Plz, Check My Source...

Hi, all.

I think that, unusually, replies aren’t written to my articles. :frowning:
The reason might be lack of my ability to express in english.
Thus, I attached my source… I cannot solve this problem by myself.
Any advices, even though a little thing, would be helpful.

This is Pre Callback of IRP_MJ_SET_INFORMATION.
The Purpose is that adding footer at the end of a file.

(I did shorten code for reading at ease)

FLT_PREOP_CALLBACK_STATUS
MiniFilterPreSetInformation(
__inout PFLT_CALLBACK_DATA Data,
__in PCFLT_RELATED_OBJECTS FltObjects,
__deref_out_opt PVOID *CompletionContext
)
{
/*
pass over definitions of variables
*/

/*
Stream Context & Process Check

*/
try{
if ( iopb->Parameters.SetFileInfrmation.FileInformationClass == FileEndOfFileInformation ){
EndofFileInfo = (PFILE_END_OF_FILE_INFORMATION)iopb->Parameters.SetFileInformation.InfoBuffer;

if ( EndofFileInfo == NULL ){
leave;
}
nFileSizeWithoutHeader = EndofFileInfo->EndOfFile.LowPart;

FltSetCallbackDataDirty( Data );

ByteOffset.HighPart = 0;
ByteOffset.LowPart = nFileSizeWithoutHeader - 4096;

if ( ByteOffset.LowPart > 0 )
{
//
// I did only Read.
//
HeaderBuffer = FltAllocatePoolAlignedWithTag( FltObjects->Instance, NonPagedPool, 4096, MARKANY_HEADER_TAG );

RtlZeroMemory( HeaderBuffer, 4096 );

//
// After this FltReadFile Operation, the Minifilter wait permanently.
// OS is normal, but minifilter does not work, even not be unloaded.
//
status = FltReadFile( FltObjects->Instance,
FltObjects->FileObject,
&ByteOffset,
VolumeContext->SectorSize,
HeaderBuffer,
FLTFL_IO_OPERATION_DO_NOT_UPDATE_BYTE_OFFSET | FLTFL_IO_OPERATION_NON_CACHED,
&BytesRead,
NULL,
NULL);

//Never reach this step when debugging
if ( !NT_SUCCESS(status) ){
DbgPrint( “[MADSMF] |SetInformation | Fail to FltReadFile\n” );
leave;
}

ExFreePool(HeaderBuffer);
}
}
}
finally
{
}
return RetStatus;
}


Eventually, FltReadFile Function hangs, because of deadlock or other cause.

Can you find any inappropriate code??

hi,ajoujoa

This is some suggestion,maybe it’s wrong.

Your driver should check access flag before read(In Pre or Pos Create,some
apps use write only access privilege when it saving file).

If this create operation have no FILE_READ_DATA access privilege,the read
opreation will be failed or hanged.You can modify
Data->Iopb->Parameters.Create.SecurityContext->DesiredAccess in Pre_Create
to add
FILE_READ_DATA access.

The Call back DATA not be changed before you call FltSetCallbackDataDirty.
Maybe the change in the segment which be elided.

After call FltReadFile fail,the pool HeaderBuffer not be freed.

All context not be freed.Be These codes elided?

Murphy. W (CHN)

Thank you for your relpy. :slight_smile:

I checked all you suggested. But situation is not better at all.
I tried asynchronous fltreadfile, but this is same as before.

I found something when I followed disasembled code of FltReadFile.
Inside of FltReadFile, Filter Manager works with FltAllocateCallbackData and then FltPerformSynchronousIO (or FltPerfromAsynchronousIO).
The mal-operation occurs when debugging steps over this FltPerformSynchronousIO.

I don’t know why…

Check the parameter of FltReadFile
Questions:
It was executing a Non_cached read operation,So
1.the parameter offset correct?It must be a nonnegative multiple of the
volume’s sector size
2.the parameter read length(here is sector size) big than your buffer
size?It must be a nonnegative multiple of the volume’s sector size too.
3.offset is a Int64 variable,maybe you should set the value as below
offset.QuadPart = the value;

I’d do my best.If it aways not works.Oh,God bless you!

=============
Murphy.W (CHN)
дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntfsd…
| Hi, all.
|
| I think that, unusually, replies aren’t written to my articles. :frowning:
| The reason might be lack of my ability to express in english.
| Thus, I attached my source… I cannot solve this problem by myself.
| Any advices, even though a little thing, would be helpful.
|
| This is Pre Callback of IRP_MJ_SET_INFORMATION.
| The Purpose is that adding footer at the end of a file.
|
| (I did shorten code for reading at ease)
| -----------------------------------------------------------------------------
|
| FLT_PREOP_CALLBACK_STATUS
| MiniFilterPreSetInformation(
| inout PFLT_CALLBACK_DATA Data,
|
in PCFLT_RELATED_OBJECTS FltObjects,
| __deref_out_opt PVOID CompletionContext
| )
| {
| /

| pass over definitions of variables
| /
|
| /

| Stream Context & Process Check
|
| */
| try{
| if ( iopb->Parameters.SetFileInfrmation.FileInformationClass ==
FileEndOfFileInformation ){
| EndofFileInfo =
(PFILE_END_OF_FILE_INFORMATION)iopb->Parameters.SetFileInformation.InfoBuffer;
|
| if ( EndofFileInfo == NULL ){
| leave;
| }
| nFileSizeWithoutHeader = EndofFileInfo->EndOfFile.LowPart;
|
| FltSetCallbackDataDirty( Data );
|
| ByteOffset.HighPart = 0;
| ByteOffset.LowPart = nFileSizeWithoutHeader - 4096;
|
| if ( ByteOffset.LowPart > 0 )
| {
| //
| // I did only Read.
| //
| HeaderBuffer = FltAllocatePoolAlignedWithTag( FltObjects->Instance,
NonPagedPool, 4096, MARKANY_HEADER_TAG );
|
| RtlZeroMemory( HeaderBuffer, 4096 );
|
| //
| // After this FltReadFile Operation, the Minifilter wait permanently.
| // OS is normal, but minifilter does not work, even not be unloaded.
| //
| status = FltReadFile( FltObjects->Instance,
| FltObjects->FileObject,
| &ByteOffset,
| VolumeContext->SectorSize,
| HeaderBuffer,
| FLTFL_IO_OPERATION_DO_NOT_UPDATE_BYTE_OFFSET |
FLTFL_IO_OPERATION_NON_CACHED,
| &BytesRead,
| NULL,
| NULL);
|
| //Never reach this step when debugging
| if ( !NT_SUCCESS(status) ){
| DbgPrint( “[MADSMF] |SetInformation | Fail to FltReadFile\n” );
| leave;
| }
|
| ExFreePool(HeaderBuffer);
| }
| }
| }
| finally
| {
| }
| return RetStatus;
| }
|
| -----------------------------------------------------------------------
|
| Eventually, FltReadFile Function hangs, because of deadlock or other
cause.
|
| Can you find any inappropriate code??
|