Hi,
I have a file system minifilter driver (developed by someone else). It monitors file read request generated by programs (I don?t know exactly everything, although I have the source code). I attach this driver to a volume. When a file is opened in a program (e.g. an image file in mspaint), this minifilter driver intercepts this request and calls another application after checking some criteria.
Everything works perfectly when I open the file using absolute file paths (like D:\folder1\folder2\file1.bmp). I have also shared D:\folder1 as \mypc\folder1. On the same computer, when I open the same file using unc path (like \mypc\share1\folder2\file1.bmp), the minifilter driver does not intercept it.
I use the following commands to load/attach/unload driver.
- fltmc load my_driver
- fltmc attach my_driver volume
- fltmc unload my_driver
“fltmc attach my_driver d:” is successful but “fltmc attach my_driver \mypc\share1” gives message “specified path could not be found”.
Please can someone provide some solution so that minifilter driver also work with unc
pathnames. Is there a way to add capability for minifilter to monitor unc pathnames?
Thanks
“\mypc\share1” should be interpreted as “\mypc\folder1”. sorry.
The mini-filter needs to attach to LanmanRedirector - you can use FLTMC volumes command to see the available devices on the system. You probably need to attach to \device\mup, but this is different on pre-Vista I believe, so you will need to check.
Alternately, you can set the filter to automatically attach to all volumes, and make sure you do not exclude network file systems in your InstanceSetup routine.
You cannot attach to a specific UNC path only! Only a redirector.
If you intend to work with non-MS redirectors (such as Novell Netware’s redirector - not MS-Netware), I REALLY suggest testing the filter on such a configuration! It is far from similar to MS redirectors.
Regards, Dejan.
xxxxx@yahoo.com wrote:
Hi,
I have a file system minifilter driver (developed by someone else). It monitors file read request generated by programs (I don?t know exactly everything, although I have the source code). I attach this driver to a volume. When a file is opened in a program (e.g. an image file in mspaint), this minifilter driver intercepts this request and calls another application after checking some criteria.
Everything works perfectly when I open the file using absolute file paths (like D:\folder1\folder2\file1.bmp). I have also shared D:\folder1 as \mypc\folder1. On the same computer, when I open the same file using unc path (like \mypc\share1\folder2\file1.bmp), the minifilter driver does not intercept it.
I use the following commands to load/attach/unload driver.
- fltmc load my_driver
- fltmc attach my_driver volume
- fltmc unload my_driver
“fltmc attach my_driver d:” is successful but “fltmc attach my_driver \mypc\share1” gives message “specified path could not be found”.
Please can someone provide some solution so that minifilter driver also work with unc
pathnames. Is there a way to add capability for minifilter to monitor unc pathnames?
Thanks
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.
In your volume instance setup callback, are you filtering out network
drives and only attaching to local volumes?
Pete
On 1/18/2011 7:41 AM, xxxxx@yahoo.com wrote:
“\mypc\share1” should be interpreted as “\mypc\folder1”. sorry.
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295