hi,everyone:
I use filemon for win98 from www.sysinternals.com to monitor all operation about some files
I found when i open my monitored file the os is bluecreen and dumped.
but about rename and delete operate have no such question.
the code is following:
case IFSFN_OPEN:
FilemonConvertPath( CONVERT_STANDARD, Drive, origir, CodePage, fullpathname );
if ( MatchFilePolicy( fullpathname ) )
{
return 0;//os is dumped
}
else
{
return (*PrevIFSHookProc)(pfn, fn, Drive + 1, ResType, CodePage, pir);
}
case IFSFN_DELETE:
if (MatchFilePolicy( fullpathname ) )
{
return 0;//normal
}
else
{
return (*PrevIFSHookProc)(pfn, fn, Drive + 1, ResType, CodePage, pir);
}
Do You Yahoo!?
150ÍòÇúMP3·è¿ñËÑ£¬´øÄú´³ÈëÒôÀÖµîÌÃ
ÃÀÅ®Ã÷ÐÇÓ¦Óо¡ÓУ¬ËѱéÃÀͼ¡¢ÑÞͼºÍ¿áͼ
1G¾ÍÊÇ1000Õ×£¬ÑÅ»¢µçÓÊ×ÔÖúÀ©ÈÝ£¡
It is probably because you’re returning 0 which means OK there (IIRC) so OS believes file was successfully opened. Try to return an error code if your intention is to block file open. Also, why do you add 1 to Drive when you call the next hook?
You surely have FileMon author’s permissions to use their sources code so why don’t you ask them directly? Guess why is this list named NTfsd.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of xinling zhang[SMTP:xxxxx@yahoo.com.cn]
Reply To: Windows File Systems Devs Interest List
Sent: Wednesday, November 24, 2004 4:09 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] filemon
hi,everyone:
I use filemon for win98 from www.sysinternals.com http: to monitor all operation about some files
> I found when i open my monitored file the os is bluecreen and dumped.
> but about rename and delete operate have no such question.
> the code is following:
> case IFSFN_OPEN:
> FilemonConvertPath( CONVERT_STANDARD, Drive, origir, CodePage, fullpathname );
> if ( MatchFilePolicy( fullpathname ) )
> {
> return <file:>0;//os is dumped
> }
> else
> {
> return (*PrevIFSHookProc)(pfn, fn, Drive + 1, ResType, CodePage, pir);
> }
> case IFSFN_DELETE:
> if (MatchFilePolicy( fullpathname ) )
> {
> return 0;//normal
> }
> else
> {
> return (*PrevIFSHookProc)(pfn, fn, Drive + 1, ResType, CodePage, pir);
> }
>
>
>
>
>
> _____
>
> Do You Yahoo!?
> 150???MP3???ѣ???ֵ??? http:
> ??Ů???Ӧ?о??У??ѱ???ͼ???ͼ?Ϳ?ͼ http:
> 1G???1000?ף??Ż???ݣ? http:</http:> — Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17 You are currently subscribed to ntfsd as: xxxxx@upek.com To unsubscribe send a blank email to xxxxx@lists.osr.com
></http:></http:></file:></http:>