The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I've recently met a scenario where I'm trying to open a file for reading from a mapped shared directory (
FltGetFileNameInformation/Unsafe (depending on whether I'm in a filesystem callback, or a loadimage / createprocess callback) to get the file name, and open it for some processing inside the kernel driver.
I see a difference depending on whether I'm using FLT_FILE_NAME_OPENED or FLT_FILE_NAME_NORMALIZED.
Using FLT_FILE_NAME_OPENED gets me
\device\mup\;LanmanRedirector\;Z:(LUID)\share\folder\file and then FltCreateFile with the Mup Instance works ok.
Using FLT_FILE_NAME_NORMALIZED gets me
\device\mup\share\folder\file and then FltCreateFile with the Mup Instance fails with
This does not seem to be a permissions issue, since
1. I'm in the context of the process that has access the file in question, and when I'm not, I'm impersonating correctly
2. the error is NOT ACCESS_DENIED /STATUS_LOGON_FAILURE
Anyone cares to help me figure out what's up?
I've ran previous tests by accessing a remote folder directly, without mapping it, and had no issues accessing the normalized paths.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!||Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||15 Jun 2020||LIVE ONLINE|
|Writing WDF Drivers||22 June 2020||LIVE ONLINE|
|Internals & Software Drivers||28 Sept 2020||Dulles, VA|