How to trap the read operations of notepad.exe?

OSR_Community_User · September 5, 2003, 6:25am

Hi,
In my filter, I hooked all the operations of a special file. For test,
I used the notepad.exe to open the file, and only the first time, I got the
IRP_MJ_READ request, since then, neither FASTIOREAD nor IRP_MJ_READ occered,
but notepad could also get the data from the file correctly. Why and how to
trap this request?

Thanks in advance!
protale

Dan_Partelly · September 5, 2003, 8:43am

Notepad uses memory mapped files. So trapping paging IO will do the trick.

Dan
----- Original Message -----
From: “protale”
To: “File Systems Developers”
Sent: Friday, September 05, 2003 1:24 PM
Subject: [ntfsd] How to trap the read operations of notepad.exe?

> Hi,
> In my filter, I hooked all the operations of a special file. For
test,
> I used the notepad.exe to open the file, and only the first time, I got
the
> IRP_MJ_READ request, since then, neither FASTIOREAD nor IRP_MJ_READ
occered,
> but notepad could also get the data from the file correctly. Why and how
to
> trap this request?
>
> Thanks in advance!
> protale
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

OSR_Community_User · September 8, 2003, 5:21am

Hi,

Thanks Dan, the situation is just as you have said.(I have written a
win32 application to test the mapped file I/O, and the filter couldn’t trap
the reading or writing operations of it.)

The following is the code fragments of test program, and the filter
responsed nothing but
IRP_MJ_CREATE/QUERY_STANDARD_INFORMATION/CLEANUP/CLOSE.
//=================================
OpenFile();
if(m_hFile != INVALID_HANDLE_VALUE)
{
handle = CreateFileMapping(m_hFile, NULL, PAGE_READWRITE, 0, 0, NULL);
if(handle)
{
char *p = (char*)MapViewOfFile(handle, FILE_MAP_ALL_ACCESS, 0, 0,
0);
m_szFileData = p;
UnmapViewOfFile(p);
}
CloseHandle(m_hFile);
}
//=================================

“trapping paging IO will do the trick” – I don’t understand exactly,
could you give me more details?

I notice that Filemon also can’t trap the operations mentioned above.

Best regards,
protale.

----- Original Message -----
From: “Dan Partelly”
To: “File Systems Developers”
Sent: Friday, September 05, 2003 1:24 PM
Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
>
>
>Notepad uses memory mapped files. So trapping paging IO will do the trick.
>
>Dan
>----- Original Message -----
>From: “protale”
>To: “File Systems Developers”
>Sent: Friday, September 05, 2003 1:24 PM
>Subject: [ntfsd] How to trap the read operations of notepad.exe?
>
>
>> Hi,
>> In my filter, I hooked all the operations of a special file. For
>test,
>> I used the notepad.exe to open the file, and only the first time, I got
>the
>> IRP_MJ_READ request, since then, neither FASTIOREAD nor IRP_MJ_READ
>occered,
>> but notepad could also get the data from the file correctly. Why and how
>to
>> trap this request?
>>
>> Thanks in advance!
>> protale
>>

Alexey_Logachyov · September 8, 2003, 11:18am

Well, no wonder. m_szFileData = p assigns a pointer but does not read data
from memory

-htfv

----- Original Message -----
From: “protale”
To: “File Systems Developers”
Sent: Monday, September 08, 2003 12:21 PM
Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?

> Hi,
>
> Thanks Dan, the situation is just as you have said.(I have written a
> win32 application to test the mapped file I/O, and the filter couldn’t
trap
> the reading or writing operations of it.)
>
> The following is the code fragments of test program, and the filter
> responsed nothing but
> IRP_MJ_CREATE/QUERY_STANDARD_INFORMATION/CLEANUP/CLOSE.
> //=================================
> OpenFile();
> if(m_hFile != INVALID_HANDLE_VALUE)
> {
> handle = CreateFileMapping(m_hFile, NULL, PAGE_READWRITE, 0, 0,
NULL);
> if(handle)
> {
> char p = (char)MapViewOfFile(handle, FILE_MAP_ALL_ACCESS, 0,
0,
> 0);
> m_szFileData = p;
> UnmapViewOfFile(p);
> }
> CloseHandle(m_hFile);
> }
> //=================================
>
> “trapping paging IO will do the trick” – I don’t understand exactly,
> could you give me more details?
>
> I notice that Filemon also can’t trap the operations mentioned above.
>
> Best regards,
> protale.
>
> ----- Original Message -----
> From: “Dan Partelly”
> To: “File Systems Developers”
> Sent: Friday, September 05, 2003 1:24 PM
> Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
> >
> >
> >Notepad uses memory mapped files. So trapping paging IO will do the
trick.
> >
> >Dan
> >----- Original Message -----
> >From: “protale”
> >To: “File Systems Developers”
> >Sent: Friday, September 05, 2003 1:24 PM
> >Subject: [ntfsd] How to trap the read operations of notepad.exe?
> >
> >
> >> Hi,
> >> In my filter, I hooked all the operations of a special file. For
> >test,
> >> I used the notepad.exe to open the file, and only the first time, I got
> >the
> >> IRP_MJ_READ request, since then, neither FASTIOREAD nor IRP_MJ_READ
> >occered,
> >> but notepad could also get the data from the file correctly. Why and
how
> >to
> >> trap this request?
> >>
> >> Thanks in advance!
> >> protale
> >>
>
>
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

