FsRtlEnterFileSystem/FsRtlExitFileSystem

Hi all

I’m writing a FS filter driver and wondering should I call the functions
mentioned above in I/O requests handlers or not? IFS Kit documentation
advices to call this in FS drivers, what about FS filters? Does anybody
know?

Thanx.

Yes you should call these routines for FS Filters.

Neal Christiansen

-----Original Message-----
From: xxxxx@storactive.com
[mailto:xxxxx@storactive.com]
Sent: Monday, April 03, 2000 2:19 AM
To: File Systems Developers
Subject: [ntfsd] FsRtlEnterFileSystem/FsRtlExitFileSystem

Hi all

I’m writing a FS filter driver and wondering should I call the functions
mentioned above in I/O requests handlers or not? IFS Kit documentation
advices to call this in FS drivers, what about FS filters? Does anybody
know?

Thanx.


You are currently subscribed to ntfsd as: xxxxx@Exchange.Microsoft.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Hi,

Inside my filter driver that intercepts IRP_MJ_CREATE/CLOSE and such, I
want to recognize the file I/O that is being performed by the filter driver
itself.

If I will write to a file FOO.TXT for instance, using ZwXXX functions, when
I intercepted an incoming IRP_MJ_CREATE request, the next thing that
happens is that the filter driver recognizes that the file FOO.TXT is
openend, and the filter driver intercepts the IRP_MJ_CREATE etc. etc.

I know this can be solved by constantly checking the file names that the
filter driver uses inside, but I this solution has some pitfalls. I need to
know if there is a more efficient solution. Please help.

With kind regards,

Bartjan Wattel mailto:xxxxx
----------------------------------------- Yours, for X-Tra Security !!! —
ThunderStore HQ
Ant. v.d. Heydenstraat 2, 5527 BV HAPERT, The Netherlands
Tel: +31 (0)49 7383 505 / Fax: +31 (0)49 7388 440
Web: http://www.thunderstore.com</mailto:xxxxx>

before making any ZwXXXX() calls from inside your filer driver code,

  1. PsGetCurrentThread() and store it in a linked list of thread values
  2. after you are done with your ZwXXX stuff, remove this thread ID from the
    list
  3. In the start of any of your dispatch handler like for MJ_CREATE etc., see
    if “Irp->Tail.Overlay.Thread” is in the linked list. If so, it is your own
    ZwXXXX call. This event will happen between 1 & 2

------ alexander suresh

----- Original Message -----
From: Bartjan Wattel
To: File Systems Developers
Sent: Thursday, April 27, 2000 11:14 AM
Subject: [ntfsd] RE: FsRtlEnterFileSystem/FsRtlExitFileSystem

> Hi,
>
> Inside my filter driver that intercepts IRP_MJ_CREATE/CLOSE and such, I
> want to recognize the file I/O that is being performed by the filter
driver
> itself.
>
> If I will write to a file FOO.TXT for instance, using ZwXXX functions,
when
> I intercepted an incoming IRP_MJ_CREATE request, the next thing that
> happens is that the filter driver recognizes that the file FOO.TXT is
> openend, and the filter driver intercepts the IRP_MJ_CREATE etc. etc.
>
> I know this can be solved by constantly checking the file names that the
> filter driver uses inside, but I this solution has some pitfalls. I need
to
> know if there is a more efficient solution. Please help.
>
>
> With kind regards,
>
> Bartjan Wattel mailto:xxxxx
> ----------------------------------------- Yours, for X-Tra Security
!!! —
> ThunderStore HQ
> Ant. v.d. Heydenstraat 2, 5527 BV HAPERT, The Netherlands
> Tel: +31 (0)49 7383 505 / Fax: +31 (0)49 7388 440
> Web: http://www.thunderstore.com
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@mobiliti.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
></mailto:xxxxx>

> I know this can be solved by constantly checking the file names that the

filter driver uses inside, but I this solution has some pitfalls. I need
to
know if there is a more efficient solution. Please help.

Maybe maintain a flag for each thread (using some thread ID->flag table)
which is set to 1 before calling ZwCreateFile in filter and then checked in
the
IRP path?
Too bad NT does not provide kernel-mode TLS.

Max

NT does provide kernel-mode TLS. It is the thread object :slight_smile:

-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Thursday, May 04, 2000 1:50 PM
To: File Systems Developers
Subject: [ntfsd] RE: FsRtlEnterFileSystem/FsRtlExitFileSystem

> I know this can be solved by constantly checking the file
names that the
> filter driver uses inside, but I this solution has some
pitfalls. I need
to
> know if there is a more efficient solution. Please help.

Maybe maintain a flag for each thread (using some thread
ID->flag table)
which is set to 1 before calling ZwCreateFile in filter and
then checked in
the
IRP path?
Too bad NT does not provide kernel-mode TLS.

Max


You are currently subscribed to ntfsd as: xxxxx@nsisw.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

But unfortunately it is not intended for use by thirt party developers.

Paul

-----P?vodn? zpr?va-----
Od: Rob Fuller [SMTP:xxxxx@NSISW.COM]
Odesl?no: 5. kv?tna 2000 17:17
Komu: File Systems Developers
P?edm?t: [ntfsd] RE: FsRtlEnterFileSystem/FsRtlExitFileSystem

NT does provide kernel-mode TLS. It is the thread object :slight_smile:

> -----Original Message-----
> From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
> Sent: Thursday, May 04, 2000 1:50 PM
> To: File Systems Developers
> Subject: [ntfsd] RE: FsRtlEnterFileSystem/FsRtlExitFileSystem
>
>
> > I know this can be solved by constantly checking the file
> names that the
> > filter driver uses inside, but I this solution has some
> pitfalls. I need
> to
> > know if there is a more efficient solution. Please help.
>
> Maybe maintain a flag for each thread (using some thread
> ID->flag table)
> which is set to 1 before calling ZwCreateFile in filter and
> then checked in
> the
> IRP path?
> Too bad NT does not provide kernel-mode TLS.
>
> Max
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@nsisw.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>


You are currently subscribed to ntfsd as: xxxxx@sodatsw.cz
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

> NT does provide kernel-mode TLS. It is the thread object :slight_smile:

Can drivers add fields of their own to it? No.
So, TLS do exist, but for system internal stuff only, not for drivers.

Max