Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

FILE OBJECT TYPES AND OWNERSHIP

OSR_Community_UserOSR_Community_User Member Posts: 110,217
Hi All,

I'm searching for the docs on *type* field on _FILE_OBJECT. Also
once we have a valid
FILEOBJECT created by I/O mgr, is it possible to know the owner ??

thanx
prokash

Comments

  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    I *think* that the FILE_OBJECT 'type' field is simply part of the
    signature of that structure along with the Size field(many DDK structures
    start start off with a type and size field so, I suppose, the type of
    structure can be determined when the pointer is ambiguous.
    To get the owner of the file, you can create an IRP of type
    IRP_MJ_QUERY_SECURITY with a SecurityInformation of
    OWNER_SECURITY_INFORMATION and send it to the FSD. You can extract the
    owner from the returned security descriptor.


    Hi All,

    I'm searching for the docs on *type* field on _FILE_OBJECT. Also
    once we have a valid
    FILEOBJECT created by I/O mgr, is it possible to know the owner ??

    thanx
    prokash


    ---
    You are currently subscribed to ntfsd as: [email protected]
    To unsubscribe send a blank email to $subst('Email.Unsub')
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    thanx so much.

    Actually, I am in the file system driver. I thought that may be I would
    be able to see the type of the
    file object for which this IRP has come, and the owner of the
    fileobject.

    prokash

    "Smith, Joel" wrote:

    >
    >
    > I *think* that the FILE_OBJECT 'type' field is simply part of
    > the signature of that structure along with the Size field(many DDK
    > structures start start off with a type and size field so, I suppose,
    > the type of structure can be determined when the pointer is ambiguous.
    >
    > To get the owner of the file, you can create an IRP of type
    > IRP_MJ_QUERY_SECURITY with a SecurityInformation of
    > OWNER_SECURITY_INFORMATION and send it to the FSD. You can extract
    > the owner from the returned security descriptor.
    >
    > Hi All,
    >
    > I'm searching for the docs on *type* field on _FILE_OBJECT.
    > Also
    > once we have a valid
    > FILEOBJECT created by I/O mgr, is it possible to know the owner ??
    >
    > thanx
    > prokash
    >
    > ---
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    If you call IoGetRequestorProcess(Irp), it will return the process object
    that generated the request (EPROCESS).


    Jame
    StorageCraft

    -----Original Message-----
    From: [email protected]
    [mailto:[email protected]]On Behalf Of Prokash Sinha
    Sent: Wednesday, March 01, 2000 9:24 AM
    To: File Systems Developers Interest List
    Subject: [ntfsd] RE: FILE OBJECT TYPES AND OWNERSHIP


    thanx so much.
    Actually, I am in the file system driver. I thought that may be I would be
    able to see the type of the
    file object for which this IRP has come, and the owner of the fileobject.

    prokash

    "Smith, Joel" wrote:


    I *think* that the FILE_OBJECT 'type' field is simply part of
    the signature of that structure along with the Size field(many DDK
    structures start start off with a type and size field so, I suppose, the
    type of structure can be determined when the pointer is ambiguous.

    To get the owner of the file, you can create an IRP of type
    IRP_MJ_QUERY_SECURITY with a SecurityInformation of
    OWNER_SECURITY_INFORMATION and send it to the FSD. You can extract the
    owner from the returned security descriptor.

    Hi All,

    I'm searching for the docs on *type* field on _FILE_OBJECT. Also
    once we have a valid
    FILEOBJECT created by I/O mgr, is it possible to know the owner ??

    thanx
    prokash

    ---
    You are currently subscribed to ntfsd as: [email protected]
    To unsubscribe send a blank email to $subst('Email.Unsub')
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 24 January 2022 Live, Online
Internals & Software Drivers 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online
Developing Minifilters 23 May 2022 Live, Online