Observations on File System Filter Drivers

NTFSD
1

I have recently read the “Observations on File System Filter Drivers” on OSR
(http://www.osr.com/ntinsider/2000/fs_filter/fs_filter.htm). There is a
piece of code (figure 1) showing how to determine if we have already
attached to a device. They [authors] suggest to go up in the device stack
and check for some magic number in device stack.

Here’s the question. Is it really safe? I mean some can use the same magic
number or something. Why can’t we store PDRIVER_OBJECT in some global
variable and check for PDEVICE_OBJECT->PDRIVER_OBJECT. This situation always
bothered me though my filter driver is implemented almost the same way and I
did not have any problems (yet).

Alexey Logachyov
xxxxx@vba.com.by
VirusBlokAda Ltd.
http://www.vba.com.by

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

2

Alexy,

The odds are very low, but they are non-zero. And as you note, there are
other approaches (the driver object comparison approach you suggested should
work as well.) As is often the case in this business, there are many
different solutions to the same problem. The solution that suggests itself
to you may be different than the one that I invent because we have different
backgrounds, products, and biases.

We used the magic # solution because our data structures always contain
magic numbers and we’re always checking them (and we can share driver
components across multiple filters.) That may not apply in your
circumstance. At least being aware of the problem, you can invent a
solution!

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Alexey Logachyov [mailto:xxxxx@vba.com.by]
Sent: Monday, November 26, 2001 5:28 PM
To: File Systems Developers
Subject: [ntfsd] Observations on File System Filter Drivers

I have recently read the “Observations on File System Filter Drivers” on OSR
(http://www.osr.com/ntinsider/2000/fs_filter/fs_filter.htm). There is a
piece of code (figure 1) showing how to determine if we have already
attached to a device. They [authors] suggest to go up in the device stack
and check for some magic number in device stack.

Here’s the question. Is it really safe? I mean some can use the same magic
number or something. Why can’t we store PDRIVER_OBJECT in some global
variable and check for PDEVICE_OBJECT->PDRIVER_OBJECT. This situation always
bothered me though my filter driver is implemented almost the same way and I
did not have any problems (yet).

Alexey Logachyov
xxxxx@vba.com.by
VirusBlokAda Ltd.
http://www.vba.com.by

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com