my purpose is: monitor files data change in specified path. so, i implement like this:
in IRP_MJ_WRITE pre-op: i created a stream handle context and return FLT_PREOP_SYNCHRONIZE. In post-op: i check io status is STATUS_SUCCESS or not, and set the stream context variable for later use.
but, as MS said: “Minifilter drivers must never return FLT_PREOP_SYNCHRONIZE for asynchronous read or write operations.” MS_link
this mean that i must not return FLT_PREOP_SYNCHRONIZE when current operation is Asyn in IRP_MJ_WRITE pre-op cabllack? Or Must not call FltRead|WriteFile (or similars) with async option in IRP_MJ_WRITE pre-op callback?
pls help me figure it out, thank you.
By returning FLT_PREOP_SYNCHRONIZE you’re forcing all write operations to be synchronous. At a minimum this will kill performance.
is there anyway to run post-op at APC_LEVEL or below in Async write operation?
FltDoCompletionProcessingWhenSafe and FltQueueDeferredIoWorkItem documents also said must not use in IRP_MJ_WRITE.
What do you need to do in post that requires <= APC_LEVEL?
in post-write, i get streamhandle context and set variables like bFileChanged (if IoStatus.Status success) etc.
The FltGetStreamHandleContext run <= APC_LEVEL so, i’m searching for a method to catch Sync/Aync write action for specified paths that the driver monitoring.
You ought to be able to fetch your stream handle context in your pre-op callback, which you can then make available to your post-op callback via CompletionContext by returning FLT_PREOP_SUCCESS_WITH_CALLBACK from your pre-op callback. Naturally, this’ll only work if your stream handle context is allocated from non-paged pool; you’ll also want to release the reference in your post-op callback.
2 Likes