Re[2]: Vista UAC and File Execution

> Next log is from the standard FastFat FSD (“FAT32”).

The log was stopped when the UAC window was shown.
In this case, the executables can run.

It looks ilke log from Filemon. Could you make log from Filespy ?
I need to see status codes there, as I want to know which request
has failed (if any).

L.

The very last request is

IRP_MJ_CREATE E:.dll c0000034

which is little bit suspicious. I would debug it. You can put breakpoint
into IRP_MJ_CREATE dispatch routine. It may be also interesting which
API calls very last IRP_MJ_QUERY_VOLUME_INFORMATION.

Some hints for debugging
!thread w/o argument shows Owning process of current thread.
by .process /r /p you switch debugger into this process and
it reloads also user mode modules, so you can see user mode stack. After
that you should see WIN32 API which opens (E:.dll) and you can induce
where problem lays, disassemble it, etc…

Anyway it works fine on our FSD, but we are remote FS. We have an option
to allow map drive also for privileged processes. If is is enabled we
map drive also into logon session of “administrative” token.

I wonder if you find something interesting, so please provide feedback.

Thanks
-bg

L write:

It looks ilke log from Filemon. Could you make log from Filespy ?
!!
Soryy, I have misunderstood “FileSpy”.
The logs i showed were from the WinDDK’s filespy…

I want to know which request has failed (if any).
The 9th column means “IoStatus.Status”:“IoStatus.Information”.

“FileSpy” you mean is OSR’s FileSpy, isn’t it?
http://www.osronline.com/article.cfm?article=370

OK, I’ll try it and send again.
Just a moment.

bg wrote:

Some hints for debugging
Thank you, I’ll try (if i can).

If is is enabled we map drive also into logon session of “administrative” token

In my understandings…
The MountMgr and Storage driver have the responsibility to map the drives.
File System Driver should not know / depend on the Drive letter, or should be independent from it.
So, FSD have no need to use “IoCreateSymbolic”.
Is this right?

Nevertheless, it’s worth trying.

Well, today I’ll…
1: Try OSR’s FileSpy
2: Try Drive Mapping to the Admin Session.
3: Find what API make strange IRP

Thank you for the advices.
Rei

Hi,
I tried OSR’s FileSpy.
(It’s based on DDK’s FileSpy but contains more information! I haven’t know untill know.)

Time sent Dur. Process Thread ID DeviceObject Type IRP Request IRP Flags TopLvlIrp FileObject FsContext FsContext2 FO Flags Sop Path Status More info

