I am attempting to write a content screener filter driver. The usermode piece for this is able to start up the service corresponding to the driver just fine, but when I try to open the device to communicate with it I get error 0x1 (Incorrect function). I am not sure what I am doing wrong.
hDevice = CreateFile( L"\\.\FileWatcher",
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
0, // I have experimented with this value being file_attribute_normal
NULL );
When I run winobj I see \Filesystem\Filters\FileWatcher in there.
When I ran procmon to capture all the calls made by the user mode app, I did not see the createfile call to filewatcher in there though …
Am I doing something blatantly wrong here … is there a more definitive way to debug this?
Thanks
Nazim
File system filters are not my thing, but starting with the basics, have you registered a handler for IRP_MJ_CREATE, and if so, what
status is it returning?
Good luck,
mm
xxxxx@gmail.com wrote:
I am attempting to write a content screener filter driver. The usermode piece for this is able to start up the service corresponding to the driver just fine, but when I try to open the device to communicate with it I get error 0x1 (Incorrect function). I am not sure what I am doing wrong.
hDevice = CreateFile( L"\\.\FileWatcher",
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
0, // I have experimented with this value being file_attribute_normal
NULL );
When I run winobj I see \Filesystem\Filters\FileWatcher in there.
When I ran procmon to capture all the calls made by the user mode app, I did not see the createfile call to filewatcher in there though …
Am I doing something blatantly wrong here … is there a more definitive way to debug this?
Thanks
Nazim
Hi!
“\Filesystem\Filters\FileWatcher” is *not* your device. It has to appear
under “\Device” *and* you will have to create a symbolic link to/from Win32
namespace “??”.
wrote news:xxxxx@ntfsd…
>I am attempting to write a content screener filter driver. The usermode
>piece for this is able to start up the service corresponding to the driver
>just fine, but when I try to open the device to communicate with it I get
>error 0x1 (Incorrect function). I am not sure what I am doing wrong.
>
> hDevice = CreateFile( L"\\.\FileWatcher",
> GENERIC_READ | GENERIC_WRITE,
> 0,
> NULL,
> OPEN_EXISTING,
> 0, // I have experimented with this value being
> file_attribute_normal
> NULL );
>
> When I run winobj I see \Filesystem\Filters\FileWatcher in there.
> When I ran procmon to capture all the calls made by the user mode app, I
> did not see the createfile call to filewatcher in there though …
>
> Am I doing something blatantly wrong here … is there a more definitive
> way to debug this?
>
> Thanks
> Nazim
>
>
>
Ok, so I had multiple issues in my code.
-
My link name was totally different
IoCreateSymbolicLink(L"\DosDevices\FileWatcher", L"\FileSystem\Filters\FileWatcher");
-
IRP_MJ_CREATE was getting handled erroneously by my pass-through dispatch function.
Fixing both of those has got me moving.
Thanks for the help guys.