DirectoryBuffer Access

OSR_Community_User · October 14, 2005, 11:58pm

I am at a loss as to what is going wrong here. If I attempt to access
something like retBuffer->NextEntryOffset I get numbers that are cleary
wrong due to extreme size. I know there is information in the
DirectoryBuffer by the value in iopb->
Parameters.DirectoryControl.QueryDirectory.Length.

This code is just injected striaght into the swapbuffers example. I read 8
page returns on accessing this buffer in reference to hiding files but none
of them seems to deal with examples pertaining to minifilters.

PFILE_BOTH_DIR_INFORMATION retBuffer = NULL;

if ( iopb->MinorFunction == IRP_MN_QUERY_DIRECTORY )
{

if ( iopb->Parameters.DirectoryControl.QueryDirectory.FileInformationClass==
FileBothDirectoryInformation )
{
retBuffer = (PFILE_BOTH_DIR_INFORMATION) iopb->
Parameters.DirectoryControl.QueryDirectory.DirectoryBuffer;
}

Any help or links to information that I could use to figure this out would
be much appriciated.
(Waiting for OSR to reprint the book and hopefully it can also clear up alot
of questions)
Jason

OSR_Community_User · October 15, 2005, 9:00am

Are you checking this in the completion and only if it succeeded? If
so there is no reason this would fail.

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · October 15, 2005, 10:30am

Yes it is in the completion. I also checked it in safe completion. I am sure
it is something very minor I am missing but it eludes me.

On 10/15/05, Dejan Maksimovic wrote:
>
>
> Are you checking this in the completion and only if it succeeded? If
> so there is no reason this would fail.
>
> –
> Kind regards, Dejan M.
> http://www.alfasp.com E-mail: xxxxx@alfasp.com
> Alfa Transparent File Encryptor - Transparent file encryption services.
> Alfa File Protector - File protection and hiding library for Win32
> developers.
> Alfa File Monitor - File monitoring library for Win32 developers.
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

OSR_Community_User · October 15, 2005, 11:20am

It appears it is my lack of understanding that is the problem. In
SwapPostDirCtrlBufferWhenSafe()

if I use p2pCtx->SwappedBuffer instead of
iopb->Parameters.DirectoryControl .QueryDirectory.DirectoryBuffer;
It works fine. I guess what I am missing is why is the data still not stored
in the orignal DirectoryBuffer?

On 10/15/05, Jason T wrote:
>
> Yes it is in the completion. I also checked it in safe completion. I am
> sure it is something very minor I am missing but it eludes me.
>
> On 10/15/05, Dejan Maksimovic wrote:
> >
> >
> > Are you checking this in the completion and only if it succeeded? If
> > so there is no reason this would fail.
> >
> > –
> > Kind regards, Dejan M.
> > http://www.alfasp.com E-mail: xxxxx@alfasp.com
> > Alfa Transparent File Encryptor - Transparent file encryption services.
> > Alfa File Protector - File protection and hiding library for Win32
> > developers.
> > Alfa File Monitor - File monitoring library for Win32 developers.
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@gmail.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
>
>

OSR_Community_User · October 15, 2005, 2:48pm

Check out where it copies the data back to the original buffer…
this is purely a programming problem not a minifilter related one.

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · October 15, 2005, 3:26pm

Yes I realize this, my question was for a little clarity on the operation. I
was under the impression this was a list for question and answer? If this is
only a code bugcheck list I can look elsewhere for information and apologize
for posting in the wrong place.

On 10/15/05, Dejan Maksimovic wrote:
>
>
> Check out where it copies the data back to the original buffer…
> this is purely a programming problem not a minifilter related one.
>
> –
> Kind regards, Dejan M.
> http://www.alfasp.com E-mail: xxxxx@alfasp.com
> Alfa Transparent File Encryptor - Transparent file encryption services.
> Alfa File Protector - File protection and hiding library for Win32
> developers.
> Alfa File Monitor - File monitoring library for Win32 developers.
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

OSR_Community_User · October 15, 2005, 3:36pm

Re read my recent post and reading it cold it kind of comes off as rude, was
not my intention. I am still new to minifilter programing and just
attempting to trace down how these operations are working and why.

I do appriciate the help you have offered and making progress in the
understanding deparment. But want to make sure I am in the right place for
such questions and not spaming a list that does not apply to such
questions…

Jason

On 10/15/05, Jason T wrote:
>
> Yes I realize this, my question was for a little clarity on the operation.
> I was under the impression this was a list for question and answer? If this
> is only a code bugcheck list I can look elsewhere for information and
> apologize for posting in the wrong place.
>
> On 10/15/05, Dejan Maksimovic wrote:
> >
> >
> > Check out where it copies the data back to the original buffer…
> > this is purely a programming problem not a minifilter related one.
> >
> > –
> > Kind regards, Dejan M.
> > http://www.alfasp.com E-mail: xxxxx@alfasp.com
> > Alfa Transparent File Encryptor - Transparent file encryption services.
> > Alfa File Protector - File protection and hiding library for Win32
> > developers.
> > Alfa File Monitor - File monitoring library for Win32 developers.
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@gmail.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
>
>

OSR_Community_User · October 15, 2005, 3:41pm

Sorry for sounding so.
The code copies the data to the original buffer in the:

RtlCopyMemory( origBuf,
p2pCtx->SwappedBuffer,
iopb->Parameters.DirectoryControl.QueryDirectory.Length
);
line.
Notice there are two procedures which may do this (the actual post
operation and the do processing when safe). Obviously should you do any
processing before this line you would get invalid data.
The correct way to do processing would be to process YOUR buffer and
copy the data back to the original buffer after.

