I have problems in writing a minifilter driver.
I wrote a minifilter driver that basically redirects files to another folder.
So when a file is created or read in folder SOURCE it redirects to REDIRECTED.
To do this, I hook the IRP_MJ_CREATE (preoperation) and IRP_MJ_SET_INFORMATION (preoperation for FileRenameInformation).
In the IRP_MJ_CREATE I use the STATUS_REPARSE/IO_REPARSE/FltSetCallbackDataDirty approach modifying the Data->Iopb->TargetFileObject->FileName value.
In the IRP_MJ_SET_INFORMATION case I use the FltSetInformationFile/FltSetCallbackDataDirty approach.
All works OK: I save files to SOURCE and I see it in REDIRECTED… When I do a copy (drag&drop with ctrl pressed) if the file exists in REDIRECTED (I drop it in source) then I am asked to overwrite the file.
However if this operation is from Outlook (I select an Outlook attachment and drag it to SOURCE and the file exists) then nothing is asked even if the file exists in REDIRECTED.
I think maybe Outlook does the verification to see if the file exists using something like FindFirstFile and it does not trigger a file open…
Any suggestions?
Are you checking for the SL_OPEN_TARGET_DIRECTORY flag in pre-create?
This is where the apps check to see if the target exists or not since
the open is not for the final component provided but instead for the
parent of the final component, then the underlying fs returns whether
the final component actually exists or not. So if you are doing a
reparse, you should handle this access correctly.
Pete
–
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295
------ Original Message ------
From: xxxxx@speedy.com.ar
To: “Windows File Systems Devs Interest List”
Sent: 8/19/2016 1:38:16 PM
Subject: [ntfsd] problems with minifilter that redirects files
>I have problems in writing a minifilter driver.
>I wrote a minifilter driver that basically redirects files to another
>folder.
>So when a file is created or read in folder SOURCE it redirects to
>REDIRECTED.
>To do this, I hook the IRP_MJ_CREATE (preoperation) and
>IRP_MJ_SET_INFORMATION (preoperation for FileRenameInformation).
>In the IRP_MJ_CREATE I use the
>STATUS_REPARSE/IO_REPARSE/FltSetCallbackDataDirty approach modifying
>the Data->Iopb->TargetFileObject->FileName value.
>In the IRP_MJ_SET_INFORMATION case I use the
>FltSetInformationFile/FltSetCallbackDataDirty approach.
>
>All works OK: I save files to SOURCE and I see it in REDIRECTED… When
>I do a copy (drag&drop with ctrl pressed) if the file exists in
>REDIRECTED (I drop it in source) then I am asked to overwrite the file.
>However if this operation is from Outlook (I select an Outlook
>attachment and drag it to SOURCE and the file exists) then nothing is
>asked even if the file exists in REDIRECTED.
>
>I think maybe Outlook does the verification to see if the file exists
>using something like FindFirstFile and it does not trigger a file
>open…
>
>Any suggestions?
>
>—
>NTFSD is sponsored by OSR
>
>
>MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>software drivers!
>Details at http:
>
>To unsubscribe, visit the List Server section of OSR Online at
>http:</http:></http:>
Process Monitor and FileSpy are your friends, see what operations Outlook is
sending and the responses that it’s getting back.
Also, refer to the NameChanger sample on MSDN:
https://github.com/Microsoft/Windows-driver-samples/tree/master/filesys/miniFilter/NameChanger
There’s lots of annoying processing that needs done in order to do this
properly and the sample is very illustrative.
-scott
OSR
@OSRDrivers
wrote in message news:xxxxx@ntfsd…
I have problems in writing a minifilter driver.
I wrote a minifilter driver that basically redirects files to another
folder.
So when a file is created or read in folder SOURCE it redirects to
REDIRECTED.
To do this, I hook the IRP_MJ_CREATE (preoperation) and
IRP_MJ_SET_INFORMATION (preoperation for FileRenameInformation).
In the IRP_MJ_CREATE I use the
STATUS_REPARSE/IO_REPARSE/FltSetCallbackDataDirty approach modifying the
Data->Iopb->TargetFileObject->FileName value.
In the IRP_MJ_SET_INFORMATION case I use the
FltSetInformationFile/FltSetCallbackDataDirty approach.
All works OK: I save files to SOURCE and I see it in REDIRECTED… When I do
a copy (drag&drop with ctrl pressed) if the file exists in REDIRECTED (I
drop it in source) then I am asked to overwrite the file.
However if this operation is from Outlook (I select an Outlook attachment
and drag it to SOURCE and the file exists) then nothing is asked even if the
file exists in REDIRECTED.
I think maybe Outlook does the verification to see if the file exists using
something like FindFirstFile and it does not trigger a file open…
Any suggestions?
Thanks All.
SL_OPEN_TARGET_DIRECTORY is not set in IRP_MJ_CREATE. I traced it and I saw that this flag is not set when this action is done.
The involved process is explorer.exe. When you drag an attachment from Outlook to explorer, Outlook calls the DoDragDrop API and internally talking this causes that explorer.exe calls shell32.dll, and at the same time it calls FindFirstFileW (kernel32) and it finally calls ZwQueryDirectoryFile in ntdll.dll. I inspected all this using process monitor.
This ZwQueryDirectoryFile API is linked with IRP_MJ_DIRECTORY_CONTROL/IRP_MN_QUERY_DIRECTORY/FileBothDirectoryInformation based on what I found out in internet.
The NameChanger sample is not what I am searching for… in fact what I need to do is to detect when a new file is about to be created in a given folder (e.g. FOLDER), and redirect this creation to another (e.g. REDIRECTED) folder that will process this file and will copy the processed file (changing its name and copying it back to FOLDER).
Now I want to redirect the call to the REDIRECTED folder when ZwQueryDirectoryFile is called for a file located in FOLDER.
I tried to do the same I did in IRP_MJ_CREATE (precreate): To apply the STATUS_REPARSE/IO_REPARSE/FltSetCallbackDataDirty approach. Unfortunately nothing different happens. For example suppose the file test.txt exists in REDIRECTED but not in FOLDER… and the user makes a drag&drop from an outlook attachment to FOLDER… the question to overwrite the file is not made so it means that it’s not well redirected to REDIRECTED.
Any thoughts?