OSR_Community_User · September 8, 2003, 9:07pm

Hi,

Sorry, I declared the m_szFileData as CString.

CSting m_szFileData;

Best regards,
protale

----- Original Message -----
From: “Alexey Logachyov”
To: “File Systems Developers”
Sent: Monday, September 08, 2003 8:18 PM
Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?

> Well, no wonder. m_szFileData = p assigns a pointer but does not read data
> from memory
>
> -htfv
>
>
>
> ----- Original Message -----
> From: “protale”
> To: “File Systems Developers”
> Sent: Monday, September 08, 2003 12:21 PM
> Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
>
>
> > Hi,
> >
> > Thanks Dan, the situation is just as you have said.(I have written a
> > win32 application to test the mapped file I/O, and the filter couldn’t
> trap
> > the reading or writing operations of it.)
> >
> > The following is the code fragments of test program, and the filter
> > responsed nothing but
> > IRP_MJ_CREATE/QUERY_STANDARD_INFORMATION/CLEANUP/CLOSE.
> > //=================================
> > OpenFile();
> > if(m_hFile != INVALID_HANDLE_VALUE)
> > {
> > handle = CreateFileMapping(m_hFile, NULL, PAGE_READWRITE, 0, 0,
> NULL);
> > if(handle)
> > {
> > char p = (char)MapViewOfFile(handle, FILE_MAP_ALL_ACCESS,
0,
> 0,
> > 0);
> > m_szFileData = p;
> > UnmapViewOfFile(p);
> > }
> > CloseHandle(m_hFile);
> > }
> > //=================================
> >
> > “trapping paging IO will do the trick” – I don’t understand exactly,
> > could you give me more details?
> >
> > I notice that Filemon also can’t trap the operations mentioned
above.
> >
> > Best regards,
> > protale.
> >
> > ----- Original Message -----
> > From: “Dan Partelly”
> > To: “File Systems Developers”
> > Sent: Friday, September 05, 2003 1:24 PM
> > Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
> > >
> > >
> > >Notepad uses memory mapped files. So trapping paging IO will do the
> trick.
> > >
> > >Dan
> > >----- Original Message -----
> > >From: “protale”
> > >To: “File Systems Developers”
> > >Sent: Friday, September 05, 2003 1:24 PM
> > >Subject: [ntfsd] How to trap the read operations of notepad.exe?
> > >
> > >
> > >> Hi,
> > >> In my filter, I hooked all the operations of a special file. For
> > >test,
> > >> I used the notepad.exe to open the file, and only the first time, I
got
> > >the
> > >> IRP_MJ_READ request, since then, neither FASTIOREAD nor IRP_MJ_READ
> > >occered,
> > >> but notepad could also get the data from the file correctly. Why and
> how
> > >to
> > >> trap this request?
> > >>
> > >> Thanks in advance!
> > >> protale
> > >>
> >
> >
> >
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@21cn.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Alexey_Logachyov · September 9, 2003, 8:39am

Don’t make me mad. sz means zero terminated string. Now for the problem.
First, are you sure hat string is assigned and pointer is not converted to
integer? Second, are you sure that file was not opened and cached before and
pages are not already in memory. Third, are you sure that your filter works?
I guess you must understand that data cannot appearin memory from
nowhere. It must be read from disk. Your task is only to intercept request
in right time in right place.

-htfv

----- Original Message -----
From: “protale”
To: “File Systems Developers”
Sent: Tuesday, September 09, 2003 4:07 AM
Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?

