The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I am working on minifilter based Encryption file system driver.I am facing an issue w.r.t. file corruption.
Through filetest.exe ,I do following operations
1. Create file on NAS share with FILE_FLAG_NO_BUFFERING flag, WriteFile of 1536 bytes, CloseHandle.
2. Truncate file from 1536 to 1303 bytes.(CreateFile for same file with FILE_FLAG_NO_BUFFERING flag, SetEOF to 1303, CloseHandle)
3. Truncate file from 1303 to 1287bytes.(CreateFile for same file with FILE_FLAG_NO_BUFFERING flag, SetEOF to 1287, CloseHandle)
Now, If i check the content of file, then till 1287 bytes file data is OK. But from 1288th byte to 1536th byte, junk is filled.
Expected result is file should have been truncated to 1287 bytes.
I see EndOfFile is 1536 bytes(Query FILE_STANDARD_INFORMATION)
Through Procmon, I see that Bit defender is doing memory mapped operations on same file.After each truncate operation on file , there is a paging write followed by Set EOF .
Now the problem is FltWriteFile for paging I/O write returns Byteswritten as 1536 (instead of 1303 in 2nd step and 1287 in 3rd step), which seems like paging write is extending EOF in this case.
I have read at many places in OSR links as Paging I/O write cannot extend beyond EOF. I might be lagging something in my understanding wr.t. paging I/O writes.
Can anyone help me to understand why file size is getting extended??
Any help is highly appreciated..Thanks in Advance.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Developing Minifilters||24 May 2021||Live, Online|
|Writing WDF Drivers||14 June 2021||Live, Online|
|Internals & Software Drivers||27 September 2021||Live, Online|
|Kernel Debugging||15 November 2021||Live, Online|