can somebody please explain difference between those two terms, when I'm trying to print
structs from Win32_AllocatedResource() I can find pnp device id (something like PCI\\VEN_...)
and when I'm trying to print structs from Win32_IDEControllerDevice() I can find device id (something like IDE\\CDROM...)
but what is the difference why do I need both of them? thanks in advance
Win32_AllocatedResource gives you the assignment of a given resource (e.g. a DMA starting address) to some "device" (or "object"), which when ResultClass = Win32_IDEController, is the controller.
Win32_IDEControllerDevice gives you the list of "devices" (or "object") that are connected to a certain controller, the Antecedent key is the DeviceID of the controller whereas the Dependent key is the DeviceID of the storage unit.
Related
I have driver, that construct and return some data on IRP_MJ_READ request.
I use some symbolic link to open and read device, associated with driver.
The symbolic link is something like \\DosDevice\\Name1.
I want to use same device to get another data from same driver.
How can driver determine, which type of data it would return?
I think, if this is some way to use another symbolic link (for example: \\DosDevice\\Name2) to the same device for split requests for first type of data and requests for second type?
Else if this another way, to pass some identifying information together with thre IRP_MJ_READ?
no, you can not determinate which symbolic links used and are it used at all for open file on your device. and you not need try do this at all. this is wrong way.
when user open file on your device it specify some file name. and you can and must use this name - based on it - return different content on IRP_MJ_READ.
say your device named as \Device\MyDevice. user can open file, for example, with next names : "\Device\MyDevice", "\Device\MyDevice\" "\Device\MyDevice\Name1", "\Device\MyDevice\Name2". as result you, in your IRP_MJ_CREATE will be view next FileObject names : "", "\","\Name1","\Name2" and you, base on file name, can associate different context with file object and then use this context in IRP_MJ_READ and another points. also user can pass additional information on create by using Extended Attributes (EA) and AllocationSize
and as general note - for what use symbolic links to device at all ? why not open it direct by name ? and use IRP_MJ_READ exist sense only if you can handle this request asynchronous or pass IRP to lower driver. in case, if you always synchronous complete request - much more better use FastIoRead handler
also instead on handle read request based on file name, you can use parameters: are you using ByteOffset now ? if not you can use it for distinguish. if you use ByteOffset now, are Key parameter in use ? almost sure that no. in this case you can for Key==0 return some data, for Key==1, some another data, and so on. for use Key you need use NtReadFile instead of ReadFile in user mode.
also you can use IOCTL instead read file for return data, etc. without more knowledge about your driver and it communication with user mode hard say which is better. but formal answer - you can and need use FileName for distinguish which data need return on read
Outlook COM has a method under Application.Session.GetAddressEntryFromID method to grab an address entry without having to iterate through the entire Global or All Users address book.
The issue is it is expecting the ID that an entry has under the AddressLists object.
In Active Directory, there is no equivalent that gives me the same GetAddressEntryFromId string.
I was previously making a list of all users, minus rooms and resources, by going through the entire COM object, but that takes too long; 20mins.
I figured if I use AD, which is faster, with filters to find the users, then I can grab the GUID and when looking for info on the user, not have to go through the entire COM object to grab it, but it will happen locally to the executable being run.
The issue I am having, as an example, is that I have a user with the following ID;
00000000DCA740C8C042101AB4B908002B2FE18201000000000000002F6F3D45766572657374205265696E737572616E63652F6F753D436F72702D48512F636E3D526563697069656E74732F636E3D6A6E6700
In AD the msExchMailboxGuid has a value of
{4A49BD1C-62AE-4674-B097-C06528BDBEAE}
Not sure if these are the same, but I need to learn to better save it.
What else can I use, what can I do with the current time?
GAL entry id is constructed from the EX address (which is stored in the legacyDN attribute).
The entry id you have above contains the following:
Now, I know the an Avaya switch product "ERS 5510-24T", how can I find the Object identifier for the product without using sysObjectID? Because before use snmpget to get the OID, we need have static list that use to map the OID, and then we know what the product is.
You have to use sysObjectID for proper network discovery. There is no other way around to identify the device/equipment via SNMP. The target OID is a part RFC1213 (MIB-II)
Object Name: sysObjectID
Object ID: 1.3.6.1.2.1.1.2.0
Object Syntax: OBJECT IDENTIFIER
Object Access: read-only
Object Status: mandatory
Object Description: The vendor's authoritative identification of the
network management subsystem contained in the
entity. This value is allocated within the SMI
enterprises subtree (1.3.6.1.4.1) and provides an
easy and unambiguous means for determining `what
kind of box' is being managed. For example, if
vendor `Flintstones, Inc.' was assigned the
subtree 1.3.6.1.4.1.4242, it could assign the
identifier 1.3.6.1.4.1.4242.1.1 to its `Fred
Router'.
You can use the following command from Net-SNMP package to get the value via SNMPv2C directly from device/equipment:
snmpget -v2c -c public device_addr 1.3.6.1.2.1.1.2.0
The vendors usually have a MIB that identifies its products. For Avaya I found the G3-AVAYA-MIB with some product OIDs, and the Nortel S5-REG-MIB which seems to be more appropriate. If you want to support a vendor, you'll have to search for the OIDs, or ask them.