1 10:47:51.852 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_OPEN 923C3CAC 00000000 00000000 00000000 00000000 E:\HelloWorld.exe FAILURE
2 10:47:51.852 0 cmd.exe 3764 83377778 IRP 833C29D0 IRP_MJ_CREATE 00000884 00000000 83491110 94C30EA0 94DC0E38 00000000 00000000 E:\HelloWorld.exe STATUS_SUCCESS FILE_OPEN CreOpts: 00200000 Access: 00000080 Share: 00000007 Attrib: 0 Result: FILE_OPENED
3 10:47:51.852 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_BASIC_INFO 83491110 94C30EA0 94DC0E38 00000040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileBasicInformation Attrib: 00000020
4 10:47:51.852 0 cmd.exe 3764 83377778 IRP 83470C28 IRP_MJ_CLEANUP 00000404 00000000 83491110 94C30EA0 94DC0E38 00040040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
5 10:47:51.852 0 cmd.exe 3764 83377778 IRP 834CCDE0 IRP_MJ_CLOSE 00000404 00000000 83491110 94C30EA0 94DC0E38 00044040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
6 10:47:51.852 0 cmd.exe 3764 83377778 IRP 834A0DE0 IRP_MJ_CREATE 00000884 00000000 83491110 830FECC0 94DC0E38 00000002 00000000 E: STATUS_SUCCESS FILE_OPEN CreOpts: 00000021 Access: 00100001 Share: 00000007 Attrib: 0 Result: FILE_OPENED
7 10:47:51.852 0 cmd.exe 3764 83377778 IRP 833B1DE0 IRP_MJ_DIRECTORY_CONTROL/IRP_MN_QUERY_DIRECTORY 00060800 00000000 83491110 830FECC0 94DC0E38 00040002 00000000 E: STATUS_SUCCESS FileBothDirectoryInformation FileMask: HelloWorld.exe
8 10:47:51.852 0 cmd.exe 3764 83377778 IRP 83390DE0 IRP_MJ_CLEANUP 00000404 00000000 83491110 830FECC0 94DC0E38 00040002 00000000 E: STATUS_SUCCESS
9 10:47:51.852 0 cmd.exe 3764 83377778 IRP 82F53DE0 IRP_MJ_CLOSE 00000404 00000000 83491110 830FECC0 94DC0E38 00044002 00000000 E: STATUS_SUCCESS
10 10:47:51.852 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_OPEN 923C3CAC 00000000 00000000 00000000 00000000 E: FAILURE
11 10:47:51.852 0 cmd.exe 3764 83377778 IRP 833886C0 IRP_MJ_CREATE 00000884 00000000 83491110 830FECC0 94DC0E38 00000000 00000000 E: STATUS_SUCCESS FILE_OPEN CreOpts: 00200000 Access: 00000080 Share: 00000007 Attrib: 0 Result: FILE_OPENED
12 10:47:51.852 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_BASIC_INFO 83491110 830FECC0 94DC0E38 00000000 00000000 E: STATUS_SUCCESS FileBasicInformation Attrib: 00000010
13 10:47:51.852 0 cmd.exe 3764 83377778 IRP 834B1448 IRP_MJ_CLEANUP 00000404 00000000 83491110 830FECC0 94DC0E38 00040000 00000000 E: STATUS_SUCCESS
14 10:47:51.852 0 cmd.exe 3764 83377778 IRP 83270668 IRP_MJ_CLOSE 00000404 00000000 83491110 830FECC0 94DC0E38 00044000 00000000 E: STATUS_SUCCESS
15 10:47:51.852 0 cmd.exe 3764 83377778 IRP 83390748 IRP_MJ_CREATE 00000884 00000000 83491110 94C30EA0 94DC0E38 00000002 00000000 E:\HelloWorld.exe STATUS_SUCCESS FILE_OPEN CreOpts: 00000060 Access: 001000A1 Share: 00000005 Attrib: 0 Result: FILE_OPENED
16 10:47:51.852 0 cmd.exe 3764 83377778 IRP 8362F6A8 IRP_MJ_QUERY_SECURITY 00000000 00000000 83370968 94C30EA0 94E43A88 000C4042 830B73E8 E:\HelloWorld.exe STATUS_INVALID_DEVICE_REQUEST
17 10:47:51.852 0 cmd.exe 3764 83377778 IRP 82F4DAA0 IRP_MJ_QUERY_INFORMATION 00001014 00000000 83370968 94C30EA0 94E43A88 000C4042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileNameInformation
