I'm having a problem calling UniToBSCPath in my Vxd. I'm hooking a file operation. Looking at the ioreq structure to see what file is trying to be written to. But I keep on getting a crash in the Vxd call UniToBCSPath.

But one of the values I'm passing to the UniToBCSPath (ptr to unicode path name) is all wrong. I've traced in Softice:

mov eax, dword ptr [ebp+28d]
mov eax, dword ptr [eax+12d]
add eax,4

should give me ptr to Unicode name right? It gives me something like 0FFFFFBBFh, which it then proceeds to crash on.

What is wrong? Any help much appreciated, as it's driving me nuts. This is the hook (set in place by a previous InstallFileSystemApiHook)

hook:
push ebp
mov ebp,esp
sub esp,60h ;plenty of room
....
cmp busy,1
je exit_hook
cmp dword ptr [ebp+0Ch], IFSFN_WRITE
je WRITE_OPERATION
....
....
WRITE_OPERATION:
mov busy,1
mov esi,OFFSET32 filename
push 0
push 260d
mov eax, dword ptr [ebp+28d]
mov eax, dword ptr [eax+12d]
add eax, 4 ;
push eax ; push unicode filename --PROBLEM!!!!
push esi ; destination buffer

int 20h
dw UniToBCSPath
dw IFSMgr

Well I've managed to partially answer my own question. The above code works fine with IFSFN_OPEN instead of ISFN_WRITE. So I guess for a write operation there is no path given. Hence the error. Unfortunately I've got very little documentation on IFSMgr.

Any info by anyone on the ioreq structure etc would be appreciated. Thanks

Hi philip,
Look at this tutorial (written by Lord Julus); it contains some informations about ioreq and ifsmgr:
http://www.cwizardx.com/vdat/turingrs.htm

Here, you will find many useful links posted by Kayaker::
http://www.woodmann.net/forum/showthread.php?threadid=3238

ZaiRoN

Thanks for the links, very interesting.

1)Does anybody have ifs.h btw?

2) On the off chance anyone can help on this. One way I've seen to get the path (from IFSFN_WRITE), requires the address
of enum procedure. (Which you obtain from a IFSFN_OPEN)

The code snippet I've seen for this is:
;enumFunc = ifsr.ifs_hndl->hf_misc->hm_func[HM_ENUMHANDLE];

.if pEnumFunc==0 ;if already got it then skip
mov esi,ifs_hndl ; esi ptr on hndlfunc struct
add esi,8h ; esi ptr on ptr to hf_misc
mov esi,dword ptr [esi] ; esi ptr on hf_misc
add esi,4 ; esi ptr on hm_func
add esi,7*4 ; HM_ENUMHANDLE = 7
mov esi,dword ptr [esi] ; esi = pEnumProc!!
mov pEnumfunc,esi

I actually understand the above code after repeatedly wading through MSDN. However....

ifsr.ifs_hndl is puzzling me.

I believe it can be obtained from ifs_pfh. I've not got a lot of documentation here, but I believe this field - ifs_pfh (in the ifsreq structure) is dword ptr [eax+74h], where eax is a ptr to the ioreq structure. Anyone know if this is correct? Trouble is using this value gives me a zero value for hf_misc. So something is wrong.

Any info on ifsreq structure would be appreciated.