My driver will intercept open operations (pre-IRP_MJ_CREATE) with the intentions of copying files down on-demand. I realize that the driver needs to use FltCreateFile so we don?t send the open to the top of the stack. However, I?m not clear as to what?s the best approach to take regarding the actual file copy.
-
I?ve already written a kernel-mode file copy routine but I would think this is better off being done by our user-mode service. I can?t send the file handle from the FltCreateFile call as the handle is invalid in user-mode. However, using ZwDuplicateObject would allow me to do that, but it is undocumented. I tried this approach in a little prototype driver and it worked well by the way.
-
The driver and service will essentially use FltSendMessage and FilterReplyMessage to pass a buffer back and forth? -> Driver opens the local file for writing and the service opens the source file for reading, but that would seem sloooow as it may require many messages depending on the size of the file. Plus, what?s a good size buffer to use? 1k buffer would be pretty small, imagine copying a 230MB (Or more) file!
-
Or should the driver handle the copy and just send progress updates if necessary? Plus the user-mode service would store state information so the next request won?t require another copy. I don?t have a ton of driver development experience, but copying a file in kernel-mode doesn?t sit well with me.
Any input would be appreciated as to what approach would work best. Thanks in advance.