In MSDN documents:
https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/writing-preoperation-callback-routines
It is said that “A pre-operation callback can be called at IRQL = PASSIVE_LEVEL or IRQL = APC_LEVEL”
So is this always true? Specifically, in case of share access from a remote machine, which casses the pre callback to be called by the system process (PID 4). is this also always called at APC_LEVEL or PASSIVE_LEVEL?