Hi there,
I have a File system driver under Win NT that has its own cache . To do a
file mapping (CreateFileMapping) or
to run an image file I need use the NT file mapping (and cache ?) .
e.g : to run a .EXE file I detect the FILE_EXECUTE desired access at
IRP_MJ_CREATE time and then initialze the fileObject->SectionObjectPointer
(= &Fcb->CommonFFcbHeader.SectionObject) and call CcInitializecacaheMap()
.
The last call should trigger a NtCreateSection which it does twice ( it
triggers NtCreateSection callbacks) .
After each Section creation the VMM issues PAGING_IO IRP_MJ_READ to the
FSD , but twice to same first page
(byteOffset =0) to fill a system address (which is different in the two
cases ! ) . Then nothing happens . No error message
& no Kernel crash .
Can anybody point at what am I doing wrong : Why am I getting 2 section
creations and why is’nt the EXE running ?
thanks
Dubi