From 2ea6de8a42c19e1fab98c50927ec3515749d87a9 Mon Sep 17 00:00:00 2001
From: Pierre Schweitzer <pierre@reactos.org>
Date: Fri, 27 Apr 2018 19:01:35 +0200
Subject: [PATCH] [NTOSKRNL] Also try to extract name from FCB when leaking
 VACB

---
 ntoskrnl/cc/view.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ntoskrnl/cc/view.c b/ntoskrnl/cc/view.c
index 0432f73a99e..c2b89131323 100644
--- a/ntoskrnl/cc/view.c
+++ b/ntoskrnl/cc/view.c
@@ -1143,6 +1143,13 @@ CcRosDeleteFileCache (
                 {
                     DPRINT1("File was: %wZ\n", &FileObject->FileName);
                 }
+                else if (FileObject->FsContext != NULL &&
+                         ((PFSRTL_COMMON_FCB_HEADER)(FileObject->FsContext))->NodeTypeCode == 0x0502 &&
+                         ((PFSRTL_COMMON_FCB_HEADER)(FileObject->FsContext))->NodeByteSize == 0x1F8 &&
+                         ((PUNICODE_STRING)(((PUCHAR)FileObject->FsContext) + 0x100))->Length != 0)
+                {
+                    DPRINT1("File was: %wZ (FastFAT)\n", (PUNICODE_STRING)(((PUCHAR)FileObject->FsContext) + 0x100));
+                }
                 else
                 {
                     DPRINT1("No name for the file\n");