Hello, Gurus.
For this time, I think that I also need your help. Now I am on problem with
Norton AntiVirus Corporate Edition 9 (NAVCE9). Please give me advice and
pointer to solve my problem.
I have Filesystem filter driver and it hooks ZwCreateFile and its hook
handler checks whether device object related from file object is hooked or
not. In the case of not hooked, it creates device object and attaches that
device object to device object related from file object. It handles both of
local and remote.
As far as I know, it works fine and our filter device object can be attached
and recieve IRP. But with NAVCE9, it fails to do “IoAttachDeviceByPointer”
and does not work. This is only happen on NT4, both W2K and WXP, it works
without problem. When failed error code is STATUS_NO_SUCH_DEVICE.
I tried to replace “IoAttachDeviceByPointer” with
“IoAttachDeviceToDeviceStack” because I found that
“IoAttachDeviceByPointer() is absolute and use IoAttachDeviceToDeviceStack”
description in DDK, but still doesn’t work.
With NAVCE9, device object name what I try to attach is “\Driver\SymEvent”,
without NAVCE9, device object name what I try to attach is
“\Filesystem\Rdr”.
I also read issues on Symantec web site, but still not find any solution to
solve problem, ofcourse, I try to search issues in NTFSD newsgroup and still
not get good solution.
Could anyone give me advice, pointer and etc on this?
Thank you,
Hideyuki Inamasu.