I sure hope you are using a test system for your driver. Writing file
system filters is one of the most difficult tasks to accomplish.
Partition encryption is best done with a disk filter driver if it is not
the boot partition, then it gets a lot harder. If you must, read the
docs at OSR. If you don’t know why this happens, you are going to have
major problems writing the driver. It is the cache manager and there
are some requests that are paging IOs and some that are not. What that
means is your first item to discover.
“vartika singh” wrote in message
news:xxxxx@ntfsd…
Hi,
I have to write a driver to encrypt a disk partition.I have planned to
use a file system filter driver.To begin with im using filespy filter
code as it is,with putting in my own read completion routine.Im using
debug view as the debugger right now.
the peculiar thing which im obsrving in the debugger is that the
dispatch routine is being entered five times.
on first open i get 4096 bytes of some garbage data,which includes the
file name,and then the next 4 times i get the file data.
but if i open the same file again i get dispatch entry 3 times.
my dispatch routine and it’s completion routine are given below.
i dnt think it’s some problem with the code.Can anybody explain this to
me.This is my first shot at writing any sort of driver and it has been
only 3 weeks.
NTSTATUS
SpyRead (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp)
{
PFILESPY_DEVICE_EXTENSION pDevExt =
(PFILESPY_DEVICE_EXTENSION)DeviceObject->DeviceExtension;
PREAD_CONTEXT readContext = ExAllocatePoolWithTag( NonPagedPool,
sizeof( PREAD_CONTEXT ),
SPY_READ_TAG
);
NTSTATUS lowerStatus;
PDEVICE_OBJECT gSpyDevObj = DeviceObject;
PIO_STACK_LOCATION pThisIrp = IoGetCurrentIrpStackLocation(Irp);
PIO_STACK_LOCATION pNextIrp = IoGetNextIrpStackLocation(Irp);
PFILE_OBJECT fileObject = pThisIrp->FileObject;//defined in ntddk.h
16885
readContext->offset = fileObject->CurrentByteOffset.LowPart;
PAGED_CODE();
//Im getting this msg 5 times for first open and then 3 times???
DbgPrint(“Entered dispatch routine\n”);
if( ! ( Irp->Flags & IRP_PAGING_IO ) ) {
readContext->pMdl = IoAllocateMdl
(
Irp->UserBuffer,
pThisIrp->Parameters.Read.Length,
FALSE,
FALSE,
NULL
);
DbgPrint(“Allocated new MDL\n”);
__try {
MmProbeAndLockPages( readContext->pMdl, KernelMode, IoModifyAccess );
}
__except( EXCEPTION_EXECUTE_HANDLER) {
IoFreeMdl( readContext->pMdl );
return GetExceptionCode();
}
}
else {
//cannot Probe and Lock on a PAGING_IO request, just pass the MDL
DbgPrint( “PAGING_IO read\n” );
readContext->pMdl = Irp->MdlAddress;
}
//Before calling th FSD with the request,
//set a completion routine where we can do our thing.
IoCopyCurrentIrpStackLocationToNext(Irp);
IoSetCompletionRoutine
(
Irp,
SpyReadCompletion,
readContext,
TRUE,
TRUE,
TRUE
);
lowerStatus = IoCallDriver(
((PFILESPY_DEVICE_EXTENSION)DeviceObject->DeviceExtension)->AttachedToDe
viceObject, Irp );
return lowerStatus;
}
NTSTATUS
SpyReadCompletion (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
UNICODE_STRING readIoBuf;
ULONG buffer;
PCHAR buf;
ULONG i;
PREAD_CONTEXT pReadCtx = (PREAD_CONTEXT)Context;
PDEVICE_OBJECT gSpyPassedDevObj = (PDEVICE_OBJECT)Context;
PFILESPY_DEVICE_EXTENSION pDevExt =
(PFILESPY_DEVICE_EXTENSION)DeviceObject->DeviceExtension;
PIO_STACK_LOCATION pThisIrpComp = IoGetCurrentIrpStackLocation(Irp);
PIO_STACK_LOCATION pNextIrpComp = IoGetNextIrpStackLocation(Irp);
ULONG len = Irp->IoStatus.Information;
DbgPrint( “The length is %wx \n”,len);
if( Irp->IoStatus.Status == STATUS_SUCCESS ) {
if( len > 0 ) {
buffer = (ULONG)MmGetSystemAddressForMdlSafe(
pReadCtx->pMdl,HighPagePriority );
buf = (PCHAR)MmGetSystemAddressForMdlSafe(
pReadCtx->pMdl,HighPagePriority );
DbgPrint ( “Read %d bytes at address %08x from offset %08x\n”, len,
buffer, pReadCtx->offset );
DbgPrint ( “buffer address: %08x, user buffer address: %08x\n”, buffer,
Irp->UserBuffer );
/RtlInitEmptyUnicodeString(&readIoBuf,
readBuf,
sizeof( readBuf )
);/
RtlInitUnicodeString(&readIoBuf,L"This is b test file!“);
//RtlCopyMemory(readIoBuf.Buffer,MmGetSystemAddressForMdl(pReadCtx->pMdl
),len);
DbgPrint(“Before modification the string is %wZ \n”,&readIoBuf);
for(i = 0;iDbgPrint(”%c ,“,buf[i]);
}
//DbgPrint(”%wZ\n",&buf);
DbgPrint(“\n”);
}
else {
DbgPrint ( “Not reading: non positive length from FSD” );
}
}
else {
DbgPrint ( “Not reading : non-zero rc from FSD: %08x \n”,
Irp->IoStatus.Status );
}
if( Irp->Flags & IRP_PAGING_IO ) {
;
}
else {
MmUnlockPages( pReadCtx->pMdl );
IoFreeMdl( pReadCtx->pMdl);
}
if(Irp->PendingReturned) {
IoMarkIrpPending(Irp);
}
ExFreePoolWithTag( pReadCtx, SPY_READ_TAG );
return STATUS_SUCCESS;
}
thanks in advance