18 10:47:51.852 0 cmd.exe 3764 83377778 IRP 83400510 IRP_MJ_QUERY_SECURITY 00000000 00000000 83491110 94C30EA0 94DC0E38 000C0042 830B73E8 E:\HelloWorld.exe STATUS_INVALID_DEVICE_REQUEST
19 10:47:51.852 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_BASIC_INFO 83491110 94C30EA0 94DC0E38 000C0042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileBasicInformation Attrib: 00000020
20 10:47:51.852 0 csrss.exe 508 83377778 IRP 833F7AA0 IRP_MJ_QUERY_SECURITY 00000000 00000000 83491110 94C30EA0 94DC0E38 000C0042 830B73E8 E:\HelloWorld.exe STATUS_INVALID_DEVICE_REQUEST
21 10:47:51.852 0 csrss.exe 508 83377778 FastIO FASTIO_QUERY_BASIC_INFO 83491110 94C30EA0 94DC0E38 000C0042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileBasicInformation Attrib: 00000020
22 10:47:51.852 0 csrss.exe 508 83377778 IRP 834B1008 IRP_MJ_CREATE 00000884 00000000 82E607D8 00000000 00000000 00000002 00000000 E:\HelloWorld.exe.Config STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 00000060 Access: 00120089 Share: 00000005 Attrib: 0
23 10:47:51.852 0 csrss.exe 508 83377778 FastIO FASTIO_QUERY_BASIC_INFO 83491110 94C30EA0 94DC0E38 000C0042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileBasicInformation Attrib: 00000020
24 10:47:51.862 0 cmd.exe 3764 83377778 IRP 83001008 IRP_MJ_CLEANUP 00000404 00000000 83491110 94C30EA0 94DC0E38 000C0042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
25 10:47:51.862 0 cmd.exe 3764 83377778 IRP 834E8688 IRP_MJ_CLOSE 00000404 00000000 83491110 94C30EA0 94DC0E38 000C4042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
26 10:47:51.862 0 HelloWorld.exe 1764 83377778 IRP 833F9378 IRP_MJ_CREATE 00000884 00000000 82E607D8 831C01F0 94DC0E38 00000002 00000000 E: STATUS_SUCCESS FILE_OPEN CreOpts: 00000120 Access: 00100180 Share: 00000007 Attrib: 0 Result: FILE_OPENED
27 10:47:51.862 0 HelloWorld.exe 1764 83377778 IRP 833EC3D8 IRP_MJ_QUERY_VOLUME_INFORMATION 00060870 00000000 82E607D8 831C01F0 94DC0E38 0044000A 831C0390 E: STATUS_BUFFER_OVERFLOW FileFsVolumeInformation Length: 00000018
28 10:47:51.872 0 HelloWorld.exe 1764 83377778 IRP 834B1008 IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST 00060830 00000000 82E607D8 831C01F0 94DC0E38 0044000A 831C0390 E: STATUS_INVALID_DEVICE_REQUEST FSCTL_FILE_PREFETCH
29 10:47:51.872 0 HelloWorld.exe 1764 83377778 IRP 833B1DE0 IRP_MJ_CREATE 00000884 00000000 833FA530 94C30EA0 94C86DE0 00000000 00000000 E:\HELLOWORLD.EXE STATUS_SUCCESS FILE_OPEN CreOpts: 00000140 Access: 000000A1 Share: 00000007 Attrib: 00000080 Result: FILE_OPENED
30 10:47:51.872 0 HelloWorld.exe 1764 83377778 IRP 83390DD8 IRP_MJ_SET_INFORMATION 00060834 00000000 833FA530 94C30EA0 94C86DE0 000C0040 830B73E8 E:\HELLOWORLD.EXE STATUS_SUCCESS FileBasicInformation Attrib: 0
31 10:47:51.872 0 HelloWorld.exe 1764 83377778 IRP 82F53DE0 IRP_MJ_QUERY_INFORMATION 00060874 00000000 833FA530 94C30EA0 94C86DE0 000C0040 830B73E8 E:\HELLOWORLD.EXE STATUS_INVALID_PARAMETER FileAttributeTagInformation
32 10:47:51.872 0 HelloWorld.exe 1764 83377778 IRP 833886C0 IRP_MJ_CLEANUP 00000404 00000000 833FA530 94C30EA0 94C86DE0 000C0040 830B73E8 E:\HELLOWORLD.EXE STATUS_SUCCESS
