Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting... Please check out the Community Guidelines in the
Announcements and Administration Category, below.

Re[2]: How to filter the request in MUP?

What do you mean by 'a fake one'?

Are you filtering network attachments in your InstanceSetup callback?


Kernel Drivers
Windows File System and Device Driver Consulting

------ Original Message ------
From: "" <>
To: "Windows File Systems Devs Interest List" <>
Sent: 12/7/2017 9:28:59 AM
Subject: RE:[ntfsd] How to filter the request in MUP?

>The FO(ffffbe058fd0aa10) indicated is just a fake one, the real file
>object is owned by my encryption filter. If this file located in the
>local file system things all goes well, but when the file is located in
>the network position, my encryption filter seems can not catch the
>request, so it encounter the MUP_BUGCHECK_NO_FILECONTEXT. How can my
>encryption filter catch the request before it go into the mup? I tried
>IRP_MJ_QUERY_VOLUME_INFORMATION, but it seems didn't work.
>NTFSD is sponsored by OSR
>MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>software drivers!
>Details at <>;
>To unsubscribe, visit the List Server section of OSR Online at

Kernel Drivers
Windows File System and Device Driver Consulting


  • I mean the file object indicated is not really created, my encryption filter create a file object in the pre-create routine and just return STATUS_SUCCESS to the upper driver.

    How to filter the network attachments in InstanceSetup callback, that's exactly my question.
  • In filespy, I could see my encryption filter attach to the mup device, it means my encryption filter has successfully filter the network attachments right?
    My encryption filter could catch the request(IRP_MJ_CREATE) towards file(\Device\mup\test\ccedr.txt), it also means that my encryption filter is filtering the network requests, is that right?
    But it's obvious that the BSOD info says my encryption filter driver didn't catch one of the requests towards the network file, or else it would work well without BSOD, how could this happen?
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!