Hello!
I tried attaching to the Mount Point Manager in order to filter the IOCTLs
sent to it. I successfully atach but I don’t see any IOCTLs. Where should
I check them for? In IRP_MJ_FILE_SYSTEM_CONTROL dispatch routine or
IRP_MJ_DEVICE_CONTROL dispatch routine? I tried both of them but I still
don’t get them. What could be wrong?
Regards,
Razvan
Hello again!
There was a bug in my code. Now I get all the IOCTLs sent to the Mount
Point Manager, in IRP_MJ_DEVICE_CONTROL dispatch routine. Although I use
the definitions in mountmgr.h in order to identify the IOCTLs, I receive
an unknown 0x6D0034 control code. I discovered that code using the
following scenario.
What does that misterious control code mean? It is not defined in
mountmgr.h
Oh, and another question: When using DefineDosDevice to create a symbolic
link is the Mount Point Manager notified by this?
Regards,
Razvan
Hello!
I tried attaching to the Mount Point Manager in order to filter the IOCTLs
sent to it. I successfully atach but I don’t see any IOCTLs. Where should
I check them for? In IRP_MJ_FILE_SYSTEM_CONTROL dispatch routine or
IRP_MJ_DEVICE_CONTROL dispatch routine? I tried both of them but I still
don’t get them. What could be wrong?Regards,
Razvan
Look in the DDK for mountmgr.h & mountdev.h. Break down the code and see
what it is. OSR offers a breakdown web page too.
----- Original Message -----
From: “Razvan Hobeanu”
To: “File Systems Developers”
Sent: Saturday, December 28, 2002 3:15 PM
Subject: [ntfsd] Re: Filtering Mount Point Manager IOCTLs
> Hello again!
>
> There was a bug in my code. Now I get all the IOCTLs sent to the Mount
> Point Manager, in IRP_MJ_DEVICE_CONTROL dispatch routine. Although I use
> the definitions in mountmgr.h in order to identify the IOCTLs, I receive
> an unknown 0x6D0034 control code. I discovered that code using the
> following scenario.
>
> 1. Attach to the Mount Point Manager
> 2. “subst f: c:\temp”
> 3. Mount Point Manager receives a couple of IOCTL_MOUNTMNGR_QUERY_POINTS
> 4. “subst f: /d”
> 5. Mount Point Manager receives the 0x6D0034 control code.
>
> What does that misterious control code mean? It is not defined in
> mountmgr.h
>
> Oh, and another question: When using DefineDosDevice to create a symbolic
> link is the Mount Point Manager notified by this?
>
> Regards,
> Razvan
>
> > Hello!
> >
> > I tried attaching to the Mount Point Manager in order to filter the
IOCTLs
> > sent to it. I successfully atach but I don’t see any IOCTLs. Where
should
> > I check them for? In IRP_MJ_FILE_SYSTEM_CONTROL dispatch routine or
> > IRP_MJ_DEVICE_CONTROL dispatch routine? I tried both of them but I still
> > don’t get them. What could be wrong?
> >
> > Regards,
> > Razvan
>
> —
> You are currently subscribed to ntfsd as: xxxxx@yoshimuni.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
I already tried breaking the code and it get this info:
Device: 0x6d (this is the Mount Point Manager Device)
Function: 0xd (Here is the trick: The last IOCTL defined in mountmgr.h has
a function code of 0xb so this must be an undocumented IOCTL (at least not
in my mountmgr.h))
Any ideas on what that IOCTL means?
Regards,
Razvan
Look in the DDK for mountmgr.h & mountdev.h. Break down the code and see
what it is. OSR offers a breakdown web page too.----- Original Message -----
From: “Razvan Hobeanu”
> To: “File Systems Developers”
> Sent: Saturday, December 28, 2002 3:15 PM
> Subject: [ntfsd] Re: Filtering Mount Point Manager IOCTLs
>
>
> > Hello again!
> >
> > There was a bug in my code. Now I get all the IOCTLs sent to the Mount
> > Point Manager, in IRP_MJ_DEVICE_CONTROL dispatch routine. Although I use
> > the definitions in mountmgr.h in order to identify the IOCTLs, I receive
> > an unknown 0x6D0034 control code. I discovered that code using the
> > following scenario.