33 10:47:51.872 0 HelloWorld.exe 1764 83377778 IRP 834B1448 IRP_MJ_CLOSE 00000404 00000000 833FA530 94C30EA0 94C86DE0 000C4040 830B73E8 E:\HELLOWORLD.EXE STATUS_SUCCESS
34 10:47:51.872 0 HelloWorld.exe 1764 83377778 IRP 8362FDE0 IRP_MJ_CREATE 00000884 00000000 82EE5CF0 94C30EA0 94C86DE0 00000000 00000000 E:\HELLOWORLD.EXE STATUS_SUCCESS FILE_OPEN CreOpts: 00000140 Access: 000000A1 Share: 00000007 Attrib: 00000080 Result: FILE_OPENED
35 10:47:51.872 0 HelloWorld.exe 1764 83377778 IRP 833C29C8 IRP_MJ_SET_INFORMATION 00060834 00000000 82EE5CF0 94C30EA0 94C86DE0 000C0040 830B73E8 E:\HELLOWORLD.EXE STATUS_SUCCESS FileBasicInformation Attrib: 0
36 10:47:51.872 0 HelloWorld.exe 1764 83377778 IRP 82F4D7F0 IRP_MJ_QUERY_INFORMATION 00060874 00000000 82EE5CF0 94C30EA0 94C86DE0 000C0040 830B73E8 E:\HELLOWORLD.EXE STATUS_INVALID_PARAMETER FileAttributeTagInformation
37 10:47:51.872 0 HelloWorld.exe 1764 83377778 IRP 833EEA30 IRP_MJ_CLEANUP 00000404 00000000 82EE5CF0 94C30EA0 94C86DE0 000C0040 830B73E8 E:\HELLOWORLD.EXE STATUS_SUCCESS
38 10:47:51.872 0 HelloWorld.exe 1764 83377778 IRP 834C7DE0 IRP_MJ_CLOSE 00000404 00000000 82EE5CF0 94C30EA0 94C86DE0 000C4040 830B73E8 E:\HELLOWORLD.EXE STATUS_SUCCESS
39 10:47:51.872 0 HelloWorld.exe 1764 83377778 IRP 83400510 IRP_MJ_CLEANUP 00000404 00000000 82E607D8 831C01F0 94DC0E38 0044000A 831C0390 E: STATUS_SUCCESS
40 10:47:51.872 0 HelloWorld.exe 1764 83377778 IRP 833F7AA0 IRP_MJ_CLOSE 00000404 00000000 82E607D8 831C01F0 94DC0E38 0044400A 831C0390 E: STATUS_SUCCESS
41 10:47:51.872 0 HelloWorld.exe 1764 83377778 IRP 834A0DE0 IRP_MJ_QUERY_INFORMATION 00001014 00000000 83370968 94C30EA0 94E43A88 000C4042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileNameInformation
42 10:47:51.883 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_OPEN 923C3CAC 00000000 00000000 00000000 00000000 E: FAILURE
43 10:47:51.883 0 cmd.exe 3764 83377778 IRP 82F52760 IRP_MJ_CREATE 00000884 00000000 82E607D8 830FECC0 94DC0E38 00000000 00000000 E: STATUS_SUCCESS FILE_OPEN CreOpts: 00200000 Access: 00000080 Share: 00000007 Attrib: 0 Result: FILE_OPENED
44 10:47:51.883 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_BASIC_INFO 82E607D8 830FECC0 94DC0E38 00000000 00000000 E: STATUS_SUCCESS FileBasicInformation Attrib: 00000010
45 10:47:51.883 0 cmd.exe 3764 83377778 IRP 833F24A8 IRP_MJ_CLEANUP 00000404 00000000 82E607D8 830FECC0 94DC0E38 00040000 00000000 E: STATUS_SUCCESS
46 10:47:51.883 0 cmd.exe 3764 83377778 IRP 83445760 IRP_MJ_CLOSE 00000404 00000000 82E607D8 830FECC0 94DC0E38 00044000 00000000 E: STATUS_SUCCESS
47 10:47:51.883 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_OPEN 923C3CAC 00000000 00000000 00000000 00000000 E:\HelloWorld.exe FAILURE
48 10:47:51.883 0 cmd.exe 3764 83377778 IRP 833B1DE0 IRP_MJ_CREATE 00000884 00000000 82E607D8 94C30EA0 94DC0E38 00000000 00000000 E:\HelloWorld.exe STATUS_SUCCESS FILE_OPEN CreOpts: 00200000 Access: 00000080 Share: 00000007 Attrib: 0 Result: FILE_OPENED
49 10:47:51.883 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_BASIC_INFO 82E607D8 94C30EA0 94DC0E38 00000040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileBasicInformation Attrib: 00000020
