS files. More importantly, perhaps, some ported program that expects OpenVMS File-11 path strings just works. Simply mapping the OpenVMS file system into the regular windows file system as D:\dir1\dir2\file.ext would be insufficient.
I should clarify that my OpenVMS reference is just an example; I'd be looking for a more generic solution. This could be for OpenVMS File-11, MVS, standard unix syntax ala /path/to/thing, or something I just cooked up myself.
I'm aware of shell-based namespace extensions, and compatibility layers like cygwin, but that's not what I'm looking for.
So SO, what do you think? Is this possible? Where do you start?
What are the differences, and in what cases one or the other would prove superior in some way?
First of all the function fopen can be used only for simple portable operations with files.
CreateFile on the other side can be used not only for operations with files, but also with directories (with use of corresponding options), pipes and various Windows devices.
CreateFile has a lot of additional useful switches, like FILE_FLAG_NO_BUFFERING, FILE_ATTRIBUTE_TEMPORARY and FILE_FLAG_SEQUENTIAL_SCAN, which can be very useful in different scenarios.
You can use CreateFile with a filename longer that MAX_PATH characters. It can be important for some server applications or ones which must be able to open any file (a virus scanner or a backup application for example). This is enabled by using namespace semantics, though this mode has its own concerns, like ability to actually create a file named ".." or L"\xfeff\x20\xd9ab" (good luck trying to delete them later).
You can use CreateFile in different security scenarios. I mean not only usage of security attributes. If current process has SE_BACKUP_NAME or SE_RESTORE_NAME privilege (like Administrators typically have) and enable this privilege, one can use CreateFile to open any file also a file to which you have no access through security descriptor.
If you only want to read the content of a file, you can use CreateFile, CreateFileMapping and MapViewOfFile to create file mapping. Then you can work with a file as with a block of memory, which can possibly increase your application's speed.
There are also other uses of the function, which are described in detail in the corresponding MSDN article.
So I can summarize: only if you have a hard portability requirements or if you need to pass a FILE* to some external library, then you have to use fopen. In all other cases I would recommend you to use CreateFile.
For best results, I would also advise to learn Windows API specifically, as there are many features that you can find a good use for.
UPDATED: Not directly related to your question, but I also recommend you to take a glance at transactional I/O functions which are supported starting with Windows Vista. Using this feature, you can commit a bunch of operation with files, directories or registry as one transaction that cannot be interrupted. It is a very powerful and interesting tool. If you are not ready now to use the transactional I/O functions, you can start with CreateFile and port your application to transactional I/O later.
That really depends on what type of program you are writing. If it is supposed to be portable, fopen will make your life easier. fopen will call CreateFile "behind the scenes".
Some more advanced options (cache control, file access control, etc) are only available if you are using the Win32 API (they depend on the Win32 file handle, as opposed to the FILE pointer in stdio), so if you are writing a pure Win32 application, you may want to use CreateFile.
CreateFile lets you
Open file for asynchronous I/O
Pass optimization hints like FILE_FLAG_SEQUENTIAL_SCAN
Set security and inherit settings without threading issues
They don't return the same handle type, with fopen/FILE object you can call other runtime functions such as fputs (as well as converting it to a "native" file handle)
Whenever possible, prefer object oriented wrappers that support RAII, like fstream or boost file IO objects.
You should, of course, care about the share mode, so fopen() and STL are insufficient.
Simple question here (though perhaps not such a simple answer):
Is it possible to specify a path for an (existing) named pipe that can be used by programs as if they were opening on a normal file?
According to this MSDN page, name pipes on the local computer can be referrenced using the following path syntax: \\.\pipe\PipeName, yet I'm having no luck using this from standard Windows programs.
As a side point, if anyone has any suggestions for interfacing with programs that are only capable of using the file-system in a more efficient manner than physical I/O (e.g. named pipes), I would be glad to take them.
It would only work if the programs are using the Win32 API CreateFile() function to open the files.
Is it possible to hook into Windows loading or saving files (no matter how the file is opened like notepad word etc.) to modify the file on the fly?
For example to encode/decode it on the fly?
Would code need administrative permissions to launch?
You probably will have to write a driver. See if you can get a hold of Filemon's source, there is a lot to learn there.
You could also use something like madCodeHook to intercept file read/writes and to install your dll into every process. I've used this technique to record print jobs for billing purposes.
Yes, you need to write an Installable File System driver. The Installable File System Kit from Microsoft contains a couple of sample drivers, including the one used by Filemon. Unfortunately, I do not believe you can access those API's without the IFS Kit.
avoid madCodeHook (not profesdional)
use standard api hooking mechanisms (Richter and Microsoft D mainly)