Hello All,
I am trying to redirect an I/O operation to a different volume by changing
the target instance for the operation.
It seems to work but minifilter hangs in detach or unload.
I read IFS documentation and many e-mails on NTFSD but i am not able to
understand the cause of this problem.
Following are the messages with checked build windows 2003
*** Assertion failed: (Value >= EX_RUNDOWN_COUNT_INC * Count) || (
FltGlobals.NumProcessors > 1)
*** Source File: d:\srvrtm\base\fs\filtermgr\filter\rundown.c, line 428
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
f6baa91c f71dc5ed f71dc4f6 f71dc4c6 000001ac nt!DbgBreakPoint
f6baa998 f71c65a5 f6baa9e4 8115293c 866f6f00
fltMgr!FltGetRequestorProcessId+0x307
f6baa9b0 f71f8bec f6baa9e4 f71f28a4 00000000 fltMgr!FltGetIrpName+0x1005
f6baa9cc f71fac2c f6baa9e4 869c2e48 858c7438
fltMgr!FltProcessFileLock+0x6a90
f6baaa04 8148154a 858c7438 869c2fd8 858c7438
fltMgr!FltProcessFileLock+0x8ad0
f6baaa34 81029de4 81308578 869c2e58 869c2e48 nt!RtlCompressBuffer+0x3b1e
f6baaa4c 81308578 859ec438 80802e18 852ae500 nt!IofCallDriver+0x1c
f6baab38 813978e9 859ec450 00000000 852ae4c0 nt!NtWriteFile+0x9468
f6baabb8 81390748 00000000 f6baabf8 00000040 nt!NtMakePermanentObject+0x182b
f6baac0c 812f402e 00000000 00000000 00000001 nt!ObOpenObjectByName+0x140
f6baac88 812f5af9 0012ff38 80100080 0012fed4 nt!IoCreateController+0x62a
f6baacec 812f959d 0012ff38 80100080 0012fed4 nt!IoCreateFile+0xeb
f6baad30 8116fdb5 0012ff38 80100080 0012fed4 nt!NtCreateFile+0x63
f6baad64 7c9497c4 badb0d00 0012fe9c 00000000
nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xc09
0012ff30 7c8370a9 00000000 80000000 00000000 ntdll+0x397c4
0012ff54 00401045 00407054 80000000 00000000 kernel32!CreateFileA+0x30
0012ff80 00401167 00000001 00410ad0 00410a40 read+0x1045
0012ffc0 7c849592 00000000 00000000 7ffde000 read+0x1167
0012fff0 00000000 004010b3 00000000 78746341
kernel32!DosPathToSessionPathA+0x20e
FOLLOWUP_IP:
fltMgr!FltGetRequestorProcessId+307
f71dc5ed 8bcb mov ecx,ebx
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: fltMgr!FltGetRequestorProcessId+307
MODULE_NAME: fltMgr
IMAGE_NAME: fltMgr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 42435c99
STACK_COMMAND: kb
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
Following is the PreOperation for Create ::
FLT_PREOP_CALLBACK_STATUS
SpyPreOperationCallback (
IN OUT PFLT_CALLBACK_DATA Data,
IN PCFLT_RELATED_OBJECTS FltObjects,
OUT PVOID *CompletionContext
)
{
FLT_PREOP_CALLBACK_STATUS returnStatus = FLT_PREOP_SUCCESS_NO_CALLBACK;
PFLT_FILE_NAME_INFORMATION nameInfo = NULL;
UNICODE_STRING defaultName;
PUNICODE_STRING nameToUse;
UNICODE_STRING VolumeName;
UNICODE_STRING CmpVolumeName;
UNICODE_STRING ShadowVolumeName;
NTSTATUS status;
PFLT_VOLUME RetVol;
PFLT_INSTANCE RetInstance;
WCHAR LocalBuf[100];
ULONG DesiredAccess, CreateDisposition, CreateOption;
if (1936 == (int)PsGetCurrentProcessId()) {
VolumeName.Buffer = LocalBuf;
VolumeName.MaximumLength = 200;
VolumeName.Length = 0 ;
FltGetVolumeName(FltObjects->Volume, &VolumeName, NULL);
RtlInitUnicodeString(&CmpVolumeName,
L"\Device\HarddiskVolume1<file:>
“);
if (0 == RtlCompareUnicodeString(&VolumeName, &CmpVolumeName,
TRUE)) {
// DbgPrint(“In C: \n”);
RtlInitUnicodeString(&ShadowVolumeName, L”
\Device\HarddiskVolumeShadowCopy1<file:>
");
status = FltGetVolumeFromName(Filter, &ShadowVolumeName,
&RetVol);
if (NT_SUCCESS( status )) {
status = FltGetVolumeInstanceFromName(Filter,
RetVol, NULL, &RetInstance);
if (NT_SUCCESS( status )) {
DbgPrint(“Change Instance from %x to %x
\n”, Data->Iopb->TargetInstance, RetInstance);
Data->Iopb->TargetInstance = RetInstance;
FltSetCallbackDataDirty(Data);
FltObjectDereference(RetInstance);
} else {
DbgPrint(“Shad Volume Instance Error %d
\n”, status);
}
FltObjectDereference(RetVol);
} else {
DbgPrint(“Shad Volume failed %d \n”, status);;
}
} else {
// DbgPrint(“In N: \n”);
}
}
return returnStatus;
}
Any advice on what’s going wrong.
Thanks,
Rishikesh.</file:></file:>