> Hi,
>
> Sorry, I declared the m_szFileData as CString.
>
> CSting m_szFileData;
>
> Best regards,
> protale
>
>
> ----- Original Message -----
> From: “Alexey Logachyov”
> To: “File Systems Developers”
> Sent: Monday, September 08, 2003 8:18 PM
> Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
>
>
> > Well, no wonder. m_szFileData = p assigns a pointer but does not read
data
> > from memory
> >
> > -htfv
> >
> >
> >
> > ----- Original Message -----
> > From: “protale”
> > To: “File Systems Developers”
> > Sent: Monday, September 08, 2003 12:21 PM
> > Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
> >
> >
> > > Hi,
> > >
> > > Thanks Dan, the situation is just as you have said.(I have written
a
> > > win32 application to test the mapped file I/O, and the filter couldn’t
> > trap
> > > the reading or writing operations of it.)
> > >
> > > The following is the code fragments of test program, and the
filter
> > > responsed nothing but
> > > IRP_MJ_CREATE/QUERY_STANDARD_INFORMATION/CLEANUP/CLOSE.
> > > //=================================
> > > OpenFile();
> > > if(m_hFile != INVALID_HANDLE_VALUE)
> > > {
> > > handle = CreateFileMapping(m_hFile, NULL, PAGE_READWRITE, 0, 0,
> > NULL);
> > > if(handle)
> > > {
> > > char p = (char)MapViewOfFile(handle, FILE_MAP_ALL_ACCESS,
> 0,
> > 0,
> > > 0);
> > > m_szFileData = p;
> > > UnmapViewOfFile(p);
> > > }
> > > CloseHandle(m_hFile);
> > > }
> > > //=================================
> > >
> > > “trapping paging IO will do the trick” – I don’t understand
exactly,
> > > could you give me more details?
> > >
> > > I notice that Filemon also can’t trap the operations mentioned
> above.
> > >
> > > Best regards,
> > > protale.
> > >
> > > ----- Original Message -----
> > > From: “Dan Partelly”
> > > To: “File Systems Developers”
> > > Sent: Friday, September 05, 2003 1:24 PM
> > > Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
> > > >
> > > >
> > > >Notepad uses memory mapped files. So trapping paging IO will do the
> > trick.
> > > >
> > > >Dan
> > > >----- Original Message -----
> > > >From: “protale”
> > > >To: “File Systems Developers”
> > > >Sent: Friday, September 05, 2003 1:24 PM
> > > >Subject: [ntfsd] How to trap the read operations of notepad.exe?
> > > >
> > > >
> > > >> Hi,
> > > >> In my filter, I hooked all the operations of a special file. For
> > > >test,
> > > >> I used the notepad.exe to open the file, and only the first time, I
> got
> > > >the
> > > >> IRP_MJ_READ request, since then, neither FASTIOREAD nor IRP_MJ_READ
> > > >occered,
> > > >> but notepad could also get the data from the file correctly. Why
and
> > how
> > > >to
> > > >> trap this request?
> > > >>
> > > >> Thanks in advance!
> > > >> protale
> > > >>
> > >
> > >
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> > >
> >
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@21cn.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

OSR_Community_User · September 9, 2003, 9:40pm

haha,

Firstly, I’m sorry for making you mad, this just because I have
incorrect habits of variable defining.

Secondly, I have already solved the problem.(Thanks for Dan’s help,
I understand the “PAGING IO” now).

And the following message correctly described the mistakes of my
filter(“that file was not opened and cached before…”).
Thanks for your response again.

Best regards,
protale

----- Original Message -----
From: “Alexey Logachyov”
To: “File Systems Developers”
Sent: Tuesday, September 09, 2003 8:38 PM
Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?

