In an encryption filter, that uses headers, during a file create
if a file is to have a header, I issue a write (4K size) to write the
file header in post-create. Among other scenarios this is also triggered
in case of Word file save, as Word tries to rename a file to the
“headered” file, and I return STATUS_NOT_SAME_DEVICE so that it would
move the data instead, triggering a create, causing the filter to write
a header.
Curiously, this results in an infinite paging IRP_MJ_WRITEs. If
there were an error I’d understand (the CM reissues calls in cases of
insufficient resources, IIRC) - but all of these calls succeed with the
correct Data->IoStatus.Information value.
Any help is greatly appreciated.
–
Kind regards, Dejan M. http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.
Maybe Word is just not prepared to receive this error code,
I am afraid that mostly file managers respect
STATUS_NOT_SAME_DEVICE and do the appropriate action.
This is one of the painful problems with our encryption
filter too. You certainly want to preserve the file’s encryption
if loaded and saved from Word.
You must catch attempt to rewrite existing encrypted file
using rename and perform the rename yourself.
I thought the rename was done by the I/O manager in this case - it did not blow
up with non-headered encryption, so I reckon it has something to do with the extra
write for the header on file create.
If the rename needs to be emulated in the driver, that’s fine, but I’m afraid
something else is the problem here…
Ladislav Zezula wrote:
Maybe Word is just not prepared to receive this error code,
I am afraid that mostly file managers respect
STATUS_NOT_SAME_DEVICE and do the appropriate action.
This is one of the painful problems with our encryption
filter too. You certainly want to preserve the file’s encryption
if loaded and saved from Word.
You must catch attempt to rewrite existing encrypted file
using rename and perform the rename yourself.
> I thought the rename was done by the I/O manager in this case - it did not
blow
up with non-headered encryption, so I reckon it has something to do with
the extra
write for the header on file create.
You mean STATUS_NOT_SAME_DEVICE is handled by
the I/O manager ? Can someone confirm this information ?
I don’t know why it triggers infinite writes, this is the way we
solved it.
If the rename needs to be emulated in the driver, that’s fine, but I’m
afraid
something else is the problem here…
Test the code well with the network, and especially with a Linux server.
I have found some incompatibilities with Windows server in rename
support. If anyone knows another caveats in this case, I appreciate
them to know.
the I/O manager ? Can someone confirm this information ?
I don’t know why it triggers infinite writes, this is the way we
solved it.
You mean you had the infinite calls, or this is how you solved other issue(s)?
Test the code well with the network, and especially with a Linux server.
I have found some incompatibilities with Windows server in rename
support. If anyone knows another caveats in this case, I appreciate
them to know.
Thanks for the tip.
–
Kind regards, Dejan M. http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.
----- Original Message -----
From: “Dejan Maksimovic” To: “Windows File Systems Devs Interest List” Sent: Monday, October 24, 2005 8:27 AM Subject: Re: [ntfsd] Infinite CM writes
> > Rejected? What exactly do you mean? > > “Maxim S. Shatskih” wrote: > > > > You mean STATUS_NOT_SAME_DEVICE is handled by > > > the I/O manager ? Can someone confirm this information ? > > > > I can. It is rejected in the IO manager without even calling your driver. > > – > Kind regards, Dejan M. > http://www.alfasp.com E-mail: xxxxx@alfasp.com > Alfa Transparent File Encryptor - Transparent file encryption services. > Alfa File Protector - File protection and hiding library for Win32 developers. > Alfa File Monitor - File monitoring library for Win32 developers. > > > > — > Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17 > > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com > To unsubscribe send a blank email to xxxxx@lists.osr.com
Quite curious, I had returned STATUS_NOT_SAME_DEVICE in the previous driver and
the rename was emulated by some OS component (whether it’s the I/O manager, or
RenameFile API I did not check, but it surely was done).
“Maxim S. Shatskih” wrote:
Failed. IO manager checks for cross-volume rename/move and fails them even
before calling any dispatch routines of any driver.
–
Kind regards, Dejan M. http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.
> Quite curious, I had returned STATUS_NOT_SAME_DEVICE in the previous
driver and
the rename was emulated by some OS component (whether it’s the I/O
manager, or
RenameFile API I did not check, but it surely was done).
MoveFileEx with MOVEFILE_COPY_ALLOWED flag I think.
The question is whether all applications in the world use it
(I bet 10 of my salaries that not all of them do).
If you will rely on this flag, I think that you will sooner or later
encounter an application which will not work under your filter.
> I don’t know why it triggers infinite writes, this is the way we
> solved it.
