Hi All,
I am told that OSR had an article on how to reliably find out the
executable name responsible for the IRP I receive, but so far no luck
locating it.
Another Question is: How do I detect whether the IRP came from Mount
Manager?
Thanks!
-Kamran.
Is this http://www.osronline.com/article.cfm?article=472 what you are looking for?
I am told that OSR had an article on how to reliably find out the executable name responsible for the IRP I receive, but so far no luck locating it.
Thanks Rod!
On 10/31/07, Rod Widdowson wrote:
>
> Is this http://www.osronline.com/article.cfm?article=472 what you are
> looking for?
>
> I am told that OSR had an article on how to reliably find out the
> executable name responsible for the IRP I receive, but so far no luck
> locating it.
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
>
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
i gues IoGetRequestorProcess is already up your mind
I’ll have to see if this call helps, thanks for the idea. My goal is to
identify the actual kernel module that sent the IRP. in this case mount
manager. Since MountMgr is not re-entrant, I have to make special
consideration when the irp comes from this module.
Regards,
On 11/1/07, xxxxx@gmail.com wrote:
>
> i gues IoGetRequestorProcess is already up your mind
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
well this is different.
You should consider finding the driver chain and see who is on top of you.