> Don’t make me mad. sz means zero terminated string. Now for the problem.
> First, are you sure hat string is assigned and pointer is not converted to
> integer? Second, are you sure that file was not opened and cached before
and
> pages are not already in memory. Third, are you sure that your filter
works?
> I guess you must understand that data cannot appearin memory from
> nowhere. It must be read from disk. Your task is only to intercept request
> in right time in right place.
>
> -htfv
>
>
>
> ----- Original Message -----
> From: “protale”
> To: “File Systems Developers”
> Sent: Tuesday, September 09, 2003 4:07 AM
> Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
>
>
> > Hi,
> >
> > Sorry, I declared the m_szFileData as CString.
> >
> > CSting m_szFileData;
> >
> > Best regards,
> > protale
> >
> >
> > ----- Original Message -----
> > From: “Alexey Logachyov”
> > To: “File Systems Developers”
> > Sent: Monday, September 08, 2003 8:18 PM
> > Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
> >
> >
> > > Well, no wonder. m_szFileData = p assigns a pointer but does not read
> data
> > > from memory
> > >
> > > -htfv
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: “protale”
> > > To: “File Systems Developers”
> > > Sent: Monday, September 08, 2003 12:21 PM
> > > Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
> > >
> > >
> > > > Hi,
> > > >
> > > > Thanks Dan, the situation is just as you have said.(I have
written
> a
> > > > win32 application to test the mapped file I/O, and the filter
couldn’t
> > > trap
> > > > the reading or writing operations of it.)
> > > >
> > > > The following is the code fragments of test program, and the
> filter
> > > > responsed nothing but
> > > > IRP_MJ_CREATE/QUERY_STANDARD_INFORMATION/CLEANUP/CLOSE.
> > > > //=================================
> > > > OpenFile();
> > > > if(m_hFile != INVALID_HANDLE_VALUE)
> > > > {
> > > > handle = CreateFileMapping(m_hFile, NULL, PAGE_READWRITE, 0,
0,
> > > NULL);
> > > > if(handle)
> > > > {
> > > > char p = (char)MapViewOfFile(handle,
FILE_MAP_ALL_ACCESS,
> > 0,
> > > 0,
> > > > 0);
> > > > m_szFileData = p;
> > > > UnmapViewOfFile(p);
> > > > }
> > > > CloseHandle(m_hFile);
> > > > }
> > > > //=================================
> > > >
> > > > “trapping paging IO will do the trick” – I don’t understand
> exactly,
> > > > could you give me more details?
> > > >
> > > > I notice that Filemon also can’t trap the operations mentioned
> > above.
> > > >
> > > > Best regards,
> > > > protale.
> > > >
> > > > ----- Original Message -----
> > > > From: “Dan Partelly”
> > > > To: “File Systems Developers”
> > > > Sent: Friday, September 05, 2003 1:24 PM
> > > > Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
> > > > >
> > > > >
> > > > >Notepad uses memory mapped files. So trapping paging IO will do the
> > > trick.
> > > > >
> > > > >Dan
> > > > >----- Original Message -----
> > > > >From: “protale”
> > > > >To: “File Systems Developers”
> > > > >Sent: Friday, September 05, 2003 1:24 PM
> > > > >Subject: [ntfsd] How to trap the read operations of notepad.exe?
> > > > >
> > > > >
> > > > >> Hi,
> > > > >> In my filter, I hooked all the operations of a special file. For
> > > > >test,
> > > > >> I used the notepad.exe to open the file, and only the first time,
I
> > got
> > > > >the
> > > > >> IRP_MJ_READ request, since then, neither FASTIOREAD nor
IRP_MJ_READ
> > > > >occered,
> > > > >> but notepad could also get the data from the file correctly. Why
> and
> > > how
> > > > >to
> > > > >> trap this request?
> > > > >>
> > > > >> Thanks in advance!
> > > > >> protale
> > > > >>
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> > > > To unsubscribe send a blank email to
xxxxx@lists.osr.com
> > > >
> > > >
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntfsd as: xxxxx@21cn.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> >
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@21cn.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Alexey_Logachyov · September 10, 2003, 5:21pm

Oh really? So, perhaps you’re gonna teach me Hungarian notation? sz means
zero terminated string. str is usually used for CString. That’s it! The
whole Hungarian notation was invented to help developers to understand what
type variable belongs to without seeing its declaration. How the hell I can
know that you declared this var as CString?

-htfv

----- Original Message -----
From: “protale”
To: “File Systems Developers”
Sent: Wednesday, September 10, 2003 4:40 AM
Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?

