Hi All,
It seems strange to me that one of the IOCTL i am able to see in procmon when my minifilter. however without my driver that ioctl i am able to see in procmon.
Date & Time: 11-04-2017 15:15:03
Event Class: File System
Operation: IRP_MJ_FILE_SYSTEM_CONTROL
Result: SUCCESS
Path: D:\Shares\test\Plain
TID: 1664
Duration: 0.0000086
Control: 0x902af (Device:0x9 Function:171 Method: 3). as per the osr ioctl decoder i can see this is FSCTL_RKF_INTERNAL. i am not able to understand how come it is happening? if at all if possible to do then please do let me know how to do 
Thanks in advance.
I’m sorry but it’s not clear from your description when you do see and when
you do not see this operation.
Also, why do you care?
-scott
OSR
@OSRDrivers
wrote in message news:xxxxx@ntfsd…
Hi All,
It seems strange to me that one of the IOCTL i am able to see in procmon
when my minifilter. however without my driver that ioctl i am able to see in
procmon.
Date & Time: 11-04-2017 15:15:03
Event Class: File System
Operation: IRP_MJ_FILE_SYSTEM_CONTROL
Result: SUCCESS
Path: D:\Shares\test\Plain
TID: 1664
Duration: 0.0000086
Control: 0x902af (Device:0x9 Function:171 Method: 3). as per the osr ioctl
decoder i can see this is FSCTL_RKF_INTERNAL. i am not able to understand
how come it is happening? if at all if possible to do then please do let me
know how to do
Thanks in advance.