Need help, thanks!
I am facing a difficult problem about windows prefetch.
I am writing a disk filter driver, the main function of which is disk restore.
However, more thing is done correctly. While the filter driver is working, I try to reinstall some application that was installed before filter driver working . After reinstalling the application successfully I run it , but system prompt “.DLL”(not include a name) does not found.
This situation above mention is happen when do not clean C:\Windows\Prefetch\ files before reinstall.
What puzzles me is that I clean C:\Windows\Prefetch files firstly, and then reinstall application .The application can start up successfully !!!
Why ?
xxxxx@foxmail.com wrote:
I am facing a difficult problem about windows prefetch.
I am writing a disk filter driver, the main function of which is disk restore.
However, more thing is done correctly. While the filter driver is working, I try to reinstall some application that was installed before filter driver working . After reinstalling the application successfully I run it , but system prompt “.DLL”(not include a name) does not found.
This situation above mention is happen when do not clean C:\Windows\Prefetch\ files before reinstall.
Are you changing the files at all as they pass through your filter? Are
you changing their location in some way? The prefetch contents are
keyed to specific checksums, and contains NTFS/MFT data that points to
the file. If you interfere with file locations, I can see how that
might break.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
The disk filter changes the sector location whatever file.
Do you mean that the .pf file’s location can not be changed?
I get some information from windows internal, but it does not contain more detail about the relationship between .pf and MFT. I do not know how the .pf works with MFT.
On Apr 27, 2018, at 6:29 PM, xxxxx@foxmail.com wrote:
>
> The disk filter changes the sector location whatever file.
>
> Do you mean that the .pf file’s location can not be changed?
No, what I was trying to say is that the .pf file may have information inside it that includes sector location information for the file it describes. So, if you move XYZ.DLL, then the XYZ.DLL.pf file might point to the wrong locations. Admittedly. I don’t know this is the case, but the fact it contains MFT information at all leads me to suspect it is very file-system specific.
> I get some information from windows internal, but it does not contain more detail about the relationship between .pf and MFT. I do not know how the .pf works with MFT.
Nor do I. You might ask this on the [ntfsd] mailing list, where the cool file system people live.
—
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
thanks.
xxxxx@foxmail.com
From: xxxxx@probo.com
Date: 2018-04-29 13:51
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] storage filter driver & windows prefetch
On Apr 27, 2018, at 6:29 PM, xxxxx@foxmail.com wrote:
>
> The disk filter changes the sector location whatever file.
>
> Do you mean that the .pf file’s location can not be changed?
No, what I was trying to say is that the .pf file may have information inside it that includes sector location information for the file it describes. So, if you move XYZ.DLL, then the XYZ.DLL.pf file might point to the wrong locations. Admittedly. I don’t know this is the case, but the fact it contains MFT information at all leads me to suspect it is very file-system specific.
> I get some information from windows internal, but it does not contain more detail about the relationship between .pf and MFT. I do not know how the .pf works with MFT.
Nor do I. You might ask this on the [ntfsd] mailing list, where the cool file system people live.
—
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
—
NTDEV is sponsored by OSR
Visit the list online at: http:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:>
If this were the case, defrag would wreak havoc unless it handles fixing up
the prefetch file. I’ve done lots of block manipulation, and I don’t recall
ever having an issue with prefetch. I will keep watching this thread as I
might learn something.
On Sun, Apr 29, 2018 at 3:24 AM xxxxx@foxmail.com <
xxxxx@lists.osr.com> wrote:
thanks.
xxxxx@foxmail.com
*From:* xxxxx@probo.com
> Date: 2018-04-29 13:51
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] storage filter driver & windows prefetch
> On Apr 27, 2018, at 6:29 PM, xxxxx@foxmail.com
> wrote:
> >
> > The disk filter changes the sector location whatever file.
> >
> > Do you mean that the .pf file’s location can not be changed?
>
> No, what I was trying to say is that the .pf file may have information
> inside it that includes sector location information for the file it
> describes. So, if you move XYZ.DLL, then the XYZ.DLL.pf file might point
> to the wrong locations. Admittedly. I don’t know this is the case, but the
> fact it contains MFT information at all leads me to suspect it is very
> file-system specific.
>
>
> > I get some information from windows internal, but it does not contain
> more detail about the relationship between .pf and MFT. I do not know how
> the .pf works with MFT.
>
> Nor do I. You might ask this on the [ntfsd] mailing list, where the cool
> file system people live.
> —
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: <
> http://www.osronline.com/showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
>
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: <
> http://www.osronline.com/showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
>
–
Jamey Kirby
Disrupting the establishment since 1964
This is a personal email account and as such, emails are not subject to
archiving. Nothing else really matters.</http:></http:>
Hi, Jamey
What does it mean "If this were the case, defrag would wreak havoc unless it handles fixing up the prefetch file. "?
xxxxx@foxmail.com
From: xxxxx@gmail.com
Date: 2018-04-29 23:25
To: Windows System Software Devs Interest List
Subject: Re: Re: [ntdev] storage filter driver & windows prefetch
If this were the case, defrag would wreak havoc unless it handles fixing up the prefetch file. I’ve done lots of block manipulation, and I don’t recall ever having an issue with prefetch. I will keep watching this thread as I might learn something.
On Sun, Apr 29, 2018 at 3:24 AM xxxxx@foxmail.com wrote:
thanks.
xxxxx@foxmail.com
From: xxxxx@probo.com
Date: 2018-04-29 13:51
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] storage filter driver & windows prefetch
On Apr 27, 2018, at 6:29 PM, xxxxx@foxmail.com wrote:
>
> The disk filter changes the sector location whatever file.
>
> Do you mean that the .pf file’s location can not be changed?
No, what I was trying to say is that the .pf file may have information inside it that includes sector location information for the file it describes. So, if you move XYZ.DLL, then the XYZ.DLL.pf file might point to the wrong locations. Admittedly. I don’t know this is the case, but the fact it contains MFT information at all leads me to suspect it is very file-system specific.
> I get some information from windows internal, but it does not contain more detail about the relationship between .pf and MFT. I do not know how the .pf works with MFT.
Nor do I. You might ask this on the [ntfsd] mailing list, where the cool file system people live.
—
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
—
NTDEV is sponsored by OSR
Visit the list online at: http:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at http:
—
NTDEV is sponsored by OSR
Visit the list online at: http:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at http:
–
Jamey Kirby
Disrupting the establishment since 1964
This is a personal email account and as such, emails are not subject to archiving. Nothing else really matters.
— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at</http:></http:></http:></http:></http:></http:>
On Apr 30, 2018, at 6:33 PM, xxxxx@foxmail.com wrote:
>
> What does it mean "If this were the case, defrag would wreak havoc unless it handles fixing up the prefetch file. "?
The defrag process moves files to different physical locations. He’s quite right, that does poke a hole in my theory, unless the defrag utilities know how to handle it.
—
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.