Mentioned OID is SNMPv2-MIB::sysDescr.0, with numric value .1.3.6.1.2.1.1.1.0
Reference here
Exmaple using MIB name:
snmpget -v2c -c public rb750 SNMPv2-MIB::sysDescr.0 -On
Output
.1.3.6.1.2.1.1.1.0 = STRING: Some device
Exmaple using OID:
snmpget -v2c -c public rb750 .1.3.6.1.2.1.1.1.0
Output
SNMPv2-MIB::sysDescr.0 = STRING: Some device
GET sysObjectId.0 (1.3.6.1.2.1.1.2.0)
From that, you get what looks like on OID. The sixth (zero based!) element of that is the enterprise id.
Now you can zero in on the model, firmware, serial number, etc. of the device.
I use a map from enterprise Id to a collection of OIDs yanked from MIBs for this and I just keep tossing OIDs at the device until it likes one of them.
For example, if I know it's ZyXEL and I want to know the serial number I try these until one hits.
("ZyXEL Communications Corp.",
Seq(".1.3.6.1.4.1.890.1.15.3.82.2.10.0",
".1.3.6.1.4.1.890.1.5.8.55.1.10.0",
".1.3.6.1.4.1.890.1.5.8.18.1.10.0",
".1.3.6.1.4.1.890.1.5.8.19.1.10.0",
".1.3.6.1.4.1.890.1.5.8.16.1.10.0",
".1.3.6.1.4.1.890.1.15.3.1.12.0",
".1.3.6.1.4.1.890.1.5.8.59.1.10.0",
".1.3.6.1.4.1.890.1.5.8.60.1.10.0",
".1.3.6.1.4.1.890.1.5.8.56.1.10.0",
".1.3.6.1.4.1.890.1.5.8.21.1.10.0",
".1.3.6.1.4.1.890.1.5.8.27.1.10.0",
".1.3.6.1.4.1.890.1.5.8.73.1.10.0",
".1.3.6.1.4.1.890.1.5.8.53.1.10.0",
".1.3.6.1.4.1.890.1.5.8.23.1.10.0",
".1.3.6.1.4.1.890.1.5.8.72.1.10.0",
".1.3.6.1.4.1.890.1.5.8.12.1.10.0",
".1.3.6.1.4.1.890.1.5.8.20.1.10.0",
".1.3.6.1.4.1.890.1.5.8.68.1.10.0",
".1.3.6.1.4.1.890.1.5.12.47.1.10.0",
".1.3.6.1.4.1.890.1.5.8.46.1.10.0")),
Within the Windows 7 Object Manager system, objects are created to serve a specific purpose.
So for instance devices are by the _device_object structure
Drivers use the _driver_object structure
However, I'm trying to determine which structure is used for objects of the type 'Key', which are objects that represent opened registry keys.
I know that the _file_object structure is used to represent most things, but from what I've seen I don't think it's used to represent Key objects.
If anyone has any information, I'd greatly appreciate it.
Thanks
---UPDATE---
Thanks to sergmat for his quick answer. It seems the structure I was looking for was _CM_KEY_BODY
lkd> dt nt!*cm*key*
ntkrnlmp!_CM_KEY_HASH_TABLE_ENTRY
ntkrnlmp!_CM_KEY_SECURITY_CACHE_ENTRY
ntkrnlmp!_CM_KEY_CONTROL_BLOCK
ntkrnlmp!_CM_KEY_HASH
ntkrnlmp!_CM_KEY_SECURITY_CACHE
ntkrnlmp!_CM_KEY_BODY
ntkrnlmp!_CM_KEY_NODE
ntkrnlmp!_CM_KEY_VALUE
ntkrnlmp!_CM_KEY_SECURITY
ntkrnlmp!_CM_KEY_INDEX
ntkrnlmp!_CM_KEY_REFERENCE
Description in Windows Internals 6-1
WinAPI's GetAdaptersInfo() fills structure AdapterInfo which has field called AdapterName. What does this field mean? What's the point in it? In my case it holds string "{C01E7744-531D-401F-8EA6-D76D3AF35555}" (including curly braces).
P.S.: beside AdapterName there is pretty clear (for me) field called Description with value (in my case):
"Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC - VirtualBox Host Interface Networking Driver Miniport"
what makes me even more confused with AdapterName.
Looks like it's just a GUID that windows assigns to the adapter, probably as a unique identifier that you can use in some other API call to reference that adapter specifically. For example GetAdapterIndex.
Most IP helper functions seem to take an adapter index, but if you had an app that manipulated network adapters, you probably wouldn't want to store the index of a specific adapter in your app as that could change when adapters are added or removed. So you would store the name of the adapter, then use GetAdapterIndex to get the index for it when needed.
Its formatted like so
GetAdapterIndex(L"\\device\\tcpip_{FD2046B5-1DA0-40A2-9F28-DE4D6F0EBE22}", &index);
I have no idea where this is actually documented officially but found it sourced here: https://chromium.googlesource.com/external/qemu/+/refs/heads/master/qga/commands-win32.c
Description is the user-friendly name associated with AdapterName.
Sources:
http://www.delphigroups.info/2/8/215347.html