Before I try this in my code, I want to know if it is theoretically correct.
The filter saves a pointer to a file object when it completes an
IRP_MJ_CREATE. When another IRP_MJ_READ comes to the filter, it calls a user
mode service that calls CopyFile to overwrite the target file that is
already opened by the previous IRP_MJ_CREATE. I prefer to use the user mode
CopyFile instead of kernel mode ZwReadFile/ZwWriteFile, because it is
simple.
Any comment is appreciated.
Shangwu
I think it is theoretically incorrect. If you want to rewrite
a file that is already open, you’ll probably get a sharing
violation when called CopyFile.
L.
I would tend toward agreement with Ladislav on this question; the design is
vulnerable to sharing violation for CopyFile and I would add also perhaps
vulnerable to acccess denied. It is not hard to call ZwReadFile/ZwWriteFile.
“Shangwu” wrote in message news:xxxxx@ntfsd…
> Before I try this in my code, I want to know if it is theoretically
> correct.
> The filter saves a pointer to a file object when it completes an
> IRP_MJ_CREATE. When another IRP_MJ_READ comes to the filter, it calls a
> user mode service that calls CopyFile to overwrite the target file that is
> already opened by the previous IRP_MJ_CREATE. I prefer to use the user
> mode CopyFile instead of kernel mode ZwReadFile/ZwWriteFile, because it is
> simple.
> Any comment is appreciated.
>
> Shangwu
>
>