Hi all,
I’m new to win file systems and am trying to get some basic file
context tracking running in a filter driver, and am basing some of my
code on the algorithms offered in the “Tracking State & Context -
Reference Counting for File System Filter Drivers” article from the NT
Insider from 2002. In the article, it states a simplified algorithm for
context tracking (for win2k, or assuming you’re not using the new
context tracking API on XP):
…
"Thus, for a filter driver that is concerned about all I/O operations
and tracking all file state, this can be added to the previous algorithm
to keep state information when it still might be useful.
For a filter driver that is only concerned about data operations (read
and write) this suggests a simpler algorithm:
For each IRP_MJ_CREATE, the filter driver increments the reference count
on the per-file context structure.
For each IRP_MJ_CLOSE the filter driver decrements the reference count
on the per-file context structure if the FO_STREAM_FILE bit is not set
for the file object.
If the reference count for the per-file context structure reaches zero
and both the ImageSectionObject and DataSectionObject of the
SectionObjectPointers field from the FILE_OBJECT is zero, the filter
driver may then delete the per-file context data.
This algorithm avoids the need to track individual file objects. It
deals with stream file objects by ignoring any of them that are not
involved in paging I/O. For many filter drivers, this solution will be
sufficient for them to track their per-file state."
…
I have a question about this article. What exactly is meant by “a
filter driver that is only concerned about data operations”. Does this
mean a filter only concerned about IRP_MJ_READ/WRITE, or one simply not
interested in keeping track of all FILE_OBJECTS in their per-file
context? I definitely am interested in other IRPs besides READ and
WRITE, but I don’t believe that I need to keep track of all FILE_OBJECTS
for what I’m doing. I assume the simple algorithm presented here is
sufficient for this purpose?
Thanks,
Matt