0

I am trying to rename files from kernel.

with this api https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-zwsetinformationfile

NTSTATUS Files::RenameFile(WCHAR* OriginalName, WCHAR* NewName)
{
// msdn says driver must be at IRQL PASSIVE_LEVEL to make calls to ZwSetInformationFile
    if (KeGetCurrentIrql() != PASSIVE_LEVEL)
    {
        printf("IRQL invalid\n");
        return STATUS_INVALID_LEVEL;
    }

        // Open handle to file , providing OriginalName with full path, example: "\\DosDevices\\C:\\named_file.txt"
        // also to be able to rename files u delete the DELETE permission, but i assume with GENERIC_ALL is already giving me enough of them
    auto FileHandle = Files(OriginalName, Files::OpenExisting, GENERIC_ALL, 0);

    if (FileHandle.CreationStatus != STATUS_SUCCESS)
    {
        printf("Failed to open handle to file %ws. ERR: 0x%x\n", OriginalName, FileHandle.CreationStatus);
        return FileHandle.CreationStatus;
    }

    IO_STATUS_BLOCK ioStatusBlock;

        // msnd info for ZwSetInformatonFile when using FileRenameInformation class says that size must be the size of the
        // structure + size of new name in bytes
    const auto size = sizeof(FILE_RENAME_INFORMATION) + sizeof(NewName);

        // allocate resources for struct
    const auto rename_info = static_cast<PFILE_RENAME_INFORMATION>(ExAllocatePool(PagedPool, size));

    if(rename_info == nullptr)
    {
        printf("Failed allocating rename info structure\n");
        FileHandle.Close();
        return STATUS_INSUFFICIENT_RESOURCES;
    }

    memset(rename_info, 0, size);

    wcscpy(rename_info->FileName, NewName);
    rename_info->FileNameLength = sizeof(NewName);// size in bytes 
    rename_info->RootDirectory = nullptr; // msnd: must be null if the filename is the absolute path
    rename_info->ReplaceIfExists = false; // i dont want to replace if exissts

    const auto status = ZwSetInformationFile(FileHandle.hFile, &ioStatusBlock, rename_info, size, FileRenameInformation);

// free resources
    ExFreePool(rename_info);
    FileHandle.Close();

// ZwSetInformationFile fails with 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
    if(status != STATUS_SUCCESS)
    {
        printf("0x%x : %ws\n", status, rename_info->FileName); // -> 0xc0000034 : "\\DosDevices\\C:\\renamed_file.txt"
        return status;
    }

    printf("Renamed %ws to %ws\n", OriginalName, NewName);

    return STATUS_SUCCESS;

}

i commented a bit of the code, but TLDR; it gives me 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND.

I followed everything as stated in the MSDN but im always with the same issue, the originalname file does exist in disk since it opens handle succesfully.

any help is appreciated, thanks

Asesh
  • 3,186
  • 2
  • 21
  • 31
Systernarls_dude
  • 1
  • 2
  • `const auto size = sizeof(FILE_RENAME_INFORMATION) + sizeof(NewName);` really ? `rename_info->FileNameLength = sizeof(NewName);// size in bytes` - yes ? – RbMm Nov 08 '22 at 01:41
  • https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/strlen-wcslen-mbslen-mbslen-l-mbstrlen-mbstrlen-l?view=msvc-170 – Retired Ninja Nov 08 '22 at 01:44
  • I am just following msdn information size to allocated pool and size passed to zwsetinformationfile must be sizeof struct + sizeof newname in bytes. FileNameLength must only be the size of the new name in bytes, im trying to use the Zw function not the Nt – Systernarls_dude Nov 08 '22 at 01:49
  • `sizeof(NewName)` not what you think and this is not typo – RbMm Nov 08 '22 at 01:56
  • `sizeof(NewName)` is the size of a pointer not the length of the data pointed to. Use `wcslen(NewName) * sizeof(*NewName)` for the length in bytes. Right now `wcscpy(rename_info->FileName, NewName);` is overflowing the buffer you allocated and `rename_info->FileNameLength = sizeof(NewName);` is also incorrect. – Retired Ninja Nov 08 '22 at 01:59
  • 1
    yea that was it, i feel really stupid now. thank you very much for the help <3. thank u both for the help, can u perhaps post the comment as answer, so i can mark the question as solved, cheers – Systernarls_dude Nov 08 '22 at 02:09
  • Does this answer your question? [Find the size of a string pointed by a pointer](https://stackoverflow.com/questions/13551017/find-the-size-of-a-string-pointed-by-a-pointer) – Tsyvarev Nov 08 '22 at 10:13

0 Answers0