2 Jul
2024
2 Jul
'24
10:30 p.m.
Paul Gofman (@gofman) commented about dlls/kernelbase/volume.c:
attr.SecurityDescriptor = NULL; attr.SecurityQualityOfService = NULL;
- nt_name.Length -= sizeof(WCHAR); /* without trailing slash */
- status = NtOpenFile( &handle, GENERIC_READ | SYNCHRONIZE, &attr, &io, FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT );
The device is currently opened for read access though which seem to contradict to patch subject. Probably more important, there seems to be other information read through NtQueryVolumeInformationFile( FileFsAttributeInformation ) which has a fallback with the reading from the provided file handle if mountmgr path failed. If for some reason (doubt so?) it is deemed unneeded now that should be probably first removed from NtQueryVolumeInformationFile implementation?