I want to monitor changes in directory from mini-filter driver. I think mini-filters can use this function to get notified of the change to files/directory in the underlining file systems. When a change occurs, the supplied FilterCallback function get called. Thats how I understood about this function. Please correct me if I am wrong.
I call this function inside PreDirectoryCallback function of the mini-filter. I return FLT_PREOP_COMPLETE after calling FltNotifyFilterChangeDirectory function. Is the return value correct? or should I be returning any other values.
The call to FltNotifyFilterChangeDirectory succeeds but FilterCallback function never get called for any changes in the directory or files.
Thank you
Bala
Just some ideas:
I don’t think that FltNotifyFilterChangeDirectory is to be used to get notifications when you want to monitor changes in a directory. AFAIK FltNotifyFilterChangeDirectory is much like the minifilter version of FsRtlNotifyFilterChangeDirectory and can be used to implement handling of IRP_MN_NOTIFY_CHANGE_DIRECTORY requests in a minifilter (I haven’t used it, so, if I’m wrong, I hope somebody out there will correct me).
On the other hand, I don’t really know about any clean way to monitor changes in a directory from a mini-filter driver. But there are two possibilities that I know about: 1) ZwNotifyChangeDirectoryFile (this is an un-documented native API, google for NtNotifyChangeDirectoryFile) or 2) issue your own IRP with IRP_MN_NOTIFY_CHANGE_DIRECTORY. Use all those at your own risk 
Sandor LUKACS
Sandor,
Thank you for the information. I understand it better now. I think the
documentation is not very clear about this function. At the bottom
line it says “When a change occurs to the directory, the FILE SYSTEM
calls FsRtlNotifyFilterReportChange to complete the pending”. May be
it should read “MINI-FILTER calls”
I think I better use your second method of suggestion to get notified
about changes.
Thank you
Bala
On 7/12/07, xxxxx@bitdefender.com wrote:
> Just some ideas:
>
> I don’t think that FltNotifyFilterChangeDirectory is to be used to get notifications when you want to monitor changes in a directory. AFAIK FltNotifyFilterChangeDirectory is much like the minifilter version of FsRtlNotifyFilterChangeDirectory and can be used to implement handling of IRP_MN_NOTIFY_CHANGE_DIRECTORY requests in a minifilter (I haven’t used it, so, if I’m wrong, I hope somebody out there will correct me).
>
> On the other hand, I don’t really know about any clean way to monitor changes in a directory from a mini-filter driver. But there are two possibilities that I know about: 1) ZwNotifyChangeDirectoryFile (this is an un-documented native API, google for NtNotifyChangeDirectoryFile) or 2) issue your own IRP with IRP_MN_NOTIFY_CHANGE_DIRECTORY. Use all those at your own risk
>
> Sandor LUKACS
>
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>