Hi,
I have an NT file system driver that manages a
collection of physical disks
as one volume .
The FSD works well with all standard operations like :
open , close, read,
write , delete , rename . It does use a cache of
our own . The fileObject->FsContext points to a
nonpaged struct of type
FSRT_COMMON_FCB_HEADER and
fileObject->Fscontext2 points to Ccb .Also
FileObject->SectionObjectPointer =
&(Fcb->NTRequiredFCB.SectionObject);
The problem is:
when I try to execute an .EXE that I copied to my
virtual disk I get a
message : “not an NT file” and there is no calling to
my FSD Read dispatch routine to fill pages
(IRP_PAGING_IO) for the VMM . I
expected the Loader(or else) will
start a File mapping for the executable which will
trigger my FSD with
pagaing reads (the reads will go through our own
cache . no interaction
with NT cache Manager ). When I try at the
IRP_MJ_CREATE time to forcibly
start the NT cache manager only for a .EXE
(DesiredAccess = FILE_EXECUTE)
file by CcInitializeCacheMap(), then executing a .EXE
file will not issue
above message . Instead 2 consecutive Read Irps come
to my Read dispatch
(with IRP_PAGING_IO flag ) with same start offset
zero ! Afterwards
nothing happens .
Also when I try run ‘pedump.exe’ on a .EXE * file
postioned at my disk ,
the CreateFileMapping stage ( after CreateFile that
succeeds via my FSD
and return a file Handle ) returns handle zero .
That makes me suspect
that the handle that is the outcome of my CreateFile
(manifested at the
I/O manager by a fileObject) is not fully corrcet
despite the content of
fileObject->Fscontext . Note that the
CommonFcbHeader is at the middle
of my FCB (not at its head as in FastFat) .
In none of above tests is there a system crash .
Does anybody has any idea why is the FileMapping
failing and what does the
loader do as I double click on a .EXE file ?
Thanks,
Gurpreet
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com