> haha,
>
> Firstly, I’m sorry for making you mad, this just because I have
> incorrect habits of variable defining.
>
> Secondly, I have already solved the problem.(Thanks for Dan’s
help,
> I understand the “PAGING IO” now).
>
> And the following message correctly described the mistakes of my
> filter(“that file was not opened and cached before…”).
> Thanks for your response again.
>
> Best regards,
> protale
>
> ----- Original Message -----
> From: “Alexey Logachyov”
> To: “File Systems Developers”
> Sent: Tuesday, September 09, 2003 8:38 PM
> Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
>
>
> > Don’t make me mad. sz means zero terminated string. Now for the problem.
> > First, are you sure hat string is assigned and pointer is not converted
to
> > integer? Second, are you sure that file was not opened and cached before
> and
> > pages are not already in memory. Third, are you sure that your filter
> works?
> > I guess you must understand that data cannot appearin memory from
> > nowhere. It must be read from disk. Your task is only to intercept
request
> > in right time in right place.
> >
> > -htfv
> >
> >
> >
> > ----- Original Message -----
> > From: “protale”
> > To: “File Systems Developers”
> > Sent: Tuesday, September 09, 2003 4:07 AM
> > Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
> >
> >
> > > Hi,
> > >
> > > Sorry, I declared the m_szFileData as CString.
> > >
> > > CSting m_szFileData;
> > >
> > > Best regards,
> > > protale
> > >
> > >
> > > ----- Original Message -----
> > > From: “Alexey Logachyov”
> > > To: “File Systems Developers”
> > > Sent: Monday, September 08, 2003 8:18 PM
> > > Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
> > >
> > >
> > > > Well, no wonder. m_szFileData = p assigns a pointer but does not
read
> > data
> > > > from memory
> > > >
> > > > -htfv
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: “protale”
> > > > To: “File Systems Developers”
> > > > Sent: Monday, September 08, 2003 12:21 PM
> > > > Subject: [ntfsd] Re: How to trap the read operations of notepad.exe?
> > > >
> > > >
> > > > > Hi,
> > > > >
> > > > > Thanks Dan, the situation is just as you have said.(I have
> written
> > a
> > > > > win32 application to test the mapped file I/O, and the filter
> couldn’t
> > > > trap
> > > > > the reading or writing operations of it.)
> > > > >
> > > > > The following is the code fragments of test program, and the
> > filter
> > > > > responsed nothing but
> > > > > IRP_MJ_CREATE/QUERY_STANDARD_INFORMATION/CLEANUP/CLOSE.
> > > > > //=================================
> > > > > OpenFile();
> > > > > if(m_hFile != INVALID_HANDLE_VALUE)
> > > > > {
> > > > > handle = CreateFileMapping(m_hFile, NULL, PAGE_READWRITE, 0,
> 0,
> > > > NULL);
> > > > > if(handle)
> > > > > {
> > > > > char p = (char)MapViewOfFile(handle,
> FILE_MAP_ALL_ACCESS,
> > > 0,
> > > > 0,
> > > > > 0);
> > > > > m_szFileData = p;
> > > > > UnmapViewOfFile(p);
> > > > > }
> > > > > CloseHandle(m_hFile);
> > > > > }
> > > > > //=================================
> > > > >
> > > > > “trapping paging IO will do the trick” – I don’t understand
> > exactly,
> > > > > could you give me more details?
> > > > >
> > > > > I notice that Filemon also can’t trap the operations
mentioned
> > > above.
> > > > >
> > > > > Best regards,
> > > > > protale.
> > > > >
> > > > > ----- Original Message -----
> > > > > From: “Dan Partelly”
> > > > > To: “File Systems Developers”
> > > > > Sent: Friday, September 05, 2003 1:24 PM
> > > > > Subject: [ntfsd] Re: How to trap the read operations of
notepad.exe?
> > > > > >
> > > > > >
> > > > > >Notepad uses memory mapped files. So trapping paging IO will do
the
> > > > trick.
> > > > > >
> > > > > >Dan
> > > > > >----- Original Message -----
> > > > > >From: “protale”
> > > > > >To: “File Systems Developers”
> > > > > >Sent: Friday, September 05, 2003 1:24 PM
> > > > > >Subject: [ntfsd] How to trap the read operations of notepad.exe?
> > > > > >
> > > > > >
> > > > > >> Hi,
> > > > > >> In my filter, I hooked all the operations of a special file.
For
> > > > > >test,
> > > > > >> I used the notepad.exe to open the file, and only the first
time,
> I
> > > got
> > > > > >the
> > > > > >> IRP_MJ_READ request, since then, neither FASTIOREAD nor
> IRP_MJ_READ
> > > > > >occered,
> > > > > >> but notepad could also get the data from the file correctly.
Why
> > and
> > > > how
> > > > > >to
> > > > > >> trap this request?
> > > > > >>
> > > > > >> Thanks in advance!
> > > > > >> protale
> > > > > >>
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > —
> > > > > You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> > > > > To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as: xxxxx@21cn.com
> > > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > > >
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> >
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@21cn.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>