in Silhouette/Filter_Main.cpp [40:65]
NTSTATUS GetFileIdByPath(PUNICODE_STRING pFilePath, PFILE_ID_INFORMATION pFileIdInfo)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
OBJECT_ATTRIBUTES objAttr = { 0, };
IO_STATUS_BLOCK iosb = { 0, };
HANDLE hFile = NULL;
InitializeObjectAttributes(&objAttr, pFilePath, OBJ_KERNEL_HANDLE, 0, NULL);
// This fails with a sharing violation pagefile.sys, even with IO_IGNORE_SHARE_ACCESS_CHECK
ntStatus = FltCreateFile(
gpFilter, NULL, &hFile, 0, &objAttr, &iosb, NULL, 0,
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
FILE_OPEN, FILE_NON_DIRECTORY_FILE, NULL, 0, IO_IGNORE_SHARE_ACCESS_CHECK);
if (!NT_SUCCESS(ntStatus))
{
goto Cleanup;
}
ntStatus = ZwQueryInformationFile(hFile, &iosb, pFileIdInfo, sizeof(*pFileIdInfo), FileIdInformation);
Cleanup:
HandleDelete(hFile);
return ntStatus;
}