Hi.
I want to know when FLT_FILE_CONTEXT is freeing.
I’ve seen that FLT_FILE_CONTEXT is freed when unloading, but if the driver isn’t unloaded, isn’t it constantly accumulating in memory?
Have a problem?
(FLT_STREAMHANDLE_CONTEXT confirms that CloseHandle() will be freed.)
I want to detect the scenario below.
1. Rename File-1 in Process-1 (File-1 -> File-2) 2. Detect if the name has been changed when File-2 CreateFile() in Process-2