I know the question have been asked,but the answer is not clear for me.
In my IRP_MJ_CLEANUP handler,if the IRP_MJ_CLEANUP is for the file object
with write access,I want to write some data in the file tail.
It works fine,except that the file is byte range locked.
In FAQ #44,the answer is:
Typically, this is done by accessing the file using paging I/O of some type.
The simplest way to achieve this is to memory map the file. Memory mapping a
file can be done in a user mode application or in the kernel using the
ZwCreateSection, ZwMapViewOfSection, and MmMapViewInSystemSpace operations.
Subsequent access to the file contents are done using this memory mapped
data region; when data must be fetched from the file it is done so.
But in my case,the question is:
1.If I use memory mapping a file.
ZwCreateSection wants a file handle,so I must use ObOpenObjectByPointer to
get a handle from the file object.
I’m in IRP_MJ_CLEANUP handler,so I call ObOpenObjectByPointer and ZwClose
will change the reference count,It will cause reentry or other problem.
2.If I use Paging write directly.
the Paging IO require the offset is aligned.But my data is just follow the
file end,that’s to say,my data is in the file tail.So,I can’t assure that my
data is just offset aligned.
If I read some data for aligned writing(before my data in align),I can’t
assure the file object is with read access.
3.If I track the Lock IRP and fastIo,and trick it.
I must face RDR,so if other client’s RDR lock it,I can’t track it.
what shall I do?
thanks ~~~~~
Hi,
Calling functions which reference the file object while processing the
IRP_MJ_CLEANUP is dangerous, because if no any handle has been created for
the file object the system sends the IRP_MJ_CLEANUP just before sending the
IRP_MJ_CLOSE. In this case the reference count rises up from zero.
This scenario may rise the reference count from zero and crash the system.
Use the file object and MmCreateSection( not documented ) ,
MmCreateSection( &Section,
DesiredAccess( i.e. SECTION_MAP_WRITE … ),
ObjectAttributes( may be NULL ),
&InputMaximumSize,
SectionPageProtection( i.e. PAGE_READWRITE … ),
AllocationAttributes( i.e. SEC_FILE … )
FileHandle( i.e. NULL in your case ),
FileObject );
- When you send an IRP directly to the FSD the FO’s access rights are not
checked( the FSD trust to the IO Manager). Also, if you decide to use Paging
IO then you may read the data using Paging IO, because for the Paging IO the
access rights must not be checked(!) and do not bother about the file end,
the FSD fills the read buffer up to the file end .
Paging IO can’t change the file size, so before writing beyond end of
the file you must increase the file size. Also, the IoCompleteRequest does
not free the IRP->MdlAddress for the Paging IO, you must free your MDL after
IRP’s completion or set your CompletionRoutine, free the MDL in it and set
IRP->MdlAddress to NULL.
“clark stone” wrote in message news:xxxxx@ntfsd…
>I know the question have been asked,but the answer is not clear for me.
>
> In my IRP_MJ_CLEANUP handler,if the IRP_MJ_CLEANUP is for the file object
> with write access,I want to write some data in the file tail.
> It works fine,except that the file is byte range locked.
>
> In FAQ #44,the answer is:
> Typically, this is done by accessing the file using paging I/O of some
> type.
> The simplest way to achieve this is to memory map the file. Memory mapping
> a
> file can be done in a user mode application or in the kernel using the
> ZwCreateSection, ZwMapViewOfSection, and MmMapViewInSystemSpace
> operations.
> Subsequent access to the file contents are done using this memory mapped
> data region; when data must be fetched from the file it is done so.
>
> But in my case,the question is:
> 1.If I use memory mapping a file.
> ZwCreateSection wants a file handle,so I must use ObOpenObjectByPointer
> to
> get a handle from the file object.
> I’m in IRP_MJ_CLEANUP handler,so I call ObOpenObjectByPointer and ZwClose
> will change the reference count,It will cause reentry or other problem.
> 2.If I use Paging write directly.
> the Paging IO require the offset is aligned.But my data is just follow
> the
> file end,that’s to say,my data is in the file tail.So,I can’t assure that
> my
> data is just offset aligned.
> If I read some data for aligned writing(before my data in align),I can’t
> assure the file object is with read access.
> 3.If I track the Lock IRP and fastIo,and trick it.
> I must face RDR,so if other client’s RDR lock it,I can’t track it.
>
> what shall I do?
> thanks ~~~~~
>
>
>
>
>