Hi!
As per the IFS documentation minifilters should use Fltxxx routines instead of Zwxxx routines. for example minifilters should use FltSetSecurityObject instead of ZwSecurityObject…
Why is it so??
And is it safe to use Zwxx routines??
Will the use of Zwxxx routines impose any restrictions??
Thanks…
Ayush
>And is it safe to use Zwxx routines??
No, it is unsafe.
For example if you use ZwWriteFile for a cached file and you are called in
the context of the lazy write thread the system may be dead locked. Also,
all Zw* functions send IRP to the top of the device stack, this reentrance
may lead to a dead lock.
–
Slava Imameyev, xxxxx@hotmail.com
wrote in message news:xxxxx@ntfsd…
> Hi!
> As per the IFS documentation minifilters should use Fltxxx routines
> instead of Zwxxx routines. for example minifilters should use
> FltSetSecurityObject instead of ZwSecurityObject…
> Why is it so??
> And is it safe to use Zwxx routines??
> Will the use of Zwxxx routines impose any restrictions??
>
> Thanks…
> Ayush
>
>
Thanks Slava…
But as mentioned by Neal in one of the posts related to FltSetSecurityObject, there is a bug in the filter manager itself with regard to FltSetsecurityObject…
What should i do for this??
Kindly go through the post if possible…
> What should i do for this??
If this was a filter driver, I would send IRP_MJ_SET_SECURITY.
–
Slava Imameyev, xxxxx@hotmail.com
wrote in message news:xxxxx@ntfsd…
> Thanks Slava…
> But as mentioned by Neal in one of the posts related to
> FltSetSecurityObject, there is a bug in the filter manager itself with
> regard to FltSetsecurityObject…
> What should i do for this??
> Kindly go through the post if possible…
>
You mean that i should implement a complete filter driver instead of a minifilter and send an IRP in the following way:
Is this ok?
Please don’t confuse “sending an IRP” with “building a monolithic/legacy filter driver”.
A mini-filter uses the buddy driver model - filter manager is the legacy filter, you are building a cooperating driver that communicates with filter manager. However, you are still building a driver and you can still call any OS-exported function.
Others have pointed out to you reasons why this is a dangerous technique and I agree with their analysis on this point - you should use filter manager routines when you can because filter manager will tell you when you are doing something that doesn’t work (for exmaple) and will generally minimize your chances of getting into trouble.
Filter manager is NOT a panacea, however. File system filter drivers are some of the most complex drivers to write, with or without filter manager. The advantage of filter manager is that it solves many of the filtering related issues, but honestly you still have to understand the file systems and the OS in order to safely build a filter driver.
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
thanks tony…
but the problem is that even if i build a callback data using FltallocateCallbackData() and set it to IRP_MJ_SET_SECURITY, the problem doesnt get solved… because as pointed out by Neal in one of the posts, the problem is with some support routines that ultimately convert this to an irp…
So, i thought that implementing a complete filter driver is the only way out ( considering that using ZwSetSecurityObject() is not safe)…
what do u recommend?
You seem to miss my point: do what others have suggested and either call the Zw function in this case OR build an IRP and send it. You can do either one from a mini-filter. I do not understand why you think that sending an IRP means you can’t use the filter manager.
There *is* a separate issue that the filter manager has no way of giving it back an IRP and saying “please insert this IRP into the call sequence at the mini-filter below me” which means you have to decide in your driver where to send the IRP - the interop safest choice is to send it to the FSD, but it will annoy any filter between you and the FSD that they don’t see those operations.
We actually have this issue in our Data Modification Kit - we’re building a layered FSD and while we’d love to send the IRPs directly to the next mini-filter, the mini-filter folks don’t give us a mechanism for doing so and thus we have to choose to either inject the IRP above or below the mini-filter device.
I also think you take too simplistic a perspective here - we give a general rule (do not use ZwXxx calls from a mini-filter) and a specific rule (in these circumstances you can send ZwSetSecurityObject) that is an exception to the general rule. Such general rules with specific exceptions are very common, and it does not mean the general rule is incorrect (any more than arguing that one should ignore Newtonian Physics because it isn’t always true.)
