I looked into W2K headers of the last IFS kit (3790), both
FileIdBothDirectoryInformation, // 37
FileIdFullDirectoryInformation, // 38
are there. They are not in the NT4 DDK tho, so probably they
were introduced in Windows 2000.
Interesting is that they are not in NT4 NTIFS.h (build version 0088)
at all, but they are in NT4 NTDDK.h (build version 0186)
under different names
FileOleDirectoryInformation,
FileContentIndexInformation,
Thank you for the correction.
Anyway this means both those directory calls were present
in Windows 2000 already.
L.
When listing dir contents with Windows Explorer, no
IRP_MJ_DIRECTORY_CONTROL packets are sent through
the driver stack.
Has anybody an idea how a mini filter can recognize
list dir content-requests with the vista’s explorer ?
Please ignore my last reply. The IRP_MJ_DIRECTORY_CONTROL/IRP_MN_QUERY_DIRECTORY
also appear by using the explorer under vista (stupid mistake, forgot to enable my Debugging-Flags).
The FileInformationClass “FileIdBothDirectoryInformation” is used by the explorer under vista.
Right, they were under a different name, I thought this was the same for 2K, but
that it was fixed for the IFS Kit, not the 2K DDK (don’t have it now to check).
I looked into W2K headers of the last IFS kit (3790), both
FileIdBothDirectoryInformation, // 37
FileIdFullDirectoryInformation, // 38
are there. They are not in the NT4 DDK tho, so probably they
were introduced in Windows 2000.
Interesting is that they are not in NT4 NTIFS.h (build version 0088)
at all, but they are in NT4 NTDDK.h (build version 0186)
under different names
FileOleDirectoryInformation,
FileContentIndexInformation,
Thank you for the correction.
Anyway this means both those directory calls were present in Windows 2000 already.
–
Kind regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
Even if you go to a directory never listed during the session? Vista seems to
cache the listing, therefore you gotta catch the first one.
I can’t confirm this of course, it is my assumption of the behavior (it doesn’t
send the calls on refresh).
xxxxx@gmx.de wrote:
When listing dir contents with Windows Explorer, no IRP_MJ_DIRECTORY_CONTROL
packets are sent through
the driver stack.
Has anybody an idea how a mini filter can recognize
list dir content-requests with the vista’s explorer ?
–
Kind regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
I’ve seen it not appear 
As dumb as it may seem, could be missing something, but I could swear I
also saw it. (because we boot load and always catch the first list it never hit us though)
xxxxx@gmx.de wrote:
Please ignore my last reply. The IRP_MJ_DIRECTORY_CONTROL/IRP_MN_QUERY_DIRECTORY
also appear by using the explorer under vista (stupid mistake, forgot to enable my Debugging-Flags).
The FileInformationClass “FileIdBothDirectoryInformation” is used by the explorer under vista.
–
Kind regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
With handling of the FileInformationClass
“FileIdBothDirectoryInformation” my filter driver now
hide also the explorer files. From my point of view
it is now working perfect.
Thanks to all of you and best regards from germany
/TIM