Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.Identifying a set of operations
Hi all,
Let's say I have a set of operations for deleting a file - that is create, setfileinformation and close. What is the best way to uniquely identify this flow in my mini-filter? is there sort of a unique id?
Thanks in advance.
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Developing Minifilters | 24 May 2021 | Live, Online |
| Writing WDF Drivers | 14 June 2021 | Live, Online |
| Internals & Software Drivers | 27 September 2021 | Live, Online |
| Kernel Debugging | TBD 2021 | Live, Online |
Comments
No.
You can look for all sorts of heuristics (thread Id and File Object or FsContext2 might be somewhere to start), but nothing is guaranteed.
And of course there are many other ways that a file can be deleted..
Check out the delete sample from microsoft.
https://github.com/Microsoft/Windows-driver-samples/tree/master/filesys/miniFilter/delete
Cheers,
Gabriel