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
Hello mad ayush
I think you better stop hacking and do some learning. Read the Nagar book.
At least four times. Read the flashlight book. At least three times. Read
all of the DDK 3790.1830 documentation for IFS KIT. Twice. Then read all of
Nagar again. Twice. Then read all of Nagar again. In the meantime take the
osr courses on drivers, and file systems, and debug. Read of the OSR IFS FAQ
until you know it by heart. Read the archives for mtfsd and ntdev. Then read
the archives for ntfsd again. The get a pencil and read Nagar and make
margin notes where you realise things changed. Repeat until pencil is not
used. Then hack.
Lyndon
wrote in message news:xxxxx@ntfsd…
> Hi!
> As per the IFS documentation minifilters should use Fltxxx routines
> instead of Zwxxx routines. for example minifilters should use
> FltSetSecurityObject instead of ZwSecurityObject…
> Why is it so??
> And is it safe to use Zwxx routines??
> Will the use of Zwxxx routines impose any restrictions??
>
> Thanks…
> Ayush
>
>
Hi Lyndon!! :-)… Thanks for ur advice…
I never knew that people out here could give such NICE advices rather than solving the queries…
Thanks once again…
My recommendation for this particular scenario is to use
ZwSetSecurityObject. One of the many issues with using the Zw APIs is
that doing recursive IO to the top of the stack can lead to failures due
to stack overflows and deadlocks. I believe it would be a rare scenario
for this particular operation since very few filters actually filter it
(thought it is possible). It is unfortunate that we had this bug for
this particular operation.
One other note about the Zw APIs. If you open a file using
ZwCreateFileXxx and use a Zw API on it, the operation will be properly
targeted and only go to filters below you.
By the way I believe the idea of rolling an IRP from a minifilter and
sending it to the file system directly and skipping filters in-between
is evil. Tony, I would be very interested to know why you needed to do
this.
Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no
Rights
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.com
Sent: Wednesday, October 11, 2006 12:06 PM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] Is it safe to use Zwxxx routines in a minifilter?
thanks tony…
but the problem is that even if i build a callback data using
FltallocateCallbackData() and set it to IRP_MJ_SET_SECURITY, the problem
doesnt get solved… because as pointed out by Neal in one of the posts,
the problem is with some support routines that ultimately convert this
to an irp…
So, i thought that implementing a complete filter driver is the only way
out ( considering that using ZwSetSecurityObject() is not safe)…
what do u recommend?
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Hi Neal,
You said:
“If you open a file using ZwCreateFileXxx and use a Zw API on it, the
operation will be properly targeted and only go to filters below you.”
Did you mean to to say “FltCreateFileXxx”?
Thanks,
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neal Christiansen
Sent: Friday, November 03, 2006 12:18 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Is it safe to use Zwxxx routines in a minifilter?
My recommendation for this particular scenario is to use
ZwSetSecurityObject. One of the many issues with using the Zw APIs is that
doing recursive IO to the top of the stack can lead to failures due to stack
overflows and deadlocks. I believe it would be a rare scenario for this
particular operation since very few filters actually filter it (thought it
is possible). It is unfortunate that we had this bug for this particular
operation.
One other note about the Zw APIs. If you open a file using ZwCreateFileXxx
and use a Zw API on it, the operation will be properly targeted and only go
to filters below you.
By the way I believe the idea of rolling an IRP from a minifilter and
sending it to the file system directly and skipping filters in-between is
evil. Tony, I would be very interested to know why you needed to do this.
Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no Rights
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@yahoo.com
Sent: Wednesday, October 11, 2006 12:06 PM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] Is it safe to use Zwxxx routines in a minifilter?
thanks tony…
but the problem is that even if i build a callback data using
FltallocateCallbackData() and set it to IRP_MJ_SET_SECURITY, the problem
doesnt get solved… because as pointed out by Neal in one of the posts, the
problem is with some support routines that ultimately convert this to an
irp… So, i thought that implementing a complete filter driver is the only
way out ( considering that using ZwSetSecurityObject() is not safe)… what
do u recommend?
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com