Thank you for your answer.
My filter driver is the automatical cypher file system. These problems is
at Rename action(IRP_SET_INFORMATION). Target file seem to be opened
without FILE_SYNCHRONOUS_IO_NOALERT.
At this action in my filter, when rename action is to rename from standard
file to a cypher file, I read, enrypt and write target file by FILE_OBJECT
in worker thread. So I wrote source following.
But I can not get the number of read/written bytes. How do I get the
number of bytes?
----------- This Source(Using WinDK) -----------
static void normalToPandora( PFILE_OBJECT fobj, HardkeyParameter *prm )
{
int n;
HANDLE h;
if ( !NT_SUCCESS(ObOpenObjectByPointer(fobj, 0, 0,
FILE_READ_DATA | FILE_WRITE_DATA | SYNCHRONIZE,
NULL, KernelMode, &h)) )
return;
char ev[20];
sprintf( ev, “\Device\X%8.8X”, fobj );
_CEvent *sig = new _CEvent( ev ); // IoCreateSynchronizationEvent
char *buff = (char *)AllocMem( BUFFER_SIZE ); // NonPaged memory
for( LONGLONG off = 0;
(n = read(h, buff, off, BUFFER_SIZE, sig)) >= 0; off += n ) {
if ( !n ) continue;
EncryptStream( prm, off, n, buff );
write( h, buff, off, n, sig );
}
delete sig;
ZwClose( h );
FreeMem( buff );
}
static long
read( HANDLE h, void *buffer, LONGLONG offset, long length, _CEvent *ev )
{
NTSTATUS res;
IO_STATUS_BLOCK st;
ev->Clear();
res = ZwReadFile( h, ev->Handle(), NULL, NULL, &st, buffer, length,
(LARGE_INTEGER *)&offset, NULL );
if ( res == STATUS_PENDING ) ev->Wait();
return NT_SUCCESS( res ) ? st.Information : -1;
// I want to get the number of bytes
// and I/O status after read completion.
}
static long
write( HANDLE h, void *buffer, LONGLONG offset, long length, _CEvent *ev )
{
NTSTATUS res;
IO_STATUS_BLOCK st;
ev->Clear();
res = ZwWriteFile( h, ev->Handle(), NULL, NULL, &st, buffer, length,
(LARGE_INTEGER *)&offset, NULL );
if ( res == STATUS_PENDING ) ev->Wait();
return NT_SUCCESS( res ) ? st.Information : -1;
// I want to get the number of bytes
// and I/O status after read completion.
}
David Welch wrote:
On Tue, 22 Feb 2000, it was written:
>
> Can I set a flag FILE_SYNCHRONOUS_IO_NOALERT in ObOpenObjectByPointer?
>
I don’t think so. You could try getting the filename from the handle and
then reopening it.>
> What NtCreateEvent?
>
NTSTATUS STDCALL NtCreateEvent (OUT PHANDLE EventHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN BOOLEAN ManualReset,
IN BOOLEAN InitialState)