Attaching to virtual volumes (how does subst.exe work?)

Hello,

How does subst.exe work? I have imagined it creates a symbolic link in
DosDevices that points to drive:/directory, but I see no new symbolic
link that look like a drive letter in WinObj.

If I create a virtual volume with subst.exe, can I attach a file
system filter or minifilter to it?

Thanks


Aram Hăvărneanu

>How does subst.exe work? I have imagined it creates a symbolic link in

DosDevices that points to drive:/directory, but I see no new symbolic
link that look like a drive letter in WinObj.

OK.

C:\Users\maxim>subst q: .

C:\Users\maxim>subst
Q:: => C:\Users\maxim

Then in WinObj (run it as admin):

Name: \Sessions\0\DosDevices\00000000-0006664f\Q:
Type: SymbolicLink

Link: ??\C:\Users\maxim


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

“Aram Hăvărneanu” wrote in message news:xxxxx@ntfsd…
> Hello,
>
> How does subst.exe work? I have imagined it creates a symbolic link in
> DosDevices that points to drive:/directory, but I see no new symbolic
> link that look like a drive letter in WinObj.

This is indeed what it does, you must be looking in the wrong place. Mine is
in \Sessions\0\DosDevices\AuthId\Q:

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Aram Hăvărneanu” wrote in message news:xxxxx@ntfsd…
> Hello,
>
> How does subst.exe work? I have imagined it creates a symbolic link in
> DosDevices that points to drive:/directory, but I see no new symbolic
> link that look like a drive letter in WinObj.
>
> If I create a virtual volume with subst.exe, can I attach a file
> system filter or minifilter to it?
>
> Thanks
>
> –
> Aram Hăvărneanu
>
>

On Thu, Aug 19, 2010 at 11:08 PM, Maxim S. Shatskih
wrote:
> C:\Users\maxim>subst q: .
>
> C:\Users\maxim>subst
> Q:: => C:\Users\maxim
>
> Then in WinObj (run it as admin):
>
> Name: \Sessions\0\DosDevices\00000000-0006664f\Q:
> Type: SymbolicLink
> …
> Link: ??\C:\Users\maxim
>

Ok, it works the way I imagined it works, except for that AuthId
stuff. I missed that. What’s that AuthId stuff? Do I need to care
about it if I write Windows filters?

Unfortunately, if subst.exe works in this simple way, I understand
that I can’t filter only I/O that’s done through that Win32 letter
because there’s a single `real’ storage device object? What do you
recommend to do in this case?

Thanks,


Aram Hăvărneanu

On Thu, Aug 19, 2010 at 11:23 PM, Scott Noone wrote:
> “Aram Hăvărneanu” wrote in message news:xxxxx@ntfsd…
> This is indeed what it does, you must be looking in the wrong place. Mine is
> in \Sessions\0\DosDevices\AuthId\Q:

You are indeed correct. What do you recommend to do in this case if
the desire is to filter only stuff that references that `virtual’
letter?

Thanks,


Aram Hăvărneanu

>Ok, it works the way I imagined it works, except for that AuthId

stuff. I missed that. What’s that AuthId stuff?

Logon ID.

Can be queried by GetTokenInformation in user mode.

recommend to do in this case?

Do you really want to filter the substed drive letter?


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

>You are indeed correct. What do you recommend to do in this case if

the desire is to filter only stuff that references that `virtual’
letter?

If Q: -> C:\Users\maxim is substed, then your filter cannot distinguish the file open at Q:\path and at C:\Users\maxim\path

Sorry. It is above your filter.


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

On Thu, Aug 19, 2010 at 11:46 PM, Maxim S. Shatskih
wrote:
> Do you really want to filter the substed drive letter?

I wish my filter to act' only when I/O targets some directories. This<br>could be done by checking the I/O operation target, doing something to<br>it if the directory is correct and pass it untouched if it's a<br>different directory, however, I have hoped for a more clean solution<br>where I could have the filter code run only when needed (a.i. let<br>Windows device if it should run my filter or not, instead of letting<br>me doing the decision of weather I should act’ on the I/O or not).


Aram Hăvărneanu

On Thu, Aug 19, 2010 at 11:54 PM, Aram Hăvărneanu wrote:
> On Thu, Aug 19, 2010 at 11:46 PM, Maxim S. Shatskih
> wrote:
>> Do you really want to filter the substed drive letter?
>
> I wish my filter to act' only when I/O targets some directories. This<br>&gt; could be done by checking the I/O operation target, doing something to<br>&gt; it if the directory is correct and pass it untouched if it's a<br>&gt; different directory, however, I have hoped for a more clean solution<br>&gt; where I could have the filter code run only when needed (a.i. let<br>&gt; Windows device if it should run my filter or not, instead of letting<br>&gt; me doing the decision of weather I should act’ on the I/O or not).

I see that VSS creates `virtual’ volumes. Is it feasible to create
such a thing that will appear to the system as a virtual volume, and
attach a filter to it that will redirect all I/O to the real volume?
What documentation do I need to read in order to understand what is
required to create a virtual volume?

Thanks,


Aram Hăvărneanu

>I see that VSS creates `virtual’ volumes.

VolSnap is not “subst”, it creates the virtual disk device.


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

On Fri, Aug 20, 2010 at 2:00 AM, Maxim S. Shatskih
wrote:
>>I see that VSS creates `virtual’ volumes.
>
> VolSnap is not “subst”, it creates the virtual disk device.

I know. That is why I am asking how does it accomplish this? Is it
documented somewhere?

Thanks,


Aram Hăvărneanu

I use a simple test for SUBST drive letters. If you try to obtain a GUID for the volume (GetVolumeNameForVolumeMountPoint) and it fails, it could be a SUBST drive letter. Works for my purposes.

Ken

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Thursday, August 19, 2010 2:48 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Attaching to virtual volumes (how does subst.exe work?)

You are indeed correct. What do you recommend to do in this case if the
desire is to filter only stuff that references that `virtual’
letter?

If Q: -> C:\Users\maxim is substed, then your filter cannot distinguish the file open at Q:\path and at C:\Users\maxim\path

Sorry. It is above your filter.


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com


NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer