basic redir filtering questions

I have need for information on how to perform filtering over network shares. My need is to be able to monitor and possibly redirect the data for files access remotely. I think the means of doing this is to attach to MUP/Lanman as a filesystem filter and handle this case like the way of doing so for a local file.

My problem is that I haven’t found any documents talking over the way to attach and filter the MUP or Lanman. Can anyone tell where for to locate such information? I do not ask to take up valuable time on this forum for such basic topics, just help me with finding the resources.

Thank you

Milos

xxxxx@gmail.com wrote:

I have need for information on how to perform filtering over network shares. My need is to be able to monitor and possibly redirect the data for files access remotely. I think the means of doing this is to attach to MUP/Lanman as a filesystem filter and handle this case like the way of doing so for a local file.

My problem is that I haven’t found any documents talking over the way to attach and filter the MUP or Lanman. Can anyone tell where for to locate such information? I do not ask to take up valuable time on this forum for such basic topics, just help me with finding the resources.

Is this a mini-filter? If so, you will be notified in your instance
setup callback with a device type set to
FILE_DEVICE_NETWORK_FILE_SYSTEM. For legacy filters you will need to
either attach to MUP or to the redirector itself, depending on the platform.

Pete


Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295

I have need to make a legacy filter and I know that it attach to MUP or redirector. I am looking to get documentation on making the attachment then how to filter.

xxxxx@gmail.com wrote:

I have need to make a legacy filter and I know that it attach to MUP or redirector. I am looking to get documentation on making the attachment then how to filter.

You attach to the redirector device or the mup device as you would any
other device via a call to IoAttachDeviceToDeviceStack(Safe)(). This
will get you into the call stack.

How to filter? Again, as you would do for any legacy filter
implementation. Set up the DriverObject dispatch table, set up the
FastIo dispatch table, attach to the device and start filtering.

If you have an old DDK, I think they pulled legacy filters in 7000 but
maybe 6002, there is a sample that shows you the details of this
attachment processing.

Pete


Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295