About file system filters

1.When developping a file system filter is this mandatory to load it at boot
time (I do it at system time)
2.In SFilter,the sample from Rajeev Nagar’s book, how can I obtain the drive
letter of file accesed?


Get 100% FREE Internet Access powered by Excite
Visit http://freelane.excite.com/freeisp

No. It is not mandatory nor even recommended.
Microsoft has claimed that sometimes, because it helps to hook file systems
as they are being loaded (using notification function).
Anyway you can hook as well file systems after these have been loaded.

Getting drive letter may be accomplished in two steps. First you need to
associate devices with letters. You can perform this process before start
filtering, for example just after the process of hooking devices. Then you
save
the letters for every device attached. When you need to know wich letter
is associated to a device just look at your saved values.

You can obtain drive letters by means of getting
devices for every letter (A to Z) and then compare each device with
devices you have attached to. You don’t need to perform this seek
many times except when mounting or unmounting volumes or loading
or unloading file systems.

The process to get devices for drive letters is the following:

From A to Z…

Use ZwOpenSymbolicLinkObject to open each symbolic device name, for
example: “\DosDevices\C:”

If successful, then use ZwQuerySymbolicLinkObject to get the target
name for this object, for example “Hardisk1\Partition0”

Then use IoGetDeviceObjectPointer to get the device itself. (Please
note that there is some controversy of how to use this
function, depending on whether volumes are mounted or not; Microsoft
proposes to use READ access instead of READ_ATTRIBUTES
that is commonly used)

Compare this device with the device you are attaching to: is it the
same ? Okay, then this is the letter you want.

Repeat for every letter from A to Z.

Inaki.

-----Original Message-----
From: Adrian Krit
Sent: martes 14 de marzo de 2000 17:19
To: File Systems Developers
Subject: [ntfsd] About file system filters

1.When developping a file system filter is this mandatory to load it at
boot
time (I do it at system time)
2.In SFilter,the sample from Rajeev Nagar’s book, how can I obtain the
drive
letter of file accesed?


Get 100% FREE Internet Access powered by Excite
Visit http://freelane.excite.com/freeisp


You are currently subscribed to ntfsd as: xxxxx@pandasoftware.es
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

if you need a good filter source example just look at FILEMON
you can download it at http://www.sysinternals.com/
It is an example of a driver that you can load and unload when the system is
up.
enjoy.

Ori Zimmels xxxxx@compaq.com
Tandem Labs Israel Phone: (972) 4-832-3050 #207
Tandem Computers Fax: (972) 4-822-5006
a Compaq Company
Gutwirth Science Park - The Technion
Haifa 32000
Israel

-----Original Message-----
From: Adrian Krit [mailto:xxxxx@excite.com]
Sent: Tuesday, March 14, 2000 6:19 PM
To: File Systems Developers
Subject: [ntfsd] About file system filters

1.When developping a file system filter is this mandatory to load it at boot
time (I do it at system time)
2.In SFilter,the sample from Rajeev Nagar’s book, how can I obtain the drive
letter of file accesed?


Get 100% FREE Internet Access powered by Excite
Visit http://freelane.excite.com/freeisp


You are currently subscribed to ntfsd as: xxxxx@COMPAQ.COM
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

I have used FILEMON source to make my filter driver. It is ok, but I have a
problem to filter a floppy or cd-rom drive, I need that there is one
floppy/cd-rom inserted on drive. I tried open the “\Dosdevices\A:” with
READ_ATTRIBUTES, but It dont work very good. There is one way to attach to a
floppy/cd-rom device without one device into floppy/cd-rom drive ?

The SFilter,the sample from Rajeev Nagar’s book, attach to RAW device, and it
need to be loaded before volume mount. Then I don’t know if we have information
about drive letter. I would like know it too.

Thanks in advance

“Zimmels, Ori” wrote:

if you need a good filter source example just look at FILEMON
you can download it at http://www.sysinternals.com/
It is an example of a driver that you can load and unload when the system is
up.
enjoy.

Ori Zimmels xxxxx@compaq.com
Tandem Labs Israel Phone: (972) 4-832-3050 #207
Tandem Computers Fax: (972) 4-822-5006
a Compaq Company
Gutwirth Science Park - The Technion
Haifa 32000
Israel

-----Original Message-----
From: Adrian Krit [mailto:xxxxx@excite.com]
Sent: Tuesday, March 14, 2000 6:19 PM
To: File Systems Developers
Subject: [ntfsd] About file system filters

1.When developping a file system filter is this mandatory to load it at boot
time (I do it at system time)
2.In SFilter,the sample from Rajeev Nagar’s book, how can I obtain the drive
letter of file accesed?


Get 100% FREE Internet Access powered by Excite
Visit http://freelane.excite.com/freeisp


You are currently subscribed to ntfsd as: xxxxx@COMPAQ.COM
To unsubscribe send a blank email to $subst(‘Email.Unsub’)


You are currently subscribed to ntfsd as: xxxxx@seil.com.br
To unsubscribe send a blank email to $subst(‘Email.Unsub’)