Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Paging I/O is increasing EOF for file ,thereby making it corrupted.

Pooja_BansalPooja_Bansal Member - All Emails Posts: 44

Hi All,

I am working on minifilter based Encryption file system driver.I am facing an issue w.r.t. file corruption.

Through filetest.exe ,I do following operations
1. Create file on NAS share with FILE_FLAG_NO_BUFFERING flag, WriteFile of 1536 bytes, CloseHandle.
2. Truncate file from 1536 to 1303 bytes.(CreateFile for same file with FILE_FLAG_NO_BUFFERING flag, SetEOF to 1303, CloseHandle)
3. Truncate file from 1303 to 1287bytes.(CreateFile for same file with FILE_FLAG_NO_BUFFERING flag, SetEOF to 1287, CloseHandle)

Now, If i check the content of file, then till 1287 bytes file data is OK. But from 1288th byte to 1536th byte, junk is filled.
Expected result is file should have been truncated to 1287 bytes.

I see EndOfFile is 1536 bytes(Query FILE_STANDARD_INFORMATION)

Through Procmon, I see that Bit defender is doing memory mapped operations on same file.After each truncate operation on file , there is a paging write followed by Set EOF .

Now the problem is FltWriteFile for paging I/O write returns Byteswritten as 1536 (instead of 1303 in 2nd step and 1287 in 3rd step), which seems like paging write is extending EOF in this case.

I have read at many places in OSR links as Paging I/O write cannot extend beyond EOF. I might be lagging something in my understanding wr.t. paging I/O writes.

Can anyone help me to understand why file size is getting extended??

Any help is highly appreciated..Thanks in Advance.

Comments

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA