Here is the rough algorithm.
My filter driver emulates presence of a file in a folder. “Emulates” means
that from the filter I create an empty file (using ZwCreate) and set it
size to the desired value using ZwSetInformationFile
(FileEndOfFileInformation). As far as I understood, this will set file
size to the requested value and fill the content with zeros. And the
actual writing of zeros will be performed by the Lazy Writer. That’s more
or less understandable.
What my filter does next, it intercepts read IRP for this file, let the
read go through, gets the requested content from another place, and then
copies that content to the buffer, specified in the read IRP. Filter keeps
track of each content block it has received and when last file handle to
the file is closed (creates-cleanups=0) the filter saves collected content
blocks to the file (using write IRP with IRP_NOCACHE flag set). So,
occasionally, I see write IRPs issued for that file. Write’s FileObject
looks like an internal NTFS stream (never seen create for it) and this is
always paging I/O coming from CcCopyWrite. The content of the write buffer
is full of zeros which suggests that this is coming from the LazyWriter.
And this is what I don’t understand. I thought that Lazy Writer writes
data directly to the file on disk, bypassing the cache.
So, I guess, my question would be how Lazy Writer synchronizes with
reads/writes that were performed on the file before LW decided to write?
I’m just lost in this logic, sorry 
TIA,
Vladimir