Logging FastIO File Accesses

NTFSD
1

How should I go about logging FastIO file access. I
basically want to log every file (full path) that is
accessed on a system. Currently IRP requests are
logged fine.

At which stage can I query the file system for the
filename of a FastIO request?

Thanks

Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail

2

It is recommended that you only query the filename at IRP_MJ_CREATE time
and then use some kind of context to keep track of the name for other
operations. This will work on fastio operations as well.

Look at the filespy sample in the IFSKit it does what you are trying to
do.

Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no
rights.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Krishna Monian
Sent: Tuesday, June 15, 2004 2:07 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Logging FastIO File Accesses

How should I go about logging FastIO file access. I
basically want to log every file (full path) that is
accessed on a system. Currently IRP requests are
logged fine.

At which stage can I query the file system for the
filename of a FastIO request?

Thanks

Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

3

The sample provided in the IFS at times doesn’t get
the filename. The filename is set to NULL.

I am currently working with the sample and using the
Hashing technique (rather than the context). However
both methods fail to get the filename at times.

Is there a way to get around this?

Thanks
— Neal Christiansen
wrote:
> It is recommended that you only query the filename
> at IRP_MJ_CREATE time
> and then use some kind of context to keep track of
> the name for other
> operations. This will work on fastio operations as
> well.
>
> Look at the filespy sample in the IFSKit it does
> what you are trying to
> do.
>
> Neal Christiansen
> Microsoft File System Filter Group Lead
> This posting is provided “AS IS” with no warranties,
> and confers no
> rights.
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf
> Of Krishna Monian
> Sent: Tuesday, June 15, 2004 2:07 PM
> To: Windows File Systems Devs Interest List
> Subject: [ntfsd] Logging FastIO File Accesses
>
> How should I go about logging FastIO file access. I
> basically want to log every file (full path) that is
> accessed on a system. Currently IRP requests are
> logged fine.
>
> At which stage can I query the file system for the
> filename of a FastIO request?
>
> Thanks
>
>
>
>
> Do you Yahoo!?
> Read only the mail you want - Yahoo! Mail SpamGuard.
> http://promotions.yahoo.com/new_mail
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as:
> xxxxx@windows.microsoft.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>


Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo