Hi, I’m developing a filter based on minifilter.
Now I want to store some information for each single FILE_OBJECT, I have learned about File Stream Context but found that what I need is the file object level context.
I use an array to store the FILE_OBJECT address and its cooresponding context, but I find that sometimes I will missing some IRPs, so I guess the address of FILE_OBJECT may not be stable.(e.g. I can not catch the IRP_MJ_WRITE with PAGING_IO marks from wordpad.exe)
So I wonder is there any build-in method to store the FILE_OBJECT context, or any other stable method to identify a FILE_OBJECT?
Thanks in advance, any help will be appreciated!
Hi Haotian,
What about using Stream Handle Contexts?
Regards,
Fernando Roberto da Silva
DriverEntry Kernel Development
yeah, you can use stream handle context!
Thanks so much!
It’s exactly what I want 