50 10:47:51.883 0 cmd.exe 3764 83377778 IRP 83390DE0 IRP_MJ_CLEANUP 00000404 00000000 82E607D8 94C30EA0 94DC0E38 00040040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
51 10:47:51.883 0 cmd.exe 3764 83377778 IRP 82F53DE0 IRP_MJ_CLOSE 00000404 00000000 82E607D8 94C30EA0 94DC0E38 00044040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
52 10:47:52.023 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_OPEN 923C3CAC 00000000 00000000 00000000 00000000 E:\HelloWorld.exe FAILURE
53 10:47:52.023 0 cmd.exe 3764 83377778 IRP 8344C008 IRP_MJ_CREATE 00000884 00000000 83347900 94C30EA0 94DC0E38 00000000 00000000 E:\HelloWorld.exe STATUS_SUCCESS FILE_OPEN CreOpts: 00200000 Access: 00000080 Share: 00000007 Attrib: 0 Result: FILE_OPENED
54 10:47:52.023 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_BASIC_INFO 83347900 94C30EA0 94DC0E38 00000040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileBasicInformation Attrib: 00000020
55 10:47:52.023 0 cmd.exe 3764 83377778 IRP 83183DE0 IRP_MJ_CLEANUP 00000404 00000000 83347900 94C30EA0 94DC0E38 00040040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
56 10:47:52.023 0 cmd.exe 3764 83377778 IRP 833EEA30 IRP_MJ_CLOSE 00000404 00000000 83347900 94C30EA0 94DC0E38 00044040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
57 10:47:52.023 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_OPEN 923C3CAC 00000000 00000000 00000000 00000000 E:\HelloWorld.exe FAILURE
58 10:47:52.023 0 cmd.exe 3764 83377778 IRP 834C7DE0 IRP_MJ_CREATE 00000884 00000000 83347900 94C30EA0 94DC0E38 00000000 00000000 E:\HelloWorld.exe STATUS_SUCCESS FILE_OPEN CreOpts: 00200000 Access: 00000080 Share: 00000007 Attrib: 0 Result: FILE_OPENED
59 10:47:52.023 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_BASIC_INFO 83347900 94C30EA0 94DC0E38 00000040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileBasicInformation Attrib: 00000020
60 10:47:52.023 0 cmd.exe 3764 83377778 IRP 833C48C0 IRP_MJ_CLEANUP 00000404 00000000 83347900 94C30EA0 94DC0E38 00040040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
61 10:47:52.023 0 cmd.exe 3764 83377778 IRP 82F4D7F0 IRP_MJ_CLOSE 00000404 00000000 83347900 94C30EA0 94DC0E38 00044040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
62 10:47:52.023 0 cmd.exe 3764 83377778 IRP 8349B008 IRP_MJ_CREATE 00000884 00000000 83347900 94C30EA0 94DC0E38 00000002 00000000 E:\HelloWorld.exe STATUS_SUCCESS FILE_OPEN CreOpts: 00000060 Access: 00120080 Share: 0 Attrib: 0 Result: FILE_OPENED
63 10:47:52.283 0 cmd.exe 3764 83377778 IRP 833F9378 IRP_MJ_QUERY_SECURITY 00000000 00000000 83347900 94C30EA0 94DC0E38 00040042 830B73E8 E:\HelloWorld.exe STATUS_INVALID_DEVICE_REQUEST
64 10:47:52.283 0 cmd.exe 3764 83377778 IRP 833EC3D8 IRP_MJ_QUERY_SECURITY 00000000 00000000 83347900 94C30EA0 94DC0E38 00040042 830B73E8 E:\HelloWorld.exe STATUS_INVALID_DEVICE_REQUEST
65 10:47:52.303 0 cmd.exe 3764 83377778 IRP 834B4BD8 IRP_MJ_CLEANUP 00000404 00000000 83347900 94C30EA0 94DC0E38 00040042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
