Results 1 to 4 of 4

Thread: UniToBSCPath problem

  1. #1
    philip
    Guest

    UniToBSCPath problem

    I'm having a problem calling UniToBSCPath in my Vxd. I'm hooking a file operation. Looking at the ioreq structure to see what file is trying to be written to. But I keep on getting a crash in the Vxd call UniToBCSPath.

    But one of the values I'm passing to the UniToBCSPath (ptr to unicode path name) is all wrong. I've traced in Softice:

    mov eax, dword ptr [ebp+28d]
    mov eax, dword ptr [eax+12d]
    add eax,4

    should give me ptr to Unicode name right? It gives me something like 0FFFFFBBFh, which it then proceeds to crash on.

    What is wrong? Any help much appreciated, as it's driving me nuts. This is the hook (set in place by a previous InstallFileSystemApiHook)

    hook:
    push ebp
    mov ebp,esp
    sub esp,60h ;plenty of room
    ....
    cmp busy,1
    je exit_hook
    cmp dword ptr [ebp+0Ch], IFSFN_WRITE
    je WRITE_OPERATION
    ....
    ....
    WRITE_OPERATION:
    mov busy,1
    mov esi,OFFSET32 filename
    push 0
    push 260d
    mov eax, dword ptr [ebp+28d]
    mov eax, dword ptr [eax+12d]
    add eax, 4 ;
    push eax ; push unicode filename --PROBLEM!!!!
    push esi ; destination buffer

    int 20h
    dw UniToBCSPath
    dw IFSMgr

    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    philip
    Guest
    Well I've managed to partially answer my own question. The above code works fine with IFSFN_OPEN instead of ISFN_WRITE. So I guess for a write operation there is no path given. Hence the error. Unfortunately I've got very little documentation on IFSMgr.

    Any info by anyone on the ioreq structure etc would be appreciated. Thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    Hi philip,
    Any info by anyone on the ioreq structure etc would be appreciated.
    Look at this tutorial (written by Lord Julus); it contains some informations about ioreq and ifsmgr:
    http://www.cwizardx.com/vdat/turingrs.htm

    Here, you will find many useful links posted by Kayaker::
    http://www.woodmann.net/forum/showthread.php?threadid=3238

    ZaiRoN

  4. #4
    philip
    Guest
    Thanks for the links, very interesting.

    1)Does anybody have ifs.h btw?

    2) On the off chance anyone can help on this. One way I've seen to get the path (from IFSFN_WRITE), requires the address
    of enum procedure. (Which you obtain from a IFSFN_OPEN)

    The code snippet I've seen for this is:
    ;enumFunc = ifsr.ifs_hndl->hf_misc->hm_func[HM_ENUMHANDLE];

    .if pEnumFunc==0 ;if already got it then skip
    mov esi,ifs_hndl ; esi ptr on hndlfunc struct
    add esi,8h ; esi ptr on ptr to hf_misc
    mov esi,dword ptr [esi] ; esi ptr on hf_misc
    add esi,4 ; esi ptr on hm_func
    add esi,7*4 ; HM_ENUMHANDLE = 7
    mov esi,dword ptr [esi] ; esi = pEnumProc!!
    mov pEnumfunc,esi

    I actually understand the above code after repeatedly wading through MSDN. However....

    ifsr.ifs_hndl is puzzling me.

    I believe it can be obtained from ifs_pfh. I've not got a lot of documentation here, but I believe this field - ifs_pfh (in the ifsreq structure) is dword ptr [eax+74h], where eax is a ptr to the ioreq structure. Anyone know if this is correct? Trouble is using this value gives me a zero value for hf_misc. So something is wrong.

    Any info on ifsreq structure would be appreciated.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Thanks +Tsehp, problem solve Isp problem :)
    By esther in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: October 28th, 2000, 07:29

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •