I want to send requests to current instance in presetinfo callback, that means i want to see the write request in my prewrite callback. According to MSDN: “FltWriteFile causes a write request to be sent to the minifilter driver instances attached below the initiating instance and to the file system. The specified instance and the instances attached above it do not receive the write request.”, it seems i need to get upper instance by FltGetUpperInstance and call FltWriteFile with it. Or maybe i should use ZwWriteFile directly, can anyone advise how should i implement it?
You have two options, depending on what you exactly what to achieve
- Set the Instance parameter to NULL which will send the request from the top of the stack (this is the more usual)
- Call FltGetUpperInstance to find the (instantaneous) instance above you.
> @rod_widdowson said: > You have two options, depending on what you exactly what to achieve > 1. Set the Instance parameter to NULL which will send the request from the top of the stack (this is the more usual) > 2. Call FltGetUpperInstance to find the (instantaneous) instance above you. but msdn explicitly mentions that first parameter of FltWriteFile can’t be NULL.
Oh, that’s weird. I’ve never had to bother about that - so FltGetUpper or FltGetTopmost is what you want.
now i have another problem about writing data in postsetfileinfo(SetEndOfFileInformation…) callback. I am writing an encryption driver. When a file is extended by seteofinfo, i need to fill extended data with encrypted data so that applications see zero data which is filesystem’s default behavior. However when i call FltWriteFile in postsetinfo callback i got a deadlock freeze:
00 fffff68391081360 fffff806380dffa0 nt!KiSwapContext+0x76
01 fffff683910814a0 fffff806380df4cf nt!KiSwapThread+0x500
02 fffff68391081550 fffff80638073a13 nt!KiCommitThreadWait+0x14f
03 fffff683910815f0 fffff80638130cec nt!KeWaitForGate+0xcb
04 fffff68391081640 fffff806384ff5bb nt!MiReferenceControlArea+0x208
05 fffff683910816d0 fffff806384fed64 nt!MiCreateImageOrDataSection+0x17b
06 fffff683910817c0 fffff80638475214 nt!MiCreateSection+0xf4
07 fffff68391081940 fffff8063810b852 nt!MmCreateCacheManagerSection+0x4c
08 fffff683910819c0 fffff8063de934ce nt!CcInitializeCacheMapEx+0x442
09 fffff68391081ac0 fffff8063dea439a Ntfs!NtfsInitializeCacheMap+0x76
0a fffff68391081b20 fffff8063dea2de3 Ntfs!NtfsCommonWrite+0x133a
0b fffff68391081d50 fffff806380cd805 Ntfs!NtfsFsdWrite+0x1d3
0c fffff68391081e20 fffff806377d6ccf nt!IofCallDriver+0x55
0d fffff68391081e60 fffff806377d8266 FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
0e fffff68391081ed0 fffff806377d15ce FLTMGR!FltPerformSynchronousIo+0x2e6
0f fffff68391081f70 fffff806377d1411 FLTMGR!FltWriteFileEx+0x1ae
10 fffff68391082070 fffff80636e763db FLTMGR!FltWriteFile+0x51
11 fffff683910820e0 fffff80636e74edb myefs!MyWriteZeroData+0xcb
12 fffff68391082160 fffff806377d5747 myefs!MyPostSetInformation+0x207 // SetEndOfFileInformation
13 fffff683910821f0 fffff806377d5018 FLTMGR!FltpPerformPostCallbacksWorker+0x347
14 fffff683910822c0 fffff806377d6d62 FLTMGR!FltpPassThroughCompletionWorker+0xf8
15 fffff68391082360 fffff806377d48d3 FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x322
16 fffff683910823d0 fffff806380cd805 FLTMGR!FltpDispatch+0xa3
17 fffff68391082430 fffff80638460f96 nt!IofCallDriver+0x55
18 fffff68391082470 fffff8063840ba87 nt!FsRtlSetFileSize+0xd6
19 fffff683910824f0 fffff8063840afcb nt!MiCreateDataFileMap+0x30f
1a fffff68391082560 fffff806384ff71b nt!MiCreateNewSection+0x153
1b fffff683910826d0 fffff806384fed64 nt!MiCreateImageOrDataSection+0x2db
1c fffff683910827c0 fffff806384feb47 nt!MiCreateSection+0xf4
1d fffff68391082940 fffff806384fe92c nt!MiCreateSectionCommon+0x207
1e fffff68391082a20 fffff80638205fb5 nt!NtCreateSection+0x5c
1f fffff68391082a90 00007ffe69f4c6d4 nt!KiSystemServiceCopyEnd+0x25
One way i have in my mind is to use FLTFL_IO_OPERATION_NON_CACHED to write data to disk directly, but considering this flag requires length aligned by sector, it seems i will have to set eof again after FltWriteFile, am i correct or is there any other good solution?
Don’t send non paging IO down in the context of a paging IO.
@Haibo said:
now i have another problem about writing data in postsetfileinfo(SetEndOfFileInformation…) callback. I am writing an encryption driver. When a file is extended by seteofinfo, i need to fill extended data with encrypted data so that applications see zero data which is filesystem’s default behavior. However when i call FltWriteFile in postsetinfo callback i got a deadlock freeze:
It’s been a while since I checked this, but if the user EXTENDS the file size, don’t you get IRP_MJ_WRITE with IRP_NOCACHE (and also IRP_PAGING_IO I think?) automatically for the extended region?
If you are trying to write your own data, without a shadow file object, which is what 99.99% of encryption filter writes think they can get away with, and what you seem to be doing here, have fun 
@Dejan_Maksimovic said:
It’s been a while since I checked this, but if the user EXTENDS the file size, don’t you get IRP_MJ_WRITE with IRP_NOCACHE (and also IRP_PAGING_IO I think?) automatically for the extended region?
no, at least for ntfs, it is not sent because ntfs can manage valid data length by itself. I may need to do it in fat way, filling zero data in cleanup…
It’s been a while since I checked this, but if the user EXTENDS the file size, don’t you get IRP_MJ_WRITE with IRP_NOCACHE (and also IRP_PAGING_IO I think?)
- When a user extends a section you get a paging MJ_SETINFO/FileSetInformationFile
- When the cache manager moves its vdl foward you MJ_SETINFO/FileSetInformationFile/AdvanceOnly - I’ve never check to see if its paging or not I have to say
It is the first that has happened here
- We are in section create so the FSD has taken the locks it needs.
- the filter has issued a non paging write in response to to a paging set info. Depending on the FSD this will deadlock.
like I said:
Don’t send non paging IO down in the context of a paging IO.
1 Like