Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


RE: how to obtain requestor's intended operation

OSR_Community_UserOSR_Community_User Member Posts: 110,217
Routines manipulating these fields are : IoSetShareAccess,
IoUpdateShareAccess, IoCheckShareAccess and
IoRemoveShareAccess. These are called by the FSD.
So if you look at file object before passing the request
to the FSD fields like ReadAccess or SharedRead are
always not properly set.

Paul

> -----P?vodn? zpr?va-----
> Od: [email protected] [SMTP:[email protected]]
> Odesl?no: 2. kv?tna 2000 13:37
> Komu: File Systems Developers
> P?edm?t: [ntfsd] how to obtain requestor's intended operation
>
> Hi all,
>
> When intercept a file open request, if I look at the file object fields
> got
> through SoftIce, the following seems always FALSE.
>
> ReadAccess, WriteAccess, DeleteAccess, SharedRead,
> SharedWrite,SharedDelte.
>
> I open the file with GENERAL_READ through CreateFile win32 API.
>
> Am I looking the wrong place to detect the intended user operation mode ?
>
> Thanx,
>
> Jack Cheng
> (Curriculum Corp.)
>
> ---
> You are currently subscribed to ntfsd as: [email protected]
> To unsubscribe send a blank email to $subst('Email.Unsub')

Comments

  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Thanks for the reply ! One more question hope you don't mind,

    Does this mean that I can check it using completion routine for
    IRP_MJ_CREATE?

    Thanks again,

    Jack
    (Curriculum Corp.)

    On Tue, 2 May 2000, Pavel Hrdina wrote:

    > Routines manipulating these fields are : IoSetShareAccess,
    > IoUpdateShareAccess, IoCheckShareAccess and
    > IoRemoveShareAccess. These are called by the FSD.
    > So if you look at file object before passing the request
    > to the FSD fields like ReadAccess or SharedRead are
    > always not properly set.
    >
    > Paul
    >
    > > -----P?vodn? zpr?va-----
    > > Od: [email protected] [SMTP:[email protected]]
    > > Odesl?no: 2. kv?tna 2000 13:37
    > > Komu: File Systems Developers
    > > P?edm?t: [ntfsd] how to obtain requestor's intended operation
    > >
    > > Hi all,
    > >
    > > When intercept a file open request, if I look at the file object fields
    > > got
    > > through SoftIce, the following seems always FALSE.
    > >
    > > ReadAccess, WriteAccess, DeleteAccess, SharedRead,
    > > SharedWrite,SharedDelte.
    > >
    > > I open the file with GENERAL_READ through CreateFile win32 API.
    > >
    > > Am I looking the wrong place to detect the intended user operation mode ?
    > >
    > > Thanx,
    > >
    > > Jack Cheng
    > > (Curriculum Corp.)
    > >
    > > ---
    > > You are currently subscribed to ntfsd as: [email protected]
    > > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    >
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    If you only want to know user's desired access at the time before
    you pass the request to the underlying FSD try to look at
    current Irp stack location ->Parameters.Create.SecurityContext.
    There is a filed called DesiredAccess which you're probably looking for.

    Paul
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Thanks Paul, that is very helpful information !

    Jack

    On Tue, 2 May 2000, Pavel Hrdina wrote:

    > If you only want to know user's desired access at the time before
    > you pass the request to the underlying FSD try to look at
    > current Irp stack location ->Parameters.Create.SecurityContext.
    > There is a filed called DesiredAccess which you're probably looking for.
    >
    > Paul
    >
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
    >
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Internals & Software Drivers 25 Jan 2021 LIVE ONLINE
Developing Minifilters 8 March 2021 LIVE ONLINE