GetSymbolicLinkDeviceName

#include <stdio.h>#include <Windows.h>//删除指针#define SafeFreeArraySize(pData) { if(pData){delete []pData;pData=NULL;} }#define NT_SUCCESS(Status)  (((NTSTATUS)(Status)) >= 0)#define OBJ_CASE_INSENSITIVE    0x00000040L#define SYMBOLIC_LINK_QUERY (0x0001)typedef struct _UNICODE_STRING {USHORT Length;USHORT MaximumLength;PWSTR  Buffer;} UNICODE_STRING;typedef UNICODE_STRING *PUNICODE_STRING;typedef const UNICODE_STRING *PCUNICODE_STRING;typedef struct _OBJECT_ATTRIBUTES {ULONG  Length;HANDLE  RootDirectory;PUNICODE_STRING  ObjectName;ULONG  Attributes;PVOID  SecurityDescriptor;PVOID  SecurityQualityOfService;} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;typedef CONST OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES;#define InitializeObjectAttributes( p, n, a, r, s ) { \(p)->Length = sizeof( OBJECT_ATTRIBUTES );          \(p)->RootDirectory = r;                             \(p)->Attributes = a;                                \(p)->ObjectName = n;                                \(p)->SecurityDescriptor = s;                        \(p)->SecurityQualityOfService = NULL;               \}//符号链接取设备名字wchar_t* GetSymbolicLinkDeviceName(wchar_t* pSymbolcLinkName){NTSTATUS status;  UNICODE_STRING DeviceSymbolcLinkName; OBJECT_ATTRIBUTES  objectAttributes;PUNICODE_STRING pLinkTarget; wchar_t* pDeviceName=NULL;HANDLE hSymbolic=NULL;  ULONG unicode_length=0;  typedef VOID (__stdcall *fnRtlInitUnicodeString)(IN OUT PUNICODE_STRING  DestinationString,IN PCWSTR  SourceString);static fnRtlInitUnicodeString pRtlInitUnicodeString=(fnRtlInitUnicodeString)GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")),"RtlInitUnicodeString");typedef NTSTATUS (__stdcall *fnZwQuerySymbolicLinkObject)(IN HANDLE LinkHandle,IN OUT PUNICODE_STRING LinkTarget,OUT PULONG ReturnedLength OPTIONAL);static fnZwQuerySymbolicLinkObject pZwQuerySymbolicLinkObject=(fnZwQuerySymbolicLinkObject)GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")),"ZwQuerySymbolicLinkObject");typedef NTSTATUS (__stdcall *fnZwOpenSymbolicLinkObject)(OUT PHANDLE  LinkHandle,IN ACCESS_MASK  DesiredAccess,IN POBJECT_ATTRIBUTES  ObjectAttributes);static fnZwOpenSymbolicLinkObject pZwOpenSymbolicLinkObject=(fnZwOpenSymbolicLinkObject)GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")),"ZwOpenSymbolicLinkObject");pRtlInitUnicodeString(&DeviceSymbolcLinkName,pSymbolcLinkName);  InitializeObjectAttributes(&objectAttributes,&DeviceSymbolcLinkName,OBJ_CASE_INSENSITIVE,NULL,NULL);  //打开现有的符号链接  status=pZwOpenSymbolicLinkObject(&hSymbolic,SYMBOLIC_LINK_QUERY,&objectAttributes);  if (NT_SUCCESS(status)){pLinkTarget=(PUNICODE_STRING)new wchar_t[MAX_PATH+sizeof(UNICODE_STRING)];ZeroMemory(pLinkTarget,MAX_PATH*sizeof(wchar_t)+sizeof(UNICODE_STRING));pLinkTarget->Length =MAX_PATH;pLinkTarget->MaximumLength = MAX_PATH;pLinkTarget->Buffer = (PWSTR)(((PUCHAR)pLinkTarget) + sizeof(UNICODE_STRING));status=pZwQuerySymbolicLinkObject(hSymbolic,pLinkTarget,&unicode_length);if (NT_SUCCESS(status)){pDeviceName=(wchar_t*)new BYTE[pLinkTarget->Length+sizeof(wchar_t)];ZeroMemory(pDeviceName,pLinkTarget->Length+sizeof(wchar_t));CopyMemory(pDeviceName,pLinkTarget->Buffer,pLinkTarget->Length);}SafeFreeArraySize(pLinkTarget);CloseHandle(hSymbolic);}return pDeviceName;}int main(void){GetSymbolicLinkDeviceName(TEXT("\\??\\PhysicalDrive0"));getchar();getchar();return 0;}