> >
> > 1. Attach to the Mount Point Manager
> > 2. “subst f: c:\temp”
> > 3. Mount Point Manager receives a couple of IOCTL_MOUNTMNGR_QUERY_POINTS
> > 4. “subst f: /d”
> > 5. Mount Point Manager receives the 0x6D0034 control code.
> >
> > What does that misterious control code mean? It is not defined in
> > mountmgr.h
> >
> > Oh, and another question: When using DefineDosDevice to create a symbolic
> > link is the Mount Point Manager notified by this?
> >
> > Regards,
> > Razvan
> >
> > > Hello!
> > >
> > > I tried attaching to the Mount Point Manager in order to filter the
> IOCTLs
> > > sent to it. I successfully atach but I don’t see any IOCTLs. Where
> should
> > > I check them for? In IRP_MJ_FILE_SYSTEM_CONTROL dispatch routine or
> > > IRP_MJ_DEVICE_CONTROL dispatch routine? I tried both of them but I still
> > > don’t get them. What could be wrong?
> > >
> > > Regards,
> > > Razvan
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@yoshimuni.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
You might have an older DDK. Looking in the Windows XP SP1 DDK for
mountmgr.h, the last IOCTL defined has a function code of 13 (0xd).
This is IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS. The IOCTL
immediately preceding is IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH.
Note that these definitions are found in inc\ddk\wxp\mountmgr.h,
the definitions found in inc\ddk\w2k\mountmgr.h do not have these
two IOCTLS.
From the same file, here are the corresponding IO structures:
//
// Input structure for IOCTL_MOUNTMGR_KEEP_LINKS_WHEN_OFFLINE,
// IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION,
// IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH, and
// IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS.
//
typedef struct _MOUNTMGR_TARGET_NAME {
USHORT DeviceNameLength;
WCHAR DeviceName[1];
} MOUNTMGR_TARGET_NAME, *PMOUNTMGR_TARGET_NAME;
//
// Output structure for IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH and
// IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS.
//
typedef struct _MOUNTMGR_VOLUME_PATHS {
ULONG MultiSzLength;
WCHAR MultiSz[1];
} MOUNTMGR_VOLUME_PATHS, *PMOUNTMGR_VOLUME_PATHS;
regards,
-elliot
-----Original Message-----
From: Razvan Hobeanu [mailto:xxxxx@xnet.ro]
Sent: Tuesday, December 31, 2002 3:17 PM
To: File Systems Developers
Subject: [ntfsd] Re: Filtering Mount Point Manager IOCTLsI already tried breaking the code and it get this info:
Device: 0x6d (this is the Mount Point Manager Device)
Function: 0xd (Here is the trick: The last IOCTL defined in
mountmgr.h has
a function code of 0xb so this must be an undocumented IOCTL
(at least not
in my mountmgr.h))Any ideas on what that IOCTL means?
Regards,
Razvan> Look in the DDK for mountmgr.h & mountdev.h. Break down the
code and see
> what it is. OSR offers a breakdown web page too.
>
> ----- Original Message -----
> From: “Razvan Hobeanu”
>> To: “File Systems Developers”
>> Sent: Saturday, December 28, 2002 3:15 PM
>> Subject: [ntfsd] Re: Filtering Mount Point Manager IOCTLs
>>
>>
>> > Hello again!
>> >
>> > There was a bug in my code. Now I get all the IOCTLs sent
>to the Mount
>> > Point Manager, in IRP_MJ_DEVICE_CONTROL dispatch routine.
>Although I use
>> > the definitions in mountmgr.h in order to identify the
>IOCTLs, I receive
>> > an unknown 0x6D0034 control code. I discovered that code using the
>> > following scenario.
>> >
>> > 1. Attach to the Mount Point Manager
>> > 2. “subst f: c:\temp”
>> > 3. Mount Point Manager receives a couple of
>IOCTL_MOUNTMNGR_QUERY_POINTS
>> > 4. “subst f: /d”
>> > 5. Mount Point Manager receives the 0x6D0034 control code.
>> >
>> > What does that misterious control code mean? It is not defined in
>> > mountmgr.h
>> >
>> > Oh, and another question: When using DefineDosDevice to
>create a symbolic
>> > link is the Mount Point Manager notified by this?
>> >
>> > Regards,
>> > Razvan
>> >
>> > > Hello!
>> > >
>> > > I tried attaching to the Mount Point Manager in order to
>filter the
>> IOCTLs
>> > > sent to it. I successfully atach but I don’t see any
>IOCTLs. Where
>> should
>> > > I check them for? In IRP_MJ_FILE_SYSTEM_CONTROL dispatch
>routine or
>> > > IRP_MJ_DEVICE_CONTROL dispatch routine? I tried both of
>them but I still
>> > > don’t get them. What could be wrong?
>> > >
>> > > Regards,
>> > > Razvan
>> >
>> > —
>> > You are currently subscribed to ntfsd as: xxxxx@yoshimuni.com
>> > To unsubscribe send a blank email to
>xxxxx@lists.osr.com
>
>—
>You are currently subscribed to ntfsd as: xxxxx@veritas.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Get a recent DDK! It is IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS and it is in
mountmgr.h.
----- Original Message -----
From: “Razvan Hobeanu”
To: “File Systems Developers”
Sent: Tuesday, December 31, 2002 3:17 PM
Subject: [ntfsd] Re: Filtering Mount Point Manager IOCTLs
> I already tried breaking the code and it get this info:
>
> Device: 0x6d (this is the Mount Point Manager Device)
> Function: 0xd (Here is the trick: The last IOCTL defined in mountmgr.h has
> a function code of 0xb so this must be an undocumented IOCTL (at least not
> in my mountmgr.h))
>
> Any ideas on what that IOCTL means?
>
> Regards,
> Razvan
>
> > Look in the DDK for mountmgr.h & mountdev.h. Break down the code and
see
> > what it is. OSR offers a breakdown web page too.
> >
> > ----- Original Message -----
> > From: “Razvan Hobeanu”
> > To: “File Systems Developers”
> > Sent: Saturday, December 28, 2002 3:15 PM
> > Subject: [ntfsd] Re: Filtering Mount Point Manager IOCTLs
> >
> >
> > > Hello again!
> > >
> > > There was a bug in my code. Now I get all the IOCTLs sent to the Mount
> > > Point Manager, in IRP_MJ_DEVICE_CONTROL dispatch routine. Although I
use
> > > the definitions in mountmgr.h in order to identify the IOCTLs, I
receive
> > > an unknown 0x6D0034 control code. I discovered that code using the
> > > following scenario.
> > >
> > > 1. Attach to the Mount Point Manager
> > > 2. “subst f: c:\temp”
> > > 3. Mount Point Manager receives a couple of
IOCTL_MOUNTMNGR_QUERY_POINTS
> > > 4. “subst f: /d”
> > > 5. Mount Point Manager receives the 0x6D0034 control code.
> > >
> > > What does that misterious control code mean? It is not defined in
> > > mountmgr.h
> > >
> > > Oh, and another question: When using DefineDosDevice to create a
symbolic
> > > link is the Mount Point Manager notified by this?
> > >
> > > Regards,
> > > Razvan
> > >
> > > > Hello!
> > > >
> > > > I tried attaching to the Mount Point Manager in order to filter the
> > IOCTLs
> > > > sent to it. I successfully atach but I don’t see any IOCTLs. Where
> > should
> > > > I check them for? In IRP_MJ_FILE_SYSTEM_CONTROL dispatch routine or
> > > > IRP_MJ_DEVICE_CONTROL dispatch routine? I tried both of them but I
still
> > > > don’t get them. What could be wrong?
> > > >
> > > > Regards,
> > > > Razvan
> > >
> > > —
> > > You are currently subscribed to ntfsd as: xxxxx@yoshimuni.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> You are currently subscribed to ntfsd as: xxxxx@yoshimuni.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Thank you all for your quick reply!
BTW: Do DefineDosDevice calls also go through the Mount Point Manager?
Which is the IOCTL sent to the Mount Point Manager when a symbolic link is
assigned to a device?
Regards,
Razvan
You might have an older DDK. Looking in the Windows XP SP1 DDK for
mountmgr.h, the last IOCTL defined has a function code of 13 (0xd).
This is IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS. The IOCTL
immediately preceding is IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH.Note that these definitions are found in inc\ddk\wxp\mountmgr.h,
the definitions found in inc\ddk\w2k\mountmgr.h do not have these
two IOCTLS.From the same file, here are the corresponding IO structures:
//
// Input structure for IOCTL_MOUNTMGR_KEEP_LINKS_WHEN_OFFLINE,
// IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION,
// IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH, and
// IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS.
//typedef struct _MOUNTMGR_TARGET_NAME {
USHORT DeviceNameLength;
WCHAR DeviceName[1];
} MOUNTMGR_TARGET_NAME, *PMOUNTMGR_TARGET_NAME;//
// Output structure for IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH and
// IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS.
//typedef struct _MOUNTMGR_VOLUME_PATHS {
ULONG MultiSzLength;
WCHAR MultiSz[1];
} MOUNTMGR_VOLUME_PATHS, *PMOUNTMGR_VOLUME_PATHS;regards,
-elliot>-----Original Message-----
>From: Razvan Hobeanu [mailto:xxxxx@xnet.ro]
>Sent: Tuesday, December 31, 2002 3:17 PM
>To: File Systems Developers
>Subject: [ntfsd] Re: Filtering Mount Point Manager IOCTLs
>
>
>I already tried breaking the code and it get this info:
>
>Device: 0x6d (this is the Mount Point Manager Device)
>Function: 0xd (Here is the trick: The last IOCTL defined in
>mountmgr.h has
>a function code of 0xb so this must be an undocumented IOCTL
>(at least not
>in my mountmgr.h))
>
>Any ideas on what that IOCTL means?
>
>Regards,
>Razvan
>
>> Look in the DDK for mountmgr.h & mountdev.h. Break down the
>code and see
>> what it is. OSR offers a breakdown web page too.
>>
>> ----- Original Message -----
>> From: “Razvan Hobeanu”
> >> To: “File Systems Developers”
> >> Sent: Saturday, December 28, 2002 3:15 PM
> >> Subject: [ntfsd] Re: Filtering Mount Point Manager IOCTLs
> >>
> >>
> >> > Hello again!
> >> >
> >> > There was a bug in my code. Now I get all the IOCTLs sent
> >to the Mount
> >> > Point Manager, in IRP_MJ_DEVICE_CONTROL dispatch routine.
> >Although I use
> >> > the definitions in mountmgr.h in order to identify the
> >IOCTLs, I receive
> >> > an unknown 0x6D0034 control code. I discovered that code using the
> >> > following scenario.
> >> >
> >> > 1. Attach to the Mount Point Manager
> >> > 2. “subst f: c:\temp”
> >> > 3. Mount Point Manager receives a couple of
> >IOCTL_MOUNTMNGR_QUERY_POINTS
> >> > 4. “subst f: /d”
> >> > 5. Mount Point Manager receives the 0x6D0034 control code.
> >> >
> >> > What does that misterious control code mean? It is not defined in
> >> > mountmgr.h
> >> >
> >> > Oh, and another question: When using DefineDosDevice to
> >create a symbolic
> >> > link is the Mount Point Manager notified by this?
> >> >
> >> > Regards,
> >> > Razvan
> >> >
> >> > > Hello!
> >> > >
> >> > > I tried attaching to the Mount Point Manager in order to
> >filter the
> >> IOCTLs
> >> > > sent to it. I successfully atach but I don’t see any
> >IOCTLs. Where
> >> should
> >> > > I check them for? In IRP_MJ_FILE_SYSTEM_CONTROL dispatch
> >routine or
> >> > > IRP_MJ_DEVICE_CONTROL dispatch routine? I tried both of
> >them but I still
> >> > > don’t get them. What could be wrong?
> >> > >
> >> > > Regards,
> >> > > Razvan
> >> >
> >> > —
> >> > You are currently subscribed to ntfsd as: xxxxx@yoshimuni.com
> >> > To unsubscribe send a blank email to
> >xxxxx@lists.osr.com
> >
> >—
> >You are currently subscribed to ntfsd as: xxxxx@veritas.com
> >To unsubscribe send a blank email to xxxxx@lists.osr.com
> >