I would like to open an alternate data stream of a file using an existing handle to the file, or using the file id. The only way I found is by the full name (file name + ADS name). I am afraid of the file being renamed during the operation.
Is there a way to do that?
this is very easy do with NtOpenFile or NtCreateFile
for example for open existing ADS on hFile
NTSTATUS OpenADS(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, HANDLE hFile, PCWSTR Name)
{
IO_STATUS_BLOCK iosb;
UNICODE_STRING ObjectName;
RtlInitUnicodeString(&ObjectName, Name);
OBJECT_ATTRIBUTES oa = { sizeof(oa), hFile, &ObjectName };
return NtOpenFile(FileHandle, DesiredAccess, &oa, &iosb, FILE_SHARE_VALID_FLAGS, FILE_SYNCHRONOUS_IO_NONALERT);
}
where Name something like L":test_stream" (begin with :)