You mean you had the infinite calls, or this is how you solved other
issue(s)?
I’ve never seen the infinite calls, we solved rename problem by emulating
rename operation in the filter driver. We created a worker thread who
does complete Open - Copy - Close operation.
> MoveFileEx with MOVEFILE_COPY_ALLOWED flag I think.
The question is whether all applications in the world use it
(I bet 10 of my salaries that not all of them do).
If you will rely on this flag, I think that you will sooner or later
encounter an application which will not work under your filter.
In case of simple rename (same folder just a different file name), one can
assume it will be on the same drive. However, in any other case (different folder),
any application has to assume the folders can be on different drives (due to mount
points).
I’ve never seen the infinite calls, we solved rename problem by emulating
rename operation in the filter driver. We created a worker thread who
does complete Open - Copy - Close operation.
I’ll do that today, no other way it seems.
–
Kind regards, Dejan M. http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.
On 10/24/05, Dejan Maksimovic wrote: > > MoveFileEx with MOVEFILE_COPY_ALLOWED flag I think. > > The question is whether all applications in the world use it > > (I bet 10 of my salaries that not all of them do). > > If you will rely on this flag, I think that you will sooner or later > > encounter an application which will not work under your filter. > > In case of simple rename (same folder just a different file name), one can > assume it will be on the same drive. However, in any other case (different folder), > any application has to assume the folders can be on different drives (due to mount > points). >
Yes, the blog does say CopyFileEx uses memory mapping. But if I attach
notepad to windbg, with breakpoints at CopyFileEx, ReadFile,
WriteFile, and CreateFileMappingW, and in the File->Open dialog if you
copy/paste a file, you wont see any hit at ReadFile or
CreateFileMappingW after CopyFileEx is called.
Atleast this is the behaviour I see on my WinXP Sp2. Can you check on
your PC? Thanks.
On 10/25/05, Dejan Maksimovic wrote: > > I may need to re-read this three times, but it DOES say CopyFileEx uses memory > mapping. > > F Lace wrote: > > > How did you guys implement CopyFileEx in your encryption filter? > > Copy/paste uses CopyFileEx, which doesnt seem to call NtReadFile. > > Neither does it attempt to create a file mapping, as said at: > > http://blogs.msdn.com/oldnewthing/archive/2004/01/06/47937.aspx#48161 > > – > Kind regards, Dejan M. > http://www.alfasp.com E-mail: xxxxx@alfasp.com > Alfa Transparent File Encryptor - Transparent file encryption services. > Alfa File Protector - File protection and hiding library for Win32 developers. > Alfa File Monitor - File monitoring library for Win32 developers. > > > > — > Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17 > > You are currently subscribed to ntfsd as: xxxxx@gmail.com > To unsubscribe send a blank email to xxxxx@lists.osr.com >
Yes, the blog does say CopyFileEx uses memory mapping. But if I attach
notepad to windbg, with breakpoints at CopyFileEx, ReadFile,
WriteFile, and CreateFileMappingW, and in the File->Open dialog if you
copy/paste a file, you wont see any hit at ReadFile or
CreateFileMappingW after CopyFileEx is called.
Atleast this is the behaviour I see on my WinXP Sp2. Can you check on
your PC? Thanks.
On 10/25/05, Dejan Maksimovic wrote: > > > > I may need to re-read this three times, but it DOES say CopyFileEx uses memory > > mapping. > > > > F Lace wrote: > > > > > How did you guys implement CopyFileEx in your encryption filter? > > > Copy/paste uses CopyFileEx, which doesnt seem to call NtReadFile. > > > Neither does it attempt to create a file mapping, as said at: > > > http://blogs.msdn.com/oldnewthing/archive/2004/01/06/47937.aspx#48161 > > > > – > > Kind regards, Dejan M. > > http://www.alfasp.com E-mail: xxxxx@alfasp.com > > Alfa Transparent File Encryptor - Transparent file encryption services. > > Alfa File Protector - File protection and hiding library for Win32 developers. > > Alfa File Monitor - File monitoring library for Win32 developers. > > > > > > > > — > > Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17 > > > > You are currently subscribed to ntfsd as: xxxxx@gmail.com > > To unsubscribe send a blank email to xxxxx@lists.osr.com > > > > — > Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17 > > You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’ > To unsubscribe send a blank email to xxxxx@lists.osr.com
– Kind regards, Dejan M. http://www.alfasp.com E-mail: xxxxx@alfasp.com Alfa Transparent File Encryptor - Transparent file encryption services. Alfa File Protector - File protection and hiding library for Win32 developers. Alfa File Monitor - File monitoring library for Win32 developers.