Sorry for the (may be) stupid question, but I’m not a file-systems specialist.
I have a kernel-mode driver that is installed as DISK filter driver (in fact driver is loaded on top of PartMgr.sys) both: as filter for the disk device and filter for partition device.
I need on specific IOCTL to my driver, clear all directory information cahed by Volume devices associated with partitions on my disk.
I tried to send to Volume device a FSCTL_LOCK_DEVICE (according to http://msdn.microsoft.com/en-us/library/aa364575(VS.85).aspx “The system flushes all cached data to the volume before locking it”) and even FSCTL_DISMOUNT_VOLUME. Both returns NTSTATUS_SUCCESS, but when User mode client tries to read Volume, the cached data still be returned (disk is not getting IRP_MJ_READ).
Once again: I need to clear Volumes cache in Kernel mode - I cannot use User mode components.
Did you mean FSCTL_LOCK_VOLUME ? Just to be sure, you did send these to the
file system stack and not the disk stack, right ? Also, it needs to be sent
to the top of that stack (so that all filters can flush their data and close
their handles)…
This approach (FSCTL_LOCK_VOLUME + FSCTL_DISMOUNT_VOLUME) has worked well
for me in the past.
Thank you for prompt reply. Sorry for the stupid error. Yes, of course, I mean FSCTL_LOCK_VOLUME.
My procedure is as follow:
I’m getting the volume name for my disk partition by sending IOCTL_MOUNTDEV_QUERY_DEVICE_NAME
Open volume (ZwCreateFile) for FILE_READ_DATA with FILE_SHARE_READ/WRITE/DELETE
Send (ZwFsControlFile) FSCTL_LOCK_VOLUME/FSCTL_DISMOUNT_VOLUME. In my understanding such method sends FSCTL on top of the file system stack.
I know the same procedure in User mode works fine, but when I do it in kernel mode and then re-try to read Volume root directory, I’m not getting expected IRP_MJ_READ on my disk. Did I something wrong?
Well, the code I wrote at some point in the past uses FILE_READ_DATA |
FILE_WRITE_DATA | SYNCHRONIZE, FILE_SHARE_READ | FILE_SHARE_WRITE and
FILE_SYNCHRONOUS_IO_ALERT to open the handle. I don’t remember how I arrived
at this combination and my code does some other things with the handle as
well so maybe it’s not important…
Anyway, other than that I do the same thing…
Are you sure that after FSCTL_DISMOUNT_VOLUME your volume is dismounted ?
Did you check the VPB in the debugger after you get STATUS_SUCCESS from
dismount?
Also (Win7 & later) IRP_MJ_FLUSH/IRP_MN_FLUSH_AND_PURGE, but it’s neither
documented (outside ntddk), nor implemented in the FAT sources so YMMV
wrote in message news:xxxxx@ntfsd… > Hi Alex, > > With your combination of parameters, volume dismount works. Many thans for > your help. > > With best regards, > > Al >