No.
The problem is that you have no way of safely removing yourself from the
middle of a stack of filter drivers. Theoretically, you could dismount
the volume, cause all the filters to go away - but then you’d be
restricted to filtering only volumes that could be dismounted
dynamically, eliminating anything with a paging file, registry hive, or
open file (ok, you could circumvent the open file issue by forcibly
dismounting).
Spent a little time asking yourself “How do I test this to know it won’t
crash in production” and you quickly realize you’ll do a LOT of work and
in the end you’ll have little confidence that it works outside your test
lab.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com http:</http:>
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Nadav
Sent: Tuesday, September 06, 2005 8:46 AM
To: ntfsd redirect
Subject: Re:[ntfsd] FSFD layering
Well, the driver I am working on use the trick you were talking about,
how ever, there may still be scenarios where as a result of a BUG fix,
the fixed FSFD stub require an update, these scenarios are rare, but
still, we would rather the update proces to require no reboot…
Is it possible to route the IRPs to one driver after the next ( in the
stack ) as described in my original post?
Don Burn wrote:
Well if you use the new mini filter model you can unload a
filter. If not,
I have used a technique of two drivers, one is basically a
filter driver
that does nothing, if monitors the requests passes them on. This
driver has
support that if the second driver is present it routes the
requests through
calls provided by the second driver. Properly done the second
driver can
unload and load, this is tricky but it can be done.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
“Nadav” wrote in message news:xxxxx@ntfsd…
>
> Hi,
>
> I am developping a FSFD, this FSFD should be able to be
dynamically
> update, FileSys filter drivers cannot be unloaded before their
attached
> device is unmounted.
> The FSFD I am developing should support Win2K OS perior to
SP4, as such, I
> cannot use the minifilter logic introduced with SP4 and the
RDP.
>
> SOOooo, I am tring to find an alternative for requiering the
user to
> reboot his computer each time ther is a new update.
>
> The FSFD cannot be removed from the driver stack, still, a new
updated
> FSFD can be added on top of the old FSFD, FSFD ususally route
the driver
> IRPs to the next lower driver, what if the updated FSFD will
route the
> messages not to the next device ( which is the old FSFD ) but
to the one
> bellow? can this be an alternative for requiering the user to
reboot his
> computer?
>
> Any remark, comment or pointer would be appreciated.
>
> Naddav.
>
>
>
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@yahoo.com
To unsubscribe send a blank email to
xxxxx@lists.osr.com
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com — Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17 You are currently subscribed
to ntfsd as: xxxxx@osr.com To unsubscribe send a blank email to
xxxxx@lists.osr.com