Real basic question here, my apologies. So when I get IRP_MJ_CREATE with NULL name, and NULL relativeObject, it is known as a "volume open".
I used to simply grab the root "\" object, and return that. But this is causing some issues, in that I now have two Fileobjects with FsContext pointing to one vnode of "\". (Open of literal "\" and volume open).
So, what IS a volume open anyway? What operations is generally performed on a volume handle? Are read/writes done, and if so, what data is expected? Is it perhaps like opening the raw disk? (then, why not just open the disk, instead of via the filesystem)
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Developing Minifilters||4 Feb 2019||OSR Seminar Space|
|Writing WDF Drivers||25 Feb 2019||OSR Seminar Space|
|Kernel Debugging and Crash Analysis||25 Mar 2019||OSR Seminar Space|