Strange output from ps -W, (\\?\?, \??\)

Markus K. E. Kommant Markus.Kommant@de.adp.com
Fri Feb 8 10:19:00 GMT 2002


> \??\C:\WIN2KPRO\system32\winlogon.exe

the \??\ could by "something" very special in the bootstrap of the system.

I belive, that it could be a \\?\?\  
which will be chown as \??\ (\? interpreted as the escape sequence for ?)

The path \\?\?\ could be: 
\\? = do not use "path parsing" and stay on the current volumne (ignore
mount points etc)
\?\ = could be the Volume GUID Name = ?, and ? could be the first, boot or
current volume.

MSDN Volume Names , UNC and MountPoints:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/fsys
_64oj.asp

Unique Volume Names
Two factors can make it hard to reliably mount a specific volume at a
specified volume mount point across operating system restarts. One factor is
that two different volumes can have the same label, which makes them
indistinguishable except by drive letter. The other factor is that drive
letters do not necessarily remain the same. If a computer's administrator
does not use the Disk Administrator to enforce drive letters, then drive
letters can change as drives are removed from or added to the system.

To solve this problem, the system refers to volumes to be mounted with
unique volume names. These are strings of this form: 

"\\?\Volume{GUID}\" 

where GUID is a globally unique identifier (GUID) that identifies the
volume. The \\?\ turns off path parsing and is ignored as part of the path,
as discussed in Path Lengths. Note the trailing backslash. All volume mount
point functions that take a unique volume name as a parameter require the
trailing backslash; all volume mount point functions that return a unique
volume name provide the trailing backslash. You can use CreateFile to open a
volume by referring to its unique volume name, but without a trailing
backslash. When using CreateFile, a unique volume name with a backslash
refers to the root directory of the volume.

The operating system assigns a unique volume name to a volume when the
computer first encounters it, for example during formatting or installation.
The volume mount point functions use unique volume names to refer to
volumes. To learn the unique volume name of any drive, use the
GetVolumeNameForVolumeMountPoint function.

The Unicode versions of several functions permit paths that exceed the
MAX_PATH length if the path has the "\\?\" prefix. The "\\?\" tells the
function to turn off path parsing. However, each component in the path
cannot be more than MAX_PATH characters long. Use the "\\?\" prefix with
paths for local storage devices and the "\\?\UNC\" prefix with paths having
the Universal Naming Convention (UNC) format. The "\\?\" is ignored as part
of the path. For example, "\\?\C:\myworld\private" is seen as
"C:\myworld\private", and "\\?\UNC\bill_g_1\hotstuff\coolapps" is seen as
"\\bill_g_1\hotstuff\coolapps". 

> -----Original Message-----
> From: Stephano Mariani [mailto:sk.mail@btinternet.com]
> Sent: Thursday, February 07, 2002 9:24 PM
> To: cygwin@cygwin.com
> Subject: Strange output from ps -W
> 
> 
> The relevant line from ps -W
> 
>       PID    PPID    PGID     WINPID  TTY  UID    STIME COMMAND
>       196       0       0        196    ?    0   Feb  6
> \??\C:\WIN2KPRO\system32\winlogon.exe
> 
> Is this normal? Why is the command prefixed with "\??\"?
> 
> Stephano Mariani
> 
> 
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list