don, developer,
if you have seen the disk.c code in the sample you will see that in some of
the ioctls it creates an IRP_MJ_READ and sends it down ( see attached code
below), but as far as i know, below disk.sys there is no IRP_MJ_READ, so
what is the use of doing so?
case IOCTL_STORAGE_PREDICT_FAILURE : {
PSTORAGE_PREDICT_FAILURE checkFailure;
STORAGE_FAILURE_PREDICT_STATUS diskSmartStatus;
DebugPrint((2, “IOCTL_STORAGE_PREDICT_FAILURE to device %p through
irp %p\n”,
DeviceObject, Irp));
DebugPrint((2, “Device is a%s.\n”,
commonExtension->IsFdo ? “n fdo” : " pdo"));
checkFailure =
(PSTORAGE_PREDICT_FAILURE)Irp->AssociatedIrp.SystemBuffer;
if (irpStack->Parameters.DeviceIoControl.OutputBufferLength <
sizeof(STORAGE_PREDICT_FAILURE)) {
status = STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Status = sizeof(STORAGE_PREDICT_FAILURE);
break;
}
if(!commonExtension->IsFdo) {
//
// Pdo should issue this request to the lower device object
//
ClassReleaseRemoveLock(DeviceObject, Irp);
ExFreePool(srb);
SendToFdo(DeviceObject, Irp, status);
return status;
}
//
// See if the disk is predicting failure
//
if (diskData->FailurePredictionCapability == FailurePredictionSense)
{
ULONG readBufferSize;
PUCHAR readBuffer;
PIRP readIrp;
IO_STATUS_BLOCK ioStatus;
PDEVICE_OBJECT topOfStack;
KeInitializeEvent(&event, SynchronizationEvent, FALSE);
topOfStack = IoGetAttachedDeviceReference(DeviceObject);
//
// SCSI disks need to have a read sent down to provoke any
// failures to be reported.
//
// Issue a normal read operation. The error-handling code in
// classpnp will take care of a failure prediction by logging
the
// correct event.
//
readBufferSize = fdoExtension->DiskGeometry.BytesPerSector;
readBuffer = ExAllocatePoolWithTag(NonPagedPool,
readBufferSize,
DISK_TAG_SMART);
if (readBuffer != NULL) {
LARGE_INTEGER offset;
offset.QuadPart = 0;
readIrp = IoBuildSynchronousFsdRequest(
IRP_MJ_READ,
topOfStack,
readBuffer,
readBufferSize,
&offset,
&event,
&ioStatus);
if (readIrp != NULL) {
status = IoCallDriver(topOfStack, readIrp);
if (status == STATUS_PENDING) {
KeWaitForSingleObject(&event, Executive, KernelMode,
FALSE, NULL);
status = ioStatus.Status;
}
}
ExFreePool(readBuffer);
}
ObDereferenceObject(topOfStack);
}
From: “madhu Singh”
>Reply-To: “Windows System Software Devs Interest List”
>
>To: “Windows System Software Devs Interest List”
>Subject: Re:[ntdev] disk drivers
>Date: Mon, 08 Aug 2005 17:38:07 +0530
>
>don,
>
>thanks for the prompt help. well, as far as i know, DDK sample does have a
>sample disk.sys implementaion. This implementation handles all the IOCTLs
>that pass through it. So, is it not possible to tap the read write requests
>there and do the encryption and decryption there also?
>
>Below disk.sys all I get is IRP_MJ_INTERNAL_DEVICE_CONTROL (which is
>#defined as IRP_MJ_SCSI). I don’t think there is any sample code to show me
>the implementaiton of that IRP. Also, in that level I need to distinguish
>between, control codes for the firmware which need not be touched and the
>codes for the disk sectors, which needs my attention.
>
>Please help.
>
>Madhu
>
>
>
>
>>From: “Don Burn”
>>Reply-To: “Windows System Software Devs Interest List”
>>
>>To: “Windows System Software Devs Interest List”
>>Subject: Re:[ntdev] disk drivers
>>Date: Mon, 8 Aug 2005 07:53:41 -0400
>>
>>If you filter above DISK.SYS you have to realize that DISK.SYS will
>>perform
>>reads and writes for several things that will not come in a IRP_MJ_READ or
>>IRP_MJ_WRITE. These things include reads and writes of partition data for
>>its own use, and many IOCTL’s.
>>
>>So trying to encrypt sectors above DISK.SYS will cause you all kinds of
>>problems, since the driver itself and the various IOCTL’s use data you
>>have
>>not encrypted. Of course if you add a filter to encrypt below DISK.SYS
>>you
>>have the problem, that much of startup will not pass through your filter,
>>also the crash dump and hybernation I/O will not pass through your filter.
>>
>>For these reasons, it is best to encrypt at the file level with a file
>>system filter, or in the disk hardware.
>>
>>
>>
>>–
>>Don Burn (MVP, Windows DDK)
>>Windows 2k/XP/2k3 Filesystem and Driver Consulting
>>Remove StopSpam from the email to reply
>>
>>
>>
>>“madhu Singh” wrote in message
>>news:xxxxx@ntdev…
>> > Dear all,
>> >
>> > I am a newcomer to the windows driver world. I am trying to write a
>>disk
>> > level encryptor.
>> >
>> > There was some discussion regarding the same a few days back, as far as
>>I
>> > remember, that developer was trying to attach his driver above disk.sys
>> > and
>> > was filtering READ nd WRITE IRPs. All of you told him to attach the
>>driver
>> > as a lower filter instead of an upper filter, as IOCTL calls would be
>> > difficult to handle.
>> >
>> > Can some one please explain the same to me in detail. What I do not
>> > understand is, since my driver is filtering all calls to the disk in
>>READ
>> > and WRITE do i need to put in taps in otehr functions also? Why
>>should
>> > I?
>> > As a disk level driver should essentially only understand READS and
>>WRITES
>> > and not very high level information.
>> >
>> > Madhu.
>> >
>> >
>> > Beautiful Vienna. http://www.coxandkings.com Only with Cox & Kings
>> >
>> >
>>
>>
>>
>>—
>>Questions? First check the Kernel Driver FAQ at
>>http://www.osronline.com/article.cfm?id=256
>>
>>You are currently subscribed to ntdev as: xxxxx@hotmail.com
>>To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>Formula One fan? http://server1.msn.co.in/sp05/tataracing/ Get news,
>wallpapers and photos of Narain Karthikeyan.
>
>
>—
>Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
>
>You are currently subscribed to ntdev as: xxxxx@hotmail.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com
_________________________________________________________________
Try the new MSN Desktop Search Toolbar.
http://server1.msn.co.in/sp05/msntoolbar/index.asp Just answer 3 simple
questions.