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · October 15, 2005, 3:50pm

It’s the right place.

I do appriciate the help you have offered and making progress in the
understanding deparment. But want to make sure I am in the right place
for such questions and not spaming a list that does not apply to such
questions…

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · October 15, 2005, 3:54pm

I guess what confused me the most is why are we copying the buffer in the
pre function and then passing it around through the p2pctx structure. My
guess is because its example code but if it is in the pre function are we
not still waiting for the data to be filled into the buffer?

Me and my friend KdPrint (I really should have learned how to use a debugger
better) are going to put in some heavy work I guess to determine why things
are being done the way they are in the example.

Thanks agian,

Jason

On 10/15/05, Dejan Maksimovic wrote:
>
>
> Sorry for sounding so.
> The code copies the data to the original buffer in the:
>
> RtlCopyMemory( origBuf,
> p2pCtx->SwappedBuffer,
> iopb->Parameters.DirectoryControl.QueryDirectory.Length
> );
> line.
> Notice there are two procedures which may do this (the actual post
> operation and the do processing when safe). Obviously should you do any
> processing before this line you would get invalid data.
> The correct way to do processing would be to process YOUR buffer and
> copy the data back to the original buffer after.
>
> –
> Kind regards, Dejan M.
> http://www.alfasp.com E-mail: xxxxx@alfasp.com
> Alfa Transparent File Encryptor - Transparent file encryption services.
> Alfa File Protector - File protection and hiding library for Win32
> developers.
> Alfa File Monitor - File monitoring library for Win32 developers.
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

OSR_Community_User · October 16, 2005, 6:32am

Are you sure you’re watching the correct functions?
SwapPreDirCtrlBuffers does not copy the buffer - it simply creates a new
one, accompanying MDL for the new buffer, and replaces the pointers in
the Iopb. It is only the completion (or the safe completion path) that
copy the data back to the original buffer.
On the other hand, the Write handler routine copies the data in the
pre-operation and does cleanup in the completion only.

The reason the buffers are passed via the p2pCtx is because the
parameters the completion receives are the ORIGINAL parameters, not the
changed ones - this differs from the legacy filter model.

Jason T wrote:

I guess what confused me the most is why are we copying the buffer in
the
pre function and then passing it around through the p2pctx structure.
My
guess is because its example code but if it is in the pre function are
we
not still waiting for the data to be filled into the buffer?

Me and my friend KdPrint (I really should have learned how to use a
debugger better) are going to put in some heavy work I guess to
determine why things are being done the way they are in the example.

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · October 16, 2005, 12:45pm

Yes, after looking at the code my best guess was that SwapPreDirCtrlBuffer
created a new buffer swapped pointers and the original was placed in p2pctx.
So when I access the orignal buffer later on in SwapPostDirCtrlBuffer it was
just a blank copy? p2pctx held the data I needed and was copied back over to
the original later in the function. Should be why I could access the data
through the p2pctx pointer and not iopb->
Parameters.DirectoryControl.QueryDirectory.DirectoryBuffer

If this is correct then I have no need for the SwapPreDirCtrlBuffer since I
only want to modify the data later on in the SwapPostDirCtrlBuffer. I think
I had poor understanding of what the example was doing in contrast to what I
needed it to do.

Hopefully I am more on track now.

Thanks,

Jason

On 10/16/05, Dejan Maksimovic wrote:
>
>
> Are you sure you’re watching the correct functions?
> SwapPreDirCtrlBuffers does not copy the buffer - it simply creates a new
> one, accompanying MDL for the new buffer, and replaces the pointers in
> the Iopb. It is only the completion (or the safe completion path) that
> copy the data back to the original buffer.
> On the other hand, the Write handler routine copies the data in the
> pre-operation and does cleanup in the completion only.
>
> The reason the buffers are passed via the p2pCtx is because the
> parameters the completion receives are the ORIGINAL parameters, not the
> changed ones - this differs from the legacy filter model.
>
> Jason T wrote:
>
> > I guess what confused me the most is why are we copying the buffer in
> > the
> > pre function and then passing it around through the p2pctx structure.
> > My
> > guess is because its example code but if it is in the pre function are
> > we
> > not still waiting for the data to be filled into the buffer?
> >
> > Me and my friend KdPrint (I really should have learned how to use a
> > debugger better) are going to put in some heavy work I guess to
> > determine why things are being done the way they are in the example.
>
> –
> Kind regards, Dejan M.
> http://www.alfasp.com E-mail: xxxxx@alfasp.com
> Alfa Transparent File Encryptor - Transparent file encryption services.
> Alfa File Protector - File protection and hiding library for Win32
> developers.
> Alfa File Monitor - File monitoring library for Win32 developers.
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>