Hi All,
I have a filter driver that filters LanmanRedirector. Since Vista changed
the way redirectors are filtered, I now of course receive all traffic to
Mup, and therefore a superset of what I use to see. Does anybody know of
any reference that describes the “syntax” used by Mup to communicate with
the redirectors on creates? For example, when I’m using a “network drive”
instead of UNC pathnames, I see
“;LanmanRedirector;Z\pathname.…”. I would like to be able to
reliably detect if IRP_MJ_CREATES are going to Lanman for both UNC pathnames
and network drives.
Thanks for any help,
Matt
Thanks Ayush. Just wondering if there was any formal reference on this, or
if it’s just “you’re on your own” in figuring this stuff out. I’ll try your
suggestions.
Matt
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ayush Gupta
Sent: Wednesday, April 02, 2008 1:15 PM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Mup/Redirector create syntax?
Hi Matthew!
>I have a filter driver that filters LanmanRedirector. Since Vista
>changed the way redirectors are filtered, I now of course
receive all
>traffic to Mup, and therefore a superset of what I use to see. Does
>anybody know of any reference that describes the “syntax”
used by Mup
>to communicate with the redirectors on creates? For
example, when I’m using a “network drive”
>instead of UNC pathnames, I see
>“;LanmanRedirector;Z\pathname.…”. I would like to be
> >able
> to
> >reliably detect if IRP_MJ_CREATES are going to Lanman for both UNC
> pathnames
> >and network drives.
>
> You already know that all requests are directed to
> \Device\Mup instead of the usual \Device\Lanmanredirector.
> I had a similar problem. Sometimes we don’t necessarily want
> to filter all network redirectors…
> My observation is that the first component
> “;LanmanRedirector” is present in all IRP_MJ_CREATE that are
> going to lanmanredirector.
> The second part “;Z” is present when you have
> mapped a network share.
>
> So for now I have put a check for “;LanmanRedirector” to
> detect for requests going to Lanman & an additional check for
> “;:” to find out mapped network drives.
>
> And this seems to be working fine.
>
> Regards,
> Ayush Gupta
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@bitarmor.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Hi Matthew,
As of now, there is no formal documentation in WDK regarding this.
I found these two functions of use in the header files:
- FsRtlMupGetProviderInfoFromFileObject
- FsRtlMupGetProviderIdFromName
Again, there was no documentation on them.
Anyways, I tried using them. They work from post-create to pre-close (as all
other file name/ information querying functions).
From them, you can get the provider name & id to which the IRP is targeted.
But if you want to do it in Pre-create, I think the method I told you should
work fine.
I had sent a WDK feedback for these functions to be included in the WDK
documentation in January. I even got a reply stating that it will be
included in a future release of WDK documentation. However it was not
included in the February release.
Regards,
Ayush Gupta
>“;LanmanRedirector;Z\pathname.…”.
is logon user id. Also note that for administrative users there are different LUIDs for restricted token and “administrative” token on vista. This means that when you map drive in desktop it is not accessible from elevated processes (“Run as administrator…”)
-bg