October 1997/Using NT's Undocumented Object Manager Interface/Listing 2
//
// Author: Dieter Spaar <[email protected]>
// June 1997
#define _X86_ 1 // otherwise lots of symbols
// in NTDDK.H are not defined
// MS format extensions for printf function family
// (may not work with other compilers)
//
// %Z parameter is PANSI_STRING
// %wZ parameter is PUNICODE_STRING
#include <ntddk.h>
#include <stdio.h>
#include "objlst.h"
void DumpAllObjects(WCHAR *pszDir)
{
HANDLE hObj, hLink;
NTSTATUS ntStatus, ntStatusTmp;
OBJECT_ATTRIBUTES ObjectAttributes;
POBJDIR_INFORMATION DirObjInformation;
UNICODE_STRING UName;
char szData[1024*2];
char szBuf[1024*2];
WCHAR szLinkName[1024];
ULONG dw;
char szIdentBuf[100];
ULONG index;
static int iLevel = 0;
// set indent of current level
memset(szIdentBuf, ' ', iLevel * 3);
szIdentBuf[iLevel * 3] = 0;
// open directory object
RtlInitUnicodeString(&UName, pszDir);
InitializeObjectAttributes (
&ObjectAttributes,
&UName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL );
ntStatus = NtOpenDirectoryObject(
&hObj,
STANDARD_RIGHTS_READ |
DIRECTORY_QUERY,
&ObjectAttributes);
if(NT_SUCCESS(ntStatus))
{
index = 0; // start index
do
{
memset(szData, 0, sizeof(szData));
DirObjInformation = (POBJDIR_INFORMATION)&szData;
ntStatus = NtQueryDirectoryObject(
hObj,
DirObjInformation,
sizeof(szData),
TRUE, // get next index
FALSE, // don't ignore index input
&index,
&dw); // can be NULL
if(NT_SUCCESS(ntStatus))
{
szBuf[0] = 0;
if(wcscmp(DirObjInformation->ObjectTypeName.Buffer,
L"SymbolicLink") == 0)
{
// handle symbolic links
// concatenate directory and name, insert \ if needed
if(wcslen(pszDir) &&
pszDir[wcslen(pszDir) - 1] == (WCHAR)'\\')
{
swprintf(szLinkName, L"%s%wZ", pszDir,
&DirObjInformation->ObjectName);
}
else
{
swprintf(szLinkName, L"%s\\%wZ", pszDir,
&DirObjInformation->ObjectName);
}
// open sysmbolic link object
RtlInitUnicodeString(&UName, szLinkName);
InitializeObjectAttributes (
&ObjectAttributes,
&UName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
ntStatusTmp = NtOpenSymbolicLinkObject(
&hLink,
SYMBOLIC_LINK_QUERY,
&ObjectAttributes);
if(NT_SUCCESS(ntStatusTmp))
{
UName.Length = 0;
UName.MaximumLength = sizeof(szLinkName);
UName.Buffer = szLinkName;
ntStatusTmp = NtQuerySymbolicLinkObject(
hLink,
&UName,
&dw); // can be NULL
if(NT_SUCCESS(ntStatusTmp))
sprintf(szBuf, "--> '%wZ'", &UName);
else
printf("NtQuerySymbolicLinkObject = 0x%lX\n",
ntStatusTmp);
NtClose(hLink);
}
else
printf("NtOpenSymboliclinkObject = 0x%lX\n",
ntStatusTmp);
}
// print information for one object
printf("%s%-15wZ '%wZ' %s\n", szIdentBuf,
&DirObjInformation->ObjectTypeName,
&DirObjInformation->ObjectName,
szBuf);
if(wcscmp(DirObjInformation->ObjectTypeName.Buffer,
L"Directory") == 0)
{
// handle directories
iLevel++;
// concatenate directory and name, insert \ if needed
if(wcslen(pszDir) &&
pszDir[wcslen(pszDir) - 1] == (WCHAR)'\\')
{
swprintf((WCHAR*)szBuf, L"%s%wZ", pszDir,
&DirObjInformation->ObjectName);
}
else
{
swprintf((WCHAR*)szBuf, L"%s\\%wZ", pszDir,
&DirObjInformation->ObjectName);
}
// recurse into next directory
DumpAllObjects((WCHAR*)szBuf);
iLevel--;
}
}
else if(NT_ERROR(ntStatus))
printf("NtQueryDirectoryObject = 0x%lX (%S)\n", ntStatus,
pszDir);
}
while(NT_SUCCESS(ntStatus));
NtClose(hObj);
}
else
printf("NtOpenDirectoryObject = 0x%lX (%S)\n", ntStatus,
pszDir);
}
int main(int argc, char **argv, char **envp)
{
WCHAR szBuf[1024*2];
if(argc == 1) // no parameter, start at root
DumpAllObjects(L"\\");
else
{
swprintf(szBuf, L"%S", argv[1]); // convert to UNICODE
DumpAllObjects(szBuf);
}
return 0;
}
//End of File
