File Create Flags (was Re: user mode set valid data length?)

OSR_Community_User · December 19, 2002, 12:05pm

The fields in the IRP and stack location map directly
to the parameters of ZwCreateFile or NtCreateFile. As
I understand it, the WIN32 API maps fopen (and other
create calls) to NtCreateFile.

Here is where you can look in the IRP and stack for
different flags and stuff:

DesiredAccess ->
currentIrpStack->Parameters.Create.SecurityContext->DesiredAccess

IoStatus -> Irp->IoStatus

FileAttributes ->
currentIrpStack->Parameters.Create.FileAttributes

ShareAccess ->
currentIrpStack->Parameters.Create.ShareAccess

CreateDisposition ->
currentIrpStack->Parameters.Create.Options >> 24

CreateOptions ->
currentIrpStack->Parameters.Create.Options

Look at the ddk doc and ntddk.h for values for these
params.

Randy Cook
FSLogic Inc.

— AGTU wrote:
> Hello All,
>
> I wrote filter driver. I need known how i get right
> file access ?
> Example, in User mode:
> FILE *fl;
> fl=fopen(“data.txt”,“rb”);
>
> How i get in Kernel mode right “rb” ?
> I get IRP_MJ_CREATE message. When saved right in it
> ?
>
>
> –
> Best regards,
> Yury
> mailto:xxxxx@agtu.secna.ru
>
>
>
> —
> You are currently subscribed to ntfsd as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
%%email.unsub%%

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Carl_Appellof · December 31, 2002, 12:22pm

“Randy Cook” wrote in message news:xxxxx@ntfsd…
>
> The fields in the IRP and stack location map directly
> to the parameters of ZwCreateFile or NtCreateFile. As
> I understand it, the WIN32 API maps fopen (and other
> create calls) to NtCreateFile.
>
> — AGTU wrote:
> > Hello All,
> >
> > I wrote filter driver. I need known how i get right
> > file access ?
> > Example, in User mode:
> > FILE *fl;
> > fl=fopen(“data.txt”,“rb”);
> >
> > How i get in Kernel mode right “rb” ?

Randy gives a good tip about the NtCreateFile parameters for a CREATE. You
can find the “r” part of fopen(…,“rb”) that way. But the “b” is specific
to the C runtime library, I think. It means open the file in “binary” mode,
that is, no text translation of ‘\n’, etc. Such a concept is foreign to the
native NT I/O routines, and in fact foreign to Win32 file I/O routines too.
Using either set of lower level I/O routines will always give you “binary”
access to the file, with no text translation at all.

Carl