In my mini filter driver, I want to differentiate between write which happens when a new file is created and when a write happens on the existing file. In case of the existing file, on write I am performing some operation however I want to avoid the same when a new file is created (or file is copied).
Can anyone please suggest?
Thanks.
Hi Sumit,
Your minifilter must observe the information flags on post open and observe if such a file was created at that time or just opened. Take that information from Data->IoStatus.Infomation, which tell us what kind of open/create just happened and set a context on the file stream holding. Later, during a write operation, you get the context from the file stream and checks if the file was opened or created to take the steps you intend.
Regards,
Fernando Roberto da Silva
DriverEntry Kernel Development
http://www.driverentry.com.br
>some operation however I want to avoid the same when a new file is created (or file is copied).
Surely you cannot catch copies in the FltMgr minifilter.
One of the ways of copying the file is to zip it, and then unzip. How can you catch this?
Or use GNU “cat” and do:
cat < SrcFile > DstFile
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com