I have (filter type) that should interact with user mode components. It creates a device object by calling IoCreateDevice , and then creates the so-called MS-DOS symbolic link for it using IoCreateSymbolicLink to access it from user-mode code (via CreateFile ). This is a standard technique more or less. The driver creates a symbolic link of the form \DosDevices\mydevicename , while user-mode code opens a file named \\.\mydevicename .
Now problems begin when the driver creates the device in the context of a terminal server session. The created symbolic link actually belongs to the local session directory, while my user mode runs under the system account in "zero session" and it "sees" the symbolic links that belong to the global directory.
There is usually no problem with the documentation that was mentioned, since drivers basically create device objects in the context of DriverEntry or AddDevice functions, which are guaranteed to run under the system account. But my business is different. And I do not want to change this, I really need to be able to create / destroy device objects in the context of an arbitrary stream belonging to any session.
According to the documentation there is a way to solve this problem. The driver may insist on creating a symbolic link belonging to the global catalog, naming it as follows: \DosDevices\Global\mydevicename . Moreover, if the user mode code is run under any account, it can also insist on finding a link in the global directory, naming the file as follows: \\.\Global\mydevicename . Although this is usually not required if the character does not exist in the local directory, it is automatically checked in the global directory.
I tried this trick: this does not work for me. I am using Windows 2008R2, 64-bit. There is no success so far. I sequentially open the devices created in the system account, but I can not open the devices created in other sessions (error code "file not found"). I tried all the combinations and options for specifying \Global in kernel / user mode - so far the result is the same.
This makes me suspect that there is another level of character isolation. Perhaps using \Global creates a symbolic link, a global session, but still not a system-wide one.
It makes sense? Is there a way to create a system-wide symlink? Or is there a way to open a file whose symlink belongs to another session?
EDIT
Thanks @Hans Passant. I tried the WinObj utility to see which devices and symbolic links the driver actually creates.
Everything looks normal at first glance. I see all my devices in the \Device directory, and all symbolic links are under \GLOBAL?? . Symbolic links indicate valid device names.
However, one thing is strange. Trying to see device properties from WinObj: for devices created in a zero session, this is normal, but for devices created in other sessions WinObj responds with an error:
- Error opening \ Device \ mydevicename: the system cannot find the specified file.
So, it displays this device object in its list, but OTOH it is "not found" when trying to open it. Very strange. But that explains my problem. But it is really strange.
Any ideas? Thanks in advance.