Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting... Please check out the Community Guidelines in the
Announcements and Administration Category.

query in File system Mini filter driver

vidhyavidhya Posts: 102
I need to send a internal IRP from mini filter driver to my volume filter driver sitting above volsnap.

I need to get the FltObjects->FileObject->Vpb->Realdevice device object from my file system mini filter driver.

when I tried accessing this pointer my system crashed. Later on I discovered that my
FltObjects->FileObject is always NULL.

In which cases this file object will be NULL.I am trying to access FileObject in my Precallback routine which I have registered for IRP_MJ_MOUNT_VOLUME.

Is there a way to get the volume filter driver's device object from mini filter driver.

I used FltGetDeviceObject and IoGetAttachedDevice in sequence thinking that it is the other way to get Vpb->Realdevice.
But when I used FltGetDeviceObject and IoGetAttachedDevice function the device object that I get doesn't match any object in deviceTree.

I am not sure what objects I getting when I use these functions
FltGetDeviceObject and IoGetAttachedDevice.

Any inputs on this would be helpful

Comments

  • rod_widdowsonrod_widdowson Posts: 941
    > I used FltGetDeviceObject and IoGetAttachedDevice in sequence

    I think you need IoGetDeviceAttachmentBaseRef; from the Fine Manual:

    > IoGetAttachedDevice returns the highest-level device attached to the
    > specified device.
    > The IoGetDeviceAttachmentBaseRef routine returns a pointer to the
    > lowest-level device object in a file system or device driver stack.

    You'll need to check, but I'm pretty sure that this is the File System
    device.


    /Rod
  • vidhyavidhya Posts: 102
    I have tried using IoGetDeviceAttachmentBaseRef also..but I am not getting the device object of my volume filter driver.
    Infact the device object pointer which I get as output is not seen anywhere in deviceTree utility.
    I thought that deviceTree shows all the device objects in the machine. But looks like its not the case or am I missing something so obvious.
  • NtDev_GeekNtDev_Geek Posts: 93
    yes it is very common to see FltObjects->FileObject is always NULL.

    ./nT
  • vidhyavidhya Posts: 102
    Is there a way to get the volume filter driver's device object from mini filter driver.

    I need to get the FltObjects->FileObject->Vpb->Realdevice device object for which the Mount Request is targeted from my file system mini filter driver.
  • Jamey_KirbyJamey_Kirby Posts: 377
    I think maybe you are over architecting your filter. You don't need any of
    that stuff for what you are trying to achieve. I went down that road once,
    and backed out quickly. Keep it simple.



    On Fri, Aug 3, 2018 at 6:23 AM xxxxx@yahoo.co.in <
    xxxxx@lists.osr.com> wrote:

    > Is there a way to get the volume filter driver's device object from mini
    > filter driver.
    >
    > I need to get the FltObjects->FileObject->Vpb->Realdevice device object
    > for which the Mount Request is targeted from my file system mini filter
    > driver.
    >
    >
    >
    >
    >
    >
    > ---
    > NTFSD is sponsored by OSR
    >
    >
    > MONTHLY seminars on crash dump analysis, WDF, Windows internals and
    > software drivers!
    > Details at
    >
    > To unsubscribe, visit the List Server section of OSR Online at <
    > http://www.osronline.com/page.cfm?name=ListServer>;
    >


    --
    Jamey Kirby
    Disrupting the establishment since 1964

    *This is a personal email account and as such, emails are not subject to
    archiving. Nothing else really matters.*
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!