Hello,
I’m developing a file system filter and I want to detect the volumes mounted on the system.
Right now I’m intercepting the IRP_MN_MOUNT_VOLUME requests and use IOCTL_MOUNTMGR_QUERY_POINTS to extract the respective volume’s GUID. It seems to be working all right for now except there is a problem with manually created volumes (from Windows’ Disk Management tool) where the call to IOCTL_MOUNTMGR_QUERY_POINTS hangs. The ones mounted on boot time don’t have any problems. Is there another way/time I could detect volume mounting to avoid the IOCTL_MOUNTMGR_QUERY_POINT problem and better overall?
Thank you.
Are you doing this so that you know what volumes to attach your filter to ?
Any reason you’re not writing a minifilter ? That would take care of this
problem for you in a much more elegant way.
Thanks,
Alex.
I’m doing this to map the volume numbers to volume GUIDs (Ex. HarddiskVolumeX to \?\Volume{26a21bda-a627-11d7-9931-806e6f6e6963}) using ObQueryNameString to retrieve the volume name and then call IOCTL_MOUNTMGR_QUERY_POINTS to extract the GUID. I use this mapping because I need a persistent way of recognizing volumes between shutdowns as the numbering of the volumes can change if some volume are deleted/added. Also this is where I attach to the volumes. There is a lot more functionality to this driver so to write a minifilter from scratch isn’t quite viable right now.
Thanks.
Found the problem. I wad deadlocking myself. The IoCallDriver call for the IOCTL_MOUNTMGR_QUERY_POINTS built irp was producing an IRP_MJ_CLOSE where I was handling something else using the same mutex as for the first operation.
Thanks.