66 10:47:52.303 0 cmd.exe 3764 83377778 IRP 8349B920 IRP_MJ_CLOSE 00000404 00000000 83347900 94C30EA0 94DC0E38 00044042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
67 10:47:52.303 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_OPEN 923C3CAC 00000000 00000000 00000000 00000000 E:\HelloWorld.exe FAILURE
68 10:47:52.303 0 cmd.exe 3764 83377778 IRP 83470C28 IRP_MJ_CREATE 00000884 00000000 83347900 94C30EA0 94DC0E38 00000000 00000000 E:\HelloWorld.exe STATUS_SUCCESS FILE_OPEN CreOpts: 00200000 Access: 00000080 Share: 00000007 Attrib: 0 Result: FILE_OPENED
69 10:47:52.303 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_BASIC_INFO 83347900 94C30EA0 94DC0E38 00000040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileBasicInformation Attrib: 00000020
70 10:47:52.303 0 cmd.exe 3764 83377778 IRP 833886C0 IRP_MJ_CLEANUP 00000404 00000000 83347900 94C30EA0 94DC0E38 00040040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
71 10:47:52.303 0 cmd.exe 3764 83377778 IRP 833EEA30 IRP_MJ_CLOSE 00000404 00000000 83347900 94C30EA0 94DC0E38 00044040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
72 10:47:52.303 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_OPEN 923C3CAC 00000000 00000000 00000000 00000000 E:\HelloWorld.exe FAILURE
73 10:47:52.303 0 cmd.exe 3764 83377778 IRP 834C7DE0 IRP_MJ_CREATE 00000884 00000000 83347900 94C30EA0 94DC0E38 00000000 00000000 E:\HelloWorld.exe STATUS_SUCCESS FILE_OPEN CreOpts: 00200000 Access: 00000080 Share: 00000007 Attrib: 0 Result: FILE_OPENED
74 10:47:52.303 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_BASIC_INFO 83347900 94C30EA0 94DC0E38 00000040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileBasicInformation Attrib: 00000020
75 10:47:52.303 0 cmd.exe 3764 83377778 IRP 833C48C0 IRP_MJ_CLEANUP 00000404 00000000 83347900 94C30EA0 94DC0E38 00040040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
76 10:47:52.303 0 cmd.exe 3764 83377778 IRP 82F4D7F0 IRP_MJ_CLOSE 00000404 00000000 83347900 94C30EA0 94DC0E38 00044040 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
77 10:47:52.303 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_OPEN 923C3CAC 00000000 00000000 00000000 00000000 E:\HelloWorld.exe:Zone.Identifier FAILURE
78 10:47:52.303 0 cmd.exe 3764 83377778 IRP 8349B008 IRP_MJ_CREATE 00000884 00000000 83347900 00000000 00000000 00000000 00000000 E:\HelloWorld.exe:Zone.Identifier STATUS_OBJECT_NAME_INVALID FILE_OPEN CreOpts: 00200000 Access: 00000080 Share: 00000007 Attrib: 0
79 10:47:52.313 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_OPEN 923C3CAC 00000000 00000000 00000000 00000000 E: FAILURE
80 10:47:52.313 0 cmd.exe 3764 83377778 IRP 833F9378 IRP_MJ_CREATE 00000884 00000000 83347900 830FECC0 94DC0E38 00000000 00000000 E: STATUS_SUCCESS FILE_OPEN CreOpts: 00200000 Access: 00000080 Share: 00000007 Attrib: 0 Result: FILE_OPENED
81 10:47:52.313 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_BASIC_INFO 83347900 830FECC0 94DC0E38 00000000 00000000 E: STATUS_SUCCESS FileBasicInformation Attrib: 00000010
82 10:47:52.313 0 cmd.exe 3764 83377778 IRP 833EC3D8 IRP_MJ_CLEANUP 00000404 00000000 83347900 830FECC0 94DC0E38 00040000 00000000 E: STATUS_SUCCESS
