PPH_STRING DiskDriveQueryDosMountPoints( _In_ ULONG DeviceNumber ) { ULONG driveMask; WCHAR deviceNameBuffer[7] = L"\\\\.\\?:"; PH_STRING_BUILDER stringBuilder; PhInitializeStringBuilder(&stringBuilder, MAX_PATH); driveMask = DiskDriveQueryDeviceMap(); // NOTE: This isn't the best way of doing this but it works. for (INT i = 0; i < 0x1A; i++) { if (driveMask & (0x1 << i)) { HANDLE deviceHandle; deviceNameBuffer[4] = (WCHAR)('A' + i); if (NT_SUCCESS(PhCreateFileWin32( &deviceHandle, deviceNameBuffer, FILE_READ_ATTRIBUTES | SYNCHRONIZE, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT ))) { ULONG deviceNumber = ULONG_MAX; // Note: Do not initialize to zero. DEVICE_TYPE deviceType = 0; if (NT_SUCCESS(DiskDriveQueryDeviceTypeAndNumber( deviceHandle, &deviceNumber, &deviceType ))) { // BUG: Device numbers are re-used on seperate device controllers and this // causes drive letters to be assigned to disks at those same indexes. // For now, just filter CD_ROM devices but we may need to be a lot more strict and // only allow devices of type FILE_DEVICE_DISK to be scanned for mount points. if (deviceNumber == DeviceNumber && deviceType != FILE_DEVICE_CD_ROM) { PhAppendFormatStringBuilder(&stringBuilder, L"%c: ", deviceNameBuffer[4]); } } NtClose(deviceHandle); } } } if (stringBuilder.String->Length != 0) PhRemoveEndStringBuilder(&stringBuilder, 1); return PhFinalStringBuilderString(&stringBuilder); }
PPH_LIST DiskDriveQueryMountPointHandles( _In_ ULONG DeviceNumber ) { ULONG driveMask; PPH_LIST deviceList; WCHAR deviceNameBuffer[7] = L"\\\\.\\?:"; driveMask = DiskDriveQueryDeviceMap(); deviceList = PhCreateList(2); // NOTE: This isn't the best way of doing this but it works. for (INT i = 0; i < 0x1A; i++) { if (driveMask & (0x1 << i)) { HANDLE deviceHandle; deviceNameBuffer[4] = (WCHAR)('A' + i); if (NT_SUCCESS(PhCreateFileWin32( &deviceHandle, deviceNameBuffer, PhGetOwnTokenAttributes().Elevated ? FILE_GENERIC_READ : FILE_READ_ATTRIBUTES | FILE_TRAVERSE | SYNCHRONIZE, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, FILE_OPEN, FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT ))) { ULONG deviceNumber = ULONG_MAX; // Note: Do not initialize to zero. DEVICE_TYPE deviceType = 0; if (NT_SUCCESS(DiskDriveQueryDeviceTypeAndNumber( deviceHandle, &deviceNumber, &deviceType ))) { // BUG: Device numbers are re-used on seperate device controllers and this // causes drive letters to be assigned to disks at those same indexes. // For now, just filter CD_ROM devices but we may need to be a lot more strict and // only allow devices of type FILE_DEVICE_DISK to be scanned for mount points. if (deviceNumber == DeviceNumber && deviceType != FILE_DEVICE_CD_ROM) { PDISK_HANDLE_ENTRY entry = PhAllocate(sizeof(DISK_HANDLE_ENTRY)); memset(entry, 0, sizeof(DISK_HANDLE_ENTRY)); entry->DeviceLetter = deviceNameBuffer[4]; entry->DeviceHandle = deviceHandle; PhAddItemList(deviceList, entry); } } } } } return deviceList; }
PPH_STRING DiskDriveQueryDosMountPoints( _In_ ULONG DeviceNumber ) { ULONG driveMask; PH_STRING_BUILDER stringBuilder; WCHAR devicePath[] = L"\\\\.\\?:"; PhInitializeStringBuilder(&stringBuilder, MAX_PATH); driveMask = DiskDriveQueryDeviceMap(); // NOTE: This isn't the best way of doing this but it works (It's also what Task Manager does). for (INT i = 0; i < 0x1A; i++) { if (driveMask & (0x1 << i)) { HANDLE deviceHandle; devicePath[4] = 'A' + i; if (NT_SUCCESS(PhCreateFileWin32( &deviceHandle, devicePath, FILE_READ_ATTRIBUTES | SYNCHRONIZE, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT ))) { ULONG deviceNumber = ULONG_MAX; // Note: Do not initialize to zero. if (NT_SUCCESS(DiskDriveQueryDeviceTypeAndNumber( deviceHandle, &deviceNumber, NULL ))); { if (deviceNumber == DeviceNumber) { PhAppendFormatStringBuilder(&stringBuilder, L"%c: ", devicePath[4]); } } NtClose(deviceHandle); } } } if (stringBuilder.String->Length != 0) PhRemoveEndStringBuilder(&stringBuilder, 1); return PhFinalStringBuilderString(&stringBuilder); }