Following my previous post about minifilter performances, I realized I have bad results when my driver is registering a callback to the IRQ IRP_MJ_READ. The purpose of this callback is an authorization filter, which determines whether the content of the file can be read. In case where the read of the file is granted, the logic is still executed on each IRQ of that type, which is not efficient and result in a performance drop.
I realized that I wanted to filter the initial opening of the file, such as registering a callback of the IRQ IRP_MJ_CREATE. My question is: does the operating system require to perform an IRQ of type IRP_MJ_CREATE before subsequent IRP_MJ_READ to access a file ? In other words, is the IRQ IRP_MJ_CREATE a good way to implement file authorization ?
Many thanks !
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Writing WDF Drivers||21 Oct 2019||OSR Seminar Space & ONLINE|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|
|Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||27 Apr 2020||OSR Seminar Space & ONLINE|