The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Following my previous post about minifilter performances, I realized I have bad results when my driver is registering a callback to the IRQ IRP_MJ_READ. The purpose of this callback is an authorization filter, which determines whether the content of the file can be read. In case where the read of the file is granted, the logic is still executed on each IRQ of that type, which is not efficient and result in a performance drop.
I realized that I wanted to filter the initial opening of the file, such as registering a callback of the IRQ IRP_MJ_CREATE. My question is: does the operating system require to perform an IRQ of type IRP_MJ_CREATE before subsequent IRP_MJ_READ to access a file ? In other words, is the IRQ IRP_MJ_CREATE a good way to implement file authorization ?
Many thanks !
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!||Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||15 Jun 2020||LIVE ONLINE|
|Writing WDF Drivers||22 June 2020||LIVE ONLINE|
|Internals & Software Drivers||28 Sept 2020||Dulles, VA|