Hi Lyndon & All,
Yes I am hooking NtCreateFile , NtOpenFile, NtSetInfomration & NtClose.
Also I am Filtering IRP_MJ_CREATE,IRP_MJ_CLOSE,IRP_MJ_CLEANUP
I am doing a my book-keeping of All NtCall on the basis of File option and
the purpose it opened.
What I am facing exactly if the File is opened in Share Exclusive Mode By
WinWord i.e. Share Access 0.
Then at the Time of NtClose when the Handle get closed I am trying to open
it, but didn’t get success and getting Continuous NtClose Call for Same File
Handle.
Regards,
Utkarsh S. Dabhade
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Lyndon J Clarke
Sent: Monday, August 08, 2005 10:37 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Many NtClose for Same Handle
Utkarsh
I cant quite figure out - are you in fact hooking NtCreateFile and NtClose
functions, or are you in fact filtering IRP_MJ_CREATE and IRP_MJ_CLOSE?
Lyndon
“Utkarsh DABHADE” wrote in message
news:xxxxx@ntfsd…
>
> Hi Tony & All,
> I have came across a situation where many repeated NtClose Calls are
> coming
> for specific File Handle.
> Following is brief explanation.
> 1)Doc File is opened by Microsoft Word where Share Access is 0
> 2) when this File First come for Create Call (NtCreate ) I tried to open
> it
> before RealNtCreate -> NtStatus for me fails. but for word it’s Success
> and
> Let’s say Handle is 2D4.
> 3) when this 2D4 comes NtClose I tried to OPEN after NtRealClose -> Result
> for me of ZwCreateFile is 0xC0000043: return “STATUS_SHARING_VIOLATION”;.
> but Result to WinWord is 0 of NtClose.
> 4) Though NtClose return was 0 in previous NtClose. till the time I close
> WORD I received many NtClose calls for the same handle 2D4…
>
> Every calls return value of NTSTATUS for same handle is 0
>
> Please help on this as I am not understanding why this happens…
>
>
> Regards,
> Utkarsh S. Dabhade
>
>
>
> Disclaimer:
> The contents of this E-mail (including the contents of the enclosure(s) or
> attachment(s) if any) are privileged and confidential material of MBT and
> should not be disclosed to, used by or copied in any manner by anyone
> other than the intended addressee(s). In case you are not the desired
> addressee, you should delete this message and/or re-direct it to the
> sender. The views expressed in this E-mail message (including the
> enclosure(s) or attachment(s) if any) are those of the individual sender,
> except where the sender expressly, and with authority, states them to be
> the views of MBT.
>
> This e-mail message including attachment/(s), if any, is believed to be
> free of any virus. However, it is the responsibility of the recipient to
> ensure that it is virus free and MBT is not responsible for any loss or
> damage arising in any way from its use
>
>
>
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@mahindrabt.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Disclaimer:
The contents of this E-mail (including the contents of the enclosure(s) or attachment(s) if any) are privileged and confidential material of MBT and should not be disclosed to, used by or copied in any manner by anyone other than the intended addressee(s). In case you are not the desired addressee, you should delete this message and/or re-direct it to the sender. The views expressed in this E-mail message (including the enclosure(s) or attachment(s) if any) are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of MBT.
This e-mail message including attachment/(s), if any, is believed to be free of any virus. However, it is the responsibility of the recipient to ensure that it is virus free and MBT is not responsible for any loss or damage arising in any way from its use