hello everybody,
I m writting minifilter driver and want to intercept all irp requests. Initially it was not intercepting i/o requests but when i set Debug Flag in registry for my driver in HKEY LOCAL MACHINE/system/CurrentControlSet/services/mydriver to value 0x0 and type DWORD. it started to intercept all irps…I m not getting what is the purpose of this flag actually…can anybody help me? thanking in advance…
If it is in that location of the registry it is a flag owned by your driver,
therefore you should know what it does. This is scary because anyone
asking a question of this level should not be mucking with the file system
stack, go take a class on driver programming, and then get some experience
before trying to deal with the complexities of the file system area.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntfsd…
> hello everybody,
>
> I m writting minifilter driver and want to intercept
> all irp requests. Initially it was not intercepting i/o requests but when
> i set Debug Flag in registry for my driver in HKEY LOCAL
> MACHINE/system/CurrentControlSet/services/mydriver to value 0x0 and type
> DWORD. it started to intercept all irps…I m not getting what is the
> purpose of this flag actually…can anybody help me? thanking in advance…
>
Hi Varun,
I m writting minifilter driver and want to intercept all irp requests. Initially it was not intercepting i/o requests but when i set Debug Flag in >registry for my driver in HKEY LOCAL MACHINE/system/CurrentControlSet/services/mydriver to value 0x0 and type DWORD. it started to intercept all irps…I >m not getting what is the purpose of this flag actually…can anybody help me? thanking in advance…
First of all you should have used the phrase “I am learning how to write mini filters”.
If I am correct, you have taken a sample from WDK and renamed it (and possibly its functions).
But this does not mean that you are writing a minifilter. 
Anyways, the driver writers generally (infact always) like to have debugging information in their driver.
But it is not always needed or if said in a better way, different level (amount) of information is generally preferred in different scenarios.
For this, one ways is to keep on compiling your code again and again with different values of “If” condition that you check before displaying some information (before KdPrint/ DbgPrint). But this is very inefficient.
The better way is to keep a flag in registry, that is read in your driver initialization routine itself. And based on the value of this flag, different levels of information can be printed.
The other use of this flag in your driver might be to tell your mini filter to filter all I/O operations by default or not.
This flag can have any driver defined purpose.
So, it is hard to tell exactly why it is used. 
Try to go through the driver code in detail and then you will understand why it is used.
And consider Don’s advice to learn stuff (by taking classes or atleast reading the documentation & Nagar’s book) thoroughly before getting down to programming.
As Don pointed out, File systems is a complex area.
Every time I read a part of Nagar’s book, my understanding only gets better…
Happy learning…
Regards,
Ayush Gupta
I rather doubt there is any correlation.
On Jan 25, 2008 9:16 AM, wrote:
> hello everybody,
>
> I m writting minifilter driver and want to intercept
> all irp requests. Initially it was not intercepting i/o requests but when i
> set Debug Flag in registry for my driver in HKEY LOCAL
> MACHINE/system/CurrentControlSet/services/mydriver to value 0x0 and type
> DWORD. it started to intercept all irps…I m not getting what is the purpose
> of this flag actually…can anybody help me? thanking in advance…
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@hollistech.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
–
Mark Roddy
The correlation is that suddenly the OP is seeing tracing to the
effect that things are happening that he didn’t know were happening
before and wonders where it came from - just makes the post even more tragic.
At 04:51 PM 1/25/2008, Mark Roddy wrote:
I rather doubt there is any correlation.
On Jan 25, 2008 9:16 AM,
<mailto:xxxxxxxxxx@gmail.com> wrote:
>hello everybody,
>
> I m writting minifilter driver and want to
> intercept all irp requests. Initially it was not intercepting i/o
> requests but when i set Debug Flag in registry for my driver in
> HKEY LOCAL MACHINE/system/CurrentControlSet/services/mydriver to
> value 0x0 and type DWORD. it started to intercept all irps…I m not
> getting what is the purpose of this flag actually…can anybody help
> me? thanking in advance…</mailto:xxxxx>
All of my post are tragic - like this one…
Gess, give the guy a break! Just because he didn’t read the code before he began modifying and using it doesn’t mean anything. This
is a mistake anyone could make
To the OP:
I’ve never seen this flag before - and it appears no one else here has… Look to your Driver_Entry routine to see what this sets…
Matt
From: Mark S. Edwards
To: Windows File Systems Devs Interest List
Sent: Friday, January 25, 2008 10:58 AM
Subject: Re: [ntfsd] Debug Flag
The correlation is that suddenly the OP is seeing tracing to the effect that things are happening that he didn’t know were happening before and wonders where it came from - just makes the post even more tragic.
At 04:51 PM 1/25/2008, Mark Roddy wrote:
I rather doubt there is any correlation.
On Jan 25, 2008 9:16 AM, wrote:
hello everybody,
I m writting minifilter driver and want to intercept all irp requests. Initially it was not intercepting i/o requests but when i set Debug Flag in registry for my driver in HKEY LOCAL MACHINE/system/CurrentControlSet/services/mydriver to value 0x0 and type DWORD. it started to intercept all irps…I m not getting what is the purpose of this flag actually…can anybody help me? thanking in advance…
—
NTFSD is sponsored by OSR
For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com