83 10:47:52.313 0 cmd.exe 3764 83377778 IRP 834B4BD8 IRP_MJ_CLOSE 00000404 00000000 83347900 830FECC0 94DC0E38 00044000 00000000 E: STATUS_SUCCESS
84 10:47:52.313 0 cmd.exe 3764 83377778 IRP 8349B920 IRP_MJ_CREATE 00000884 00000000 83347900 94C30EA0 94DC0E38 00000002 00000000 E:\HelloWorld.exe STATUS_SUCCESS FILE_OPEN CreOpts: 00000060 Access: 001000A1 Share: 00000005 Attrib: 0 Result: FILE_OPENED
85 10:47:52.313 0 cmd.exe 3764 83377778 IRP 834A8490 IRP_MJ_QUERY_SECURITY 00000000 00000000 83370968 94C30EA0 94E43A88 000C4042 830B73E8 E:\HelloWorld.exe STATUS_INVALID_DEVICE_REQUEST
86 10:47:52.313 0 cmd.exe 3764 83377778 IRP 83470C28 IRP_MJ_QUERY_INFORMATION 00001014 00000000 83370968 94C30EA0 94E43A88 000C4042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileNameInformation
87 10:47:52.313 0 cmd.exe 3764 83377778 IRP 8362F6A8 IRP_MJ_QUERY_SECURITY 00000000 00000000 83347900 94C30EA0 94DC0E38 000C0042 830B73E8 E:\HelloWorld.exe STATUS_INVALID_DEVICE_REQUEST
88 10:47:52.313 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_BASIC_INFO 83347900 94C30EA0 94DC0E38 000C0042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileBasicInformation Attrib: 00000020
89 10:47:52.313 0 csrss.exe 508 83377778 IRP 82F4DAA0 IRP_MJ_QUERY_SECURITY 00000000 00000000 83347900 94C30EA0 94DC0E38 000C0042 830B73E8 E:\HelloWorld.exe STATUS_INVALID_DEVICE_REQUEST
90 10:47:52.313 0 csrss.exe 508 83377778 FastIO FASTIO_QUERY_BASIC_INFO 83347900 94C30EA0 94DC0E38 000C0042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileBasicInformation Attrib: 00000020
91 10:47:52.313 0 csrss.exe 508 83377778 IRP 83400510 IRP_MJ_CREATE 00000884 00000000 83215718 00000000 00000000 00000002 00000000 E:\HelloWorld.exe.Config STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 00000060 Access: 00120089 Share: 00000005 Attrib: 0
92 10:47:52.313 0 csrss.exe 508 83377778 FastIO FASTIO_QUERY_BASIC_INFO 83347900 94C30EA0 94DC0E38 000C0042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileBasicInformation Attrib: 00000020
93 10:47:52.313 0 cmd.exe 3764 83377778 IRP 833F7AA0 IRP_MJ_CLEANUP 00000404 00000000 83347900 94C30EA0 94DC0E38 000C0042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
94 10:47:52.313 0 cmd.exe 3764 83377778 IRP 834CCDE0 IRP_MJ_CLOSE 00000404 00000000 83347900 94C30EA0 94DC0E38 000C4042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS
95 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 83183DE0 IRP_MJ_CREATE 00000884 00000000 83215718 831C01F0 94DC0E38 00000002 00000000 E: STATUS_SUCCESS FILE_OPEN CreOpts: 00000120 Access: 00100180 Share: 00000007 Attrib: 0 Result: FILE_OPENED
96 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 8345D500 IRP_MJ_QUERY_VOLUME_INFORMATION 00060870 00000000 83215718 831C01F0 94DC0E38 0044000A 831C0390 E: STATUS_BUFFER_OVERFLOW FileFsVolumeInformation Length: 00000018
97 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 833F7AA0 IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST 00060830 00000000 83215718 831C01F0 94DC0E38 0044000A 831C0390 E: STATUS_INVALID_DEVICE_REQUEST FSCTL_FILE_PREFETCH
98 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 833C48C0 IRP_MJ_CREATE 00000884 00000000 82F08678 94C30EA0 94C86DE0 00000000 00000000 E:\HELLOWORLD.EXE STATUS_SUCCESS FILE_OPEN CreOpts: 00000140 Access: 000000A1 Share: 00000007 Attrib: 00000080 Result: FILE_OPENED
99 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 83470C20 IRP_MJ_SET_INFORMATION 00060834 00000000 82F08678 94C30EA0 94C86DE0 000C0040 830B73E8 E:\HELLOWORLD.EXE STATUS_SUCCESS FileBasicInformation Attrib: 0
100 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 82F4D7F0 IRP_MJ_QUERY_INFORMATION 00060874 00000000 82F08678 94C30EA0 94C86DE0 000C0040 830B73E8 E:\HELLOWORLD.EXE STATUS_INVALID_PARAMETER FileAttributeTagInformation
101 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 8349B008 IRP_MJ_CLEANUP 00000404 00000000 82F08678 94C30EA0 94C86DE0 000C0040 830B73E8 E:\HELLOWORLD.EXE STATUS_SUCCESS
102 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 833F9378 IRP_MJ_CLOSE 00000404 00000000 82F08678 94C30EA0 94C86DE0 000C4040 830B73E8 E:\HELLOWORLD.EXE STATUS_SUCCESS
103 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 8349B920 IRP_MJ_CREATE 00000884 00000000 82E3F7E0 94C30EA0 94C86DE0 00000000 00000000 E:\HELLOWORLD.EXE STATUS_SUCCESS FILE_OPEN CreOpts: 00000140 Access: 000000A1 Share: 00000007 Attrib: 00000080 Result: FILE_OPENED
104 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 8362F6A0 IRP_MJ_SET_INFORMATION 00060834 00000000 82E3F7E0 94C30EA0 94C86DE0 000C0040 830B73E8 E:\HELLOWORLD.EXE STATUS_SUCCESS FileBasicInformation Attrib: 0
105 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 82F4DAA0 IRP_MJ_QUERY_INFORMATION 00060874 00000000 82E3F7E0 94C30EA0 94C86DE0 000C0040 830B73E8 E:\HELLOWORLD.EXE STATUS_INVALID_PARAMETER FileAttributeTagInformation
106 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 82F52760 IRP_MJ_CLEANUP 00000404 00000000 82E3F7E0 94C30EA0 94C86DE0 000C0040 830B73E8 E:\HELLOWORLD.EXE STATUS_SUCCESS
107 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 83400510 IRP_MJ_CLOSE 00000404 00000000 82E3F7E0 94C30EA0 94C86DE0 000C4040 830B73E8 E:\HELLOWORLD.EXE STATUS_SUCCESS
108 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 833F9378 IRP_MJ_CLEANUP 00000404 00000000 83215718 831C01F0 94DC0E38 0044000A 831C0390 E: STATUS_SUCCESS
109 10:47:52.323 0 HelloWorld.exe 2228 83377778 IRP 833EC3D8 IRP_MJ_CLOSE 00000404 00000000 83215718 831C01F0 94DC0E38 0044400A 831C0390 E: STATUS_SUCCESS
110 10:47:52.333 0 HelloWorld.exe 2228 83377778 IRP 833EEA30 IRP_MJ_QUERY_INFORMATION 00001014 00000000 83370968 94C30EA0 94E43A88 000C4042 830B73E8 E:\HelloWorld.exe STATUS_SUCCESS FileNameInformation
111 10:47:52.333 10 cmd.exe 3764 83377778 IRP 834C7DE0 IRP_MJ_CREATE 00000884 00000000 83215718 830FECC0 94DC0E38 00000002 00000000 E: STATUS_SUCCESS FILE_OPEN CreOpts: 00000021 Access: 00100000 Share: 0 Attrib: 0 Result: FILE_OPENED
112 10:47:52.343 0 cmd.exe 3764 83377778 IRP 833C48C0 IRP_MJ_QUERY_INFORMATION 00060870 00000000 83215718 830FECC0 94DC0E38 00040002 00000000 E: STATUS_SUCCESS FileNameInformation
113 10:47:52.343 0 cmd.exe 3764 83377778 IRP 833EEA30 IRP_MJ_QUERY_VOLUME_INFORMATION 00060870 00000000 83215