Hi all,
I m writting minifilter driver for file system, I want to know Operation type of File and want to filter in PreOperationCallback.
Operation Type:
File_Opened OR File_Created.
If anybody knows then help me
Thanks
Read the documentation all open and create calls become IRP_MJ_CREATE
checking the parameters on input will tell you the intent of the call,
checking them on output will indicate sucess of the call and whether the
file was created. Seriously, if you do not now the basics of how requests
are handled in the system, the last thing in the world you should be doing
is a file system filter. These are some of the toughest pieces of code in
the kernel, and you appear to not understand the the basics.
Seriously consider taking a class or two on kernel driver development. OSR
for one offers classes that cover file system filters. Second buy a copy
of “Windows NT File System Internals” from the OSR store, it is old but you
would have known the answer to this question. Third take some time to read
the documentation and samples from the WDK, for instance to test things this
morning I put “open create” into the WDK search, gee you see as the 11th
item IRP_MJ_CREATE even opening the first 10 and reading them would have
taken less time than it would take to get the answer from a newsgroup.
You are jumping into some complex stuff, and you need to learn to dig out
the basics on your own.
–
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
wrote in message news:xxxxx@ntfsd…
> Hi all,
>
> I m writting minifilter driver for file system, I want to know Operation
> type of File and want to filter in PreOperationCallback.
>
> Operation Type:
>
> File_Opened OR File_Created.
>
> If anybody knows then help me
>
>
> Thanks
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 4492 (20091009)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
Information from ESET NOD32 Antivirus, version of virus signature database 4492 (20091009)
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
Hi Don,
I used the following checking,
Data->IoStatus.Information == FILE_CREATED
Data->IoStatus.Information == FILE_OPENED
where Data is PFLT_CALLBACK_DATA… but when I file opend or created then Nothing happnend in this condition, any mistake.
Thanks
That field is only valid on the post callback to indicate whether the file
was created or exists on sucess. On pre callbacks you need to look at
FLT_PARAMETERS Create then check the options on what the request wants. If
you need to know if the operation succeeded and created or opened the file,
you need POST callback, triggering it from the PRE callback.
–
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
wrote in message news:xxxxx@ntfsd…
> Hi Don,
>
> I used the following checking,
>
> Data->IoStatus.Information == FILE_CREATED
>
> Data->IoStatus.Information == FILE_OPENED
>
> where Data is PFLT_CALLBACK_DATA… but when I file opend or created then
> Nothing happnend in this condition, any mistake.
>
> Thanks
>
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 4493 (20091009)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
Information from ESET NOD32 Antivirus, version of virus signature database 4493 (20091009)
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com