Hi,
In my minifilter, I need to catch and process the explorer initiated file
move/delete operation.
In IRP_MJ_SET_INFORMATION, I am seeing the delete & move operations.
How can I find those IRP_MJ_SET_INFORMATION are generated on behalf of the
explorer?
From the user mode component i passed the explorer’s process-id to
minifilter & comparing the process-id in IRP_MJ_SET_INFORMATION.
How can I implement this in different way?
Thanks
Murali
By the file object. Before performing any operation application must open the file( i.e. send IRP_MJ_CREATE ). Remember the caller using Io(Flt)GetRequestorProcess.
P.S. the Cache Manager uses the file object that backs the cache to change the Valid Data Length( in this case IRP_PAGING_IO flag is set ).
“Murali A” wrote in message news:xxxxx@ntfsd…
Hi,
In my minifilter, I need to catch and process the explorer initiated file move/delete operation.
In IRP_MJ_SET_INFORMATION, I am seeing the delete & move operations.
How can I find those IRP_MJ_SET_INFORMATION are generated on behalf of the explorer?
From the user mode component i passed the explorer’s process-id to minifilter & comparing the process-id in IRP_MJ_SET_INFORMATION.
How can I implement this in different way?
Thanks
Murali