01/01: [NTOSKRNL] Also try to extract name from FCB when leaking VACB - Ros-diffs

27 Apr 2018

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=2ea6de8a42c19e1fab98c…

commit 2ea6de8a42c19e1fab98c50927ec3515749d87a9
Author:     Pierre Schweitzer &lt;pierre(a)reactos.org&gt;
AuthorDate: Fri Apr 27 19:01:35 2018 +0200
Commit:     Pierre Schweitzer &lt;pierre(a)reactos.org&gt;
CommitDate: Fri Apr 27 19:01:35 2018 +0200

    [NTOSKRNL] Also try to extract name from FCB when leaking VACB
---
 ntoskrnl/cc/view.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ntoskrnl/cc/view.c b/ntoskrnl/cc/view.c
index 0432f73a99..c2b8913132 100644
--- a/ntoskrnl/cc/view.c
+++ b/ntoskrnl/cc/view.c
@@ -1143,6 +1143,13 @@ CcRosDeleteFileCache (
                 {
                     DPRINT1("File was: %wZ\n", &FileObject->FileName);
                 }
+                else if (FileObject->FsContext != NULL &&
+                        
((PFSRTL_COMMON_FCB_HEADER)(FileObject->FsContext))->NodeTypeCode == 0x0502
&&
+                        
((PFSRTL_COMMON_FCB_HEADER)(FileObject->FsContext))->NodeByteSize == 0x1F8
&&
+                         ((PUNICODE_STRING)(((PUCHAR)FileObject->FsContext) +
0x100))->Length != 0)
+                {
+                    DPRINT1("File was: %wZ (FastFAT)\n",
(PUNICODE_STRING)(((PUCHAR)FileObject->FsContext) + 0x100));
+                }
                 else
                 {
                     DPRINT1("No name for the file\n");


    