A friend and I currently endeavor to piece together a file system filter
driver that will, once invoked, redirect write requests to an alternate
volume, i.e.
CreateFile C:\Some\Path\To\Filename
Will be written to…
%SomeOtherVolumeLetter%:\Some\Path\To\Filename
We are working solely with the DDK, as I don’t have the money to embark
upon this project the big driver development kits. In lieu of this, have
any of you built such a filter? Is there chance in this world I could
reveal this from you!? Any sample code/direction would be more than
greatly appreciated! It has been a struggle of the highest
neoprogrammatic manner for my newbie mind…
SLR-
Update FileObject->FileName to be the new full path (starting from ?? or
\Device), then complete the IRP with STATUS_REPARSE and IO_REPARSE in
IoStatus.Information.
Also do not forget to check ->RelatedFileObject - for instance, command line
tools use the current directory as RelatedFileObject when dealing with
non-full-pathnames. Also SRV uses RelatedFileObject for a share.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “SuicidalLabRat”
To: “Windows File Systems Devs Interest List”
Sent: Thursday, October 02, 2003 5:17 PM
Subject: [ntfsd] Filter Driver does write redirection!?
> A friend and I currently endeavor to piece together a file system filter
> driver that will, once invoked, redirect write requests to an alternate
> volume, i.e.
>
> CreateFile C:\Some\Path\To\Filename
>
> Will be written to?
>
> %SomeOtherVolumeLetter%:\Some\Path\To\Filename
>
> We are working solely with the DDK, as I don?t have the money to embark
> upon this project the big driver development kits. In lieu of this, have
> any of you built such a filter? Is there chance in this world I could
> reveal this from you!? Any sample code/direction would be more than
> greatly appreciated! It has been a struggle of the highest
> neoprogrammatic manner for my newbie mind…
>
>
> SLR-
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
Depending on what you are doing, you may be able to just use reparse
points. If you want ALL writes to the filesystem to go through some
algorithm, then you can’t use reparse points, but if you are trying to
mangle something for just one part of a filesystem, then reparse points
are your friend.
– arlie
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of SuicidalLabRat
Sent: Thursday, October 02, 2003 9:17 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Filter Driver does write redirection!?
A friend and I currently endeavor to piece together a file system filter
driver that will, once invoked, redirect write requests to an alternate
volume, i.e.
CreateFile C:\Some\Path\To\Filename
Will be written to.
%SomeOtherVolumeLetter%:\Some\Path\To\Filename
We are working solely with the DDK, as I don’t have the money to embark
upon this project the big driver development kits. In lieu of this,
have any of you built such a filter? Is there chance in this world I
could reveal this from you!? Any sample code/direction would be more
than greatly appreciated! It has been a struggle of the highest
neoprogrammatic manner for my newbie mind…
SLR-
You are currently subscribed to ntfsd as: xxxxx@sublinear.org To
unsubscribe send a blank email to xxxxx@lists.osr.com
Thanks Maxim!
Arlie, unfortunately reparse points wont work for my needs.
I will be temporarily mounting a volume @ %next_available_drive_letter%
During that volumes lifetime, user processes will be created that will
attempt to access the file system linked at c:* to open|write|edit etc;
I will need to redirect all the write requests to my new volume
@%next_available_drive_letter%.
The issues I am seeing ( though I’m a Unix sys admin so its all through my
Unix systems administrators lens… ), are of the file integrity sort. I
don’t want some paging files to be caught by my filter and written to my
volume that is only temporarily on line; though I assume page files, fast
I/O, basically everything out of the cache manager will always bypass my
filter by NT design -but that could, itself, introduce an issue around
fast i/o accessing the cache directly causing consistency problems.
These redirected writes would include attempts to write keys to the
registry hive as well, not sure what problems I’ll have there, hmmmm…
So here is the question! If , once I mount my temporary volume, I assign
all new processes started to a single JobObject, is there some inherent
context to the jobs grouped processes and their children that I can look
for or do I need to rip a process ID or create/read a thread pool from the
JobObject then use private I/O and have a dispatcher to handle it;
allowing me to operate exclusively on processes belonging to a particular
JobObject.
In this way, at least, I could insure I would not introduce file
consistency/integrity issues on processes outside my job and its process
group ( which may include multiple applications and their child processes
). Unfortunately, I am not clear on where to start or how this would be
accomplished. Any additional pointers!?
SLR-