Hi all,
we are maintaining an hsm/archive solution that consists of a filesystem minifilter and user mode components. We thought it would be a good idea to “flag” our file operations with USN_SOURCE_DATA_MANAGEMENT using FSCTL_MARK_HANDLE. This works quite well for all user mode operations that we perform on the files. However when we write data to the file using FltWriteFile() from the minifilter the file changes do not get correctly marked in the USN journal. For writing to the file we use a user space handle that is converted into a kernel handle. I also tried to mark the duplicated handle - without success.
Does anybody have some experience with FSCTL_MARK_HANDLE and can help us here?
Thanks in advance!
-Lars
Maybe you can try just to obtain the FO from handle in kernel mode and use FO for you operations. So you have a scenario where you have one handle the one in UM and the FO with 2 references.
I don’t understand why do you need handle in kernel. FltWrite does not even need another handle.
Sorry - my question was not precise. This is what I do: we pass a handle to the filter and obtain a FO from the user space handle. FtlWriteFile works ok but the MARK_HANDLE seems to get lost.
Am 22.01.2017 um 21:01 schrieb xxxxx@kasardia.com:
Maybe you can try just to obtain the FO from handle in kernel mode and use FO for you operations. So you have a scenario where you have one handle the one in UM and the FO with 2 references.
I don’t understand why do you need handle in kernel. FltWrite does not even need another handle.
NTFSD is sponsored by OSR
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:>
Well then I have another tip. Did you make sure you opened the file for unbuffered I/O ?
Secondly, if just using the FO in km does not work why not just either open the file again using FltCreateFile or ZwCreate file and mark that handle as well and use a handle in km as well.