I am working on minifilter based Encryption file system driver.I am facing an issue w.r.t. file corruption.
Through filetest.exe ,I do following operations
1. Create file on NAS share with FILE_FLAG_NO_BUFFERING flag, WriteFile of 1536 bytes, CloseHandle.
2. Truncate file from 1536 to 1303 bytes.(CreateFile for same file with FILE_FLAG_NO_BUFFERING flag, SetEOF to 1303, CloseHandle)
3. Truncate file from 1303 to 1287bytes.(CreateFile for same file with FILE_FLAG_NO_BUFFERING flag, SetEOF to 1287, CloseHandle)
Now, If i check the content of file, then till 1287 bytes file data is OK. But from 1288th byte to 1536th byte, junk is filled.
Expected result is file should have been truncated to 1287 bytes.
I see EndOfFile is 1536 bytes(Query FILE_STANDARD_INFORMATION)
Through Procmon, I see that Bit defender is doing memory mapped operations on same file.After each truncate operation on file , there is a paging write followed by Set EOF .
Now the problem is FltWriteFile for paging I/O write returns Byteswritten as 1536 (instead of 1303 in 2nd step and 1287 in 3rd step), which seems like paging write is extending EOF in this case.
I have read at many places in OSR links as Paging I/O write cannot extend beyond EOF. I might be lagging something in my understanding wr.t. paging I/O writes.
Can anyone help me to understand why file size is getting extended??
Any help is highly appreciated..Thanks in Advance.
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Developing Minifilters||29 July 2019||OSR Seminar Space|
|Writing WDF Drivers||23 Sept 2019||OSR Seminar Space|
|Kernel Debugging||21 Oct 2019||OSR Seminar Space|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|