File System Corruption Issue

NTFSD
1

Dear Members,

We are writing a simple driver for windows systems. For this driver we create a virtual disk in My Computer like X: When read/write and device control requests arrive we forward these requests to a physical disk partition file system driver for example to file system driver for D: The problem is this that when we restart the system there runs file system check on the physical disk partition that was our target e.g. on D: What can be the problem for the file system check?

We are using the following code for getting the device object of the target parition.

//pdo is like this \??\D:

InitializeObjectAttributes(&oa, pdo, 0 , NULL, NULL);

status = ZwOpenFile(&myHandle,
FILE_READ_DATA|SYNCHRONIZE|FILE_READ_ATTRIBUTES|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES,
&oa,
&statusBlock,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT);

if(status == STATUS_SUCCESS){
status = ObReferenceObjectByHandle(myHandle,
0,
*IoFileObjectType /*NULL*/,
KernelMode,
&fileObj,
NULL);
ZwClose(myHandle);

if( status == STATUS_SUCCESS ){
PDevExt->StorageDeviceObject = IoGetRelatedDeviceObject(fileObj);
targetDisk->StorageDeviceObject = IoGetRelatedDeviceObject(fileObj);

targetDisk->file_obj = fileObj;
}
}

The device object returned from IoGetRelatedDevoceObject is used for forwarding read/write and device control requests to the target.

According to MSDN documentation the access rights FILE_READ_DATA|SYNCHRONIZE|FILE_READ_ATTRIBUTES|FILE_WRITE_DATA|
FILE_WRITE_ATTRIBUTES will mount the file system driver of the target parition then why the file system check runs? Some times the file system check runs without finding errors and some times finds Index related issues. The file system of the target is currently NTFS. Previously we were getting many security descriptor related errors in file system check.

Please note that the driver is a function driver. Can this be a problem?

Do I need to make a filter driver for resolving the file system issue or the current function driver is OK?

Additionally when I try to dereference the file object in my shutdown routine I am getting REFERENCE_BY_POINTER BSD.

Your feedback will be helpful.

Thanks,
Uzair Lakhani

2

Dear All,

Continuing the previous post, we are using IoAllocateIrp for making our custom IRPs for read/write requests. We always use MAXIMUM_IRP_STACK_LOCATIONS as the Stack Size field.

In Device Control we are sending all requests to the original disk partition file system driver that we had opened for forwarding requests to. We only handle IOCTL_MOUNTDEV_QUERY_DEVICE_NAME request ourselves i.e. we don’t forward this request to the disk partition.

Hopefully this will help the list members in helping to find out the problems.

Thanks,
Uzair Lakhani

3

So, you have a virtual disk V and you’re routing all I/O targeted at V to a
physical disk P. When you reboot, P gets mounted and chkdsk runs on it. Is V
also mounted at this point?

Modulo all the details, in theory the general idea should work. However,
with the level of information provided there is no chance of anyone helping
you. What have you done up to this point in terms of testing and validating
that your code is functioning properly?

-scott
OSR

wrote in message news:xxxxx@ntfsd…

Dear All,

Continuing the previous post, we are using IoAllocateIrp for making our
custom IRPs for read/write requests. We always use
MAXIMUM_IRP_STACK_LOCATIONS as the Stack Size field.

In Device Control we are sending all requests to the original disk partition
file system driver that we had opened for forwarding requests to. We only
handle IOCTL_MOUNTDEV_QUERY_DEVICE_NAME request ourselves i.e. we don’t
forward this request to the disk partition.

Hopefully this will help the list members in helping to find out the
problems.

Thanks,
Uzair Lakhani

4

Dear Scott,

First thanks for replying to my question. Normally the file system check runs on every reboot for the original disk partition. The everytime file system check I think is due to some open handle on the original disk partition that is not closed. I have asked about this problem in a separate thread titled with BSOD REFERENCE_BY_POINTER.

Additionally when the file system check runs sometimes it could not found any errors and sometimes it finds index related, MFT related errors.

Normally my virtual device completes the incoming read/write and device control requests with STATUS_DEVICE_NOT_READY until I run an application which generates an IOCTL call to my virtual device. Upon recieving this IOCTL our virtual device tries to get the handle for the target using ZwOpenFile, ObReferenceObjectByHandle, IoGetRelatedDeviceObject routines. If the above routines execute successfully then the new incoming read/write and device control requests will be sent to the target and in this way the virtual device comes in working condition. This application that generates the IOCTL and activates the virtual device is normally run on startup.

Basically I want all requests either read/write or device control to go through the file system so as to avoid any file system corruption. That’s why have used the following routines to get the device object of the file system driver:

ZwOpenFile
ObReferenceObjectByHandle
IoGetRelatedDeviceObject

I normally request high priveleges in these routines as mentioned also in previous post so that the file system gets mounted.

Any help in resolving the file system corruption will be helpful.

Thanks,
Uzair Lakhani