alt Hacker NewsWindows drive letters are not limited to A-Z
Comments
Windows is not limited to accessing partitions through drive letters either, it's just the existing convention.
You can mount partitions under directories just like you can in Linux/Unix.
PowerShell has Add-PartitionAccessPath for this:
> mkdir C:\Disk
> Add-PartitionAccessPath -DiskNumber 1 -PartitionNumber 2 -AccessPath "C:\Disk"
> ls C:\Disk
It will persist through reboots too.
The cursedness of "€:\" is awesome. It's amazing how much more flexible the NT kernel is vs what's exposed to the user.
> Drives with a drive-letter other than A-Z do not appear in File Explorer, and cannot be navigated to in File Explorer.
Well there goes my plan to replace all my drive letters with emojis :(
For anyone curious there is a somewhat similar thing in Linux called Abstract Domain Sockets. These are Unix domain sockets where the first character is NUL ('\0')
I am working on a game where every player has system resources on a Linux computer. The basic idea is that some resources need to be shared or protected in some ways, such as files, but the core communication of the game client itself needs to be preserved without getting in the way of the real system environment.
I am using these abstract data sockets because they sidestep most other permissions in Linux. If you have the magic numbers to find the socket, you get access.
From the article:
> Drives with a drive-letter other than A-Z do not appear in File Explorer, and cannot be navigated to in File Explorer.
Reminds me of the old-school ALT + 255 trick on Win9x machines where adding this "illegal trailing character" made the directory inaccessible from the regular file explorer.
This all sounds like a wonderful way to write some truly annoying malware. I expect to see hidden mounts on SQL-escape-type-maliciously-named drives soon...
> In other words, since RtlDosPathNameToNtPathName_U converts C:\foo to \??\C:\foo, then an object named C: will behave like a drive letter. To give an example of what I mean by that: in an alternate universe, RtlDosPathNameToNtPathName_U could convert the path FOO:\bar to \??\FOO:\bar and then FOO: could behave like a drive letter.
For some reason I remember that the original xbox 360 had "drive letters" which were entire strings. Unfortunately I no longer have access to the developer docs and now I wonder if my mind completely made this up. I think it was something like "Game:\foo" and "Hdd0:\foo".
Anybody who's had to look through files on multi-disc arrays knows exactly how weird the drive letters can get. Mount the ISOs of thirty six 8.5GB DVDs because someone thought it was a good idea to split zip a single archive into 7.99GB segments and things get very tricky in cmd. If you weren't in the habit of using several layers of quotation marks to separate everything you'll form it very quickly because the operators can be the same symbols as the drive letters, as shown in the article with the "+" example.
In my first DOS, the drive letter after Z was AA. I created a series of small RAM drives to find out.
That may have been DOS 3.3, not later. IDK when it changed.
The real question is can Windows defender scan these drives?
> drive letters are essentially just a convention borne out of the conversion of a Win32 path into a NT path
CMD also has the concept of a current drive, and of a per-drive current directory. (While “X:\” references the root directory of drive X, “X:” references whatever the current directory of drive X is. And the current directory, i.e. “.”, is the current directory of the current drive.) I wonder how those mesh with non-standard drive letters.
This is an interesting reference about how drive letters are stored in the Windows Registry: http://www.goodells.net/multiboot/partsigs.shtml
I never tried, but I wonder if you could use direct registry editing to create some really strange drive letters.
> Non-ASCII drive letters are even case-insensitive like A-Z are
I wonder, does `subst I: .` create i: or ı: under the Turkish locale?
Hmm. This seems like it could be abused rather hilariously (or not, depending on your perspective) by malware...
26 drives should be enough for anyone.
Similar corner cases are the bedrock of security flaws.
If anyone adds this behaviour as a bet on a market about a future CVE or severity, can they add a link to the bet here?
I never knew Λ was the upper case version of λ.
This was a cool article. Learned something new today.
This topic would make a good post on The Old New Thing.
Seems like a great way to hide a bunch of files from users for a malware payload
I remember when A and B were commonly used drive letters. C was a luxury. D was outright bourgeois.
But for some reason, drive letters starting with C feel completely natural, too. Maybe it's because C is also the first note in the most widely known musical scale. We can totally afford to waste two drive letters at the start, right?
Windows drive letters are ridiculous. Use an external drive for e.g. video editing, its letter can be stolen by another drive, you can’t work anymore.
Now somebody will uses this to hide their malware, somehow...
I hope this article gets archived in a computer history, so people in the future can read how today's default operating system persisted in requiring its vict..., umm, users, to honor an archaic practice long past any imaginable justification, while free alternative operating systems don't have this handicap.
I regularly have this conversation with my end-user neighbor -- I explain that he has once again written his backup archive onto his original because he plugged in his Windows USB drives in the wrong sequence. His reply is, more or less, "Are computers still that backward?" "No," I reply, "Windows is still that backward."
The good news is that Linux is more sophisticated. The bad news is that Linux users must be more sophisticated as well. But this won't always be true.
The NT paths are how the object manager refers to things. For example the registry hive HKEY_LOCAL_MACHINE is an alias for \Registry\Machine
https://learn.microsoft.com/en-us/windows-hardware/drivers/k...
In this way, NT is similar to Unix in that many things are just files part of one global VFS layout (the object manager name space).
Paths that start with drive letters are called a "DOSPath" because they only exist for DOS compatibility. But unfortunately, even in kernel mode, different sub systems might still refer to a DOSPath.
Powershell also exposes various things as "drives", pretty sure you could create your own custom drive as well for your custom app. For example, by default there is the 'hklm:\' drive path:
https://learn.microsoft.com/en-us/powershell/scripting/sampl...
Get-PSDrive/New-PSDrive
You can't access certificates in linux/bash as a file path for example, but you can in powershell/windows.
I highly recommend getting the NtObjectManager powershell module and exploring about:
https://github.com/googleprojectzero/sandbox-attacksurface-a...
ls NtObject:\