Hello!
I try to filter out some entries when I catch IRP_MJ_DIRECTORY_CONTROL
with minor IRP_MN_QUERY_DIRECTORY. This gives me headaches everytime I
think of it. It seems I get an exception when trying to read the filename
of an entry in the buffer an compare it with another string. What is the
problem? Is it possible for the buffer to be invalid or not accesible at
the time I parse it?
What is the best way to filter out entries?
Any help on this matter is appreciated. Code samples are welcome.
Regards,
Razvan
I forgot to post the code. This sould make debugging easier.
If you have another way of comparing the filename please post it.
PFILE_BOTH_DIR_INFORMATION QueryBuffer = NULL;
ULONG offset = 0;
ULONG currentPosition = 0;
ULONG bufferLength = currentIrpStack->Parameters->Length;
ULONG NewLength = 0;
WCHAR fileNameToRemove = L"somefile";
PUCHAR startEntryToRemove = NULL;
PUCHAR startNextEntry = NULL;
NewLength = bufferLength;
QueryBuffer = (PFILE_BOTH_DIR_INFORMATION) Irp->UserBuffer;
do {
offset = QueryBuffer->NextEntryOffset;
if (wcsncmp(QueryBuffer->FileName, fileNameToRemove, 8) == 0)
{
startEntryToRemove = (PUCHAR) QueryBuffer;
startNextEntry = (PUCHAR) QueryBuffer + offset;
//this next line also gets an exception
RtlMoveMemory(startEntryToRemove,
startNextEntry,
bufferLength - currentPosition - offset)
NewLength -= offset;
break;
}
currentPosition += offset;
QueryBuffer += offset;
} while (offset != 0)
Irp->Status.Information = NewLength;
Regards,
Razvan