Hello,
I’ve just come across a problem with some code I maintain (written many
moons ago) that has, until just now happily attached to the Fat file system.
The code is shown below and my question is simple - should this work. My
problem is that with mcafee below us on the stack a BSOD is generated from
fat on the IoGetDeviceObjectPointer, if we use \NTFS instead it works (and
yes this machine has both Fat and NTFS drives). Without mcafee we attach to
Fat just fine.
Is this code just bad - I do know of another way to do it (as I have another
filter which that works ok), but the architecture of this old filter means
make it very hard to implement the other technique (with out some major
changes). Or is something sinister happending with Mcafee ?
Is \Fat the wrong name - and in case you are wondering, its XP related.
PDEVICE_OBJECT FindDeviceObject()
{
PFILE_OBJECT pFileObject;
PDEVICE_OBJECT pFSDeviceObject = NULL;
UNICODE_STRING usDeviceName;
NTSTATUS status;
RtlInitUnicodeString( &usDeviceName, L"\Fat" );
status = IoGetDeviceObjectPointer(&usDeviceName,
desiredAccess,
&pFileObject,
&pFSDeviceObject);
if (NT_SUCCESS(status))
{
pFSDeviceObject = pFileObject->DeviceObject;
ObDereferenceObject(pFileObject);
// When attaching to Virus scanning filters the
DeviceObject
// returned from IoGetDeviceObjectPointer() is of no
use. This
// is because all the VS device objects are chained
together, so
// we end up cycling round these every time we attach to
an FSD.
// So default to always using FileObject->DeviceObject.
return pFSDeviceObject;
}
}
Thanks for any assistance,
David.
David C. Wyles , mailto:xxxxx@macrovisioneurope.com
Macrovision , http://www.macrovision.com
Home: mailto:xxxxx@splitsplat.co.uk , http://www.splitsplat.co.uk
Hotmail: mailto:xxxxx@hotmail.com
PRIVACY AND CONFIDENTIALITY NOTICE
This email and any attachments are confidential and may also be privileged.
If you have received this message by mistake, please contact us immediately
and then delete the message from your system. You must not copy,
distribute, disclose or act upon the contents of this email.
This e-mail and/or any replies to it, and any attachments may be
intercepted, copied or monitored by Macrovision Europe Limited for the
purposes set out in the Telecommunications (Lawful Business Practices)
(Interception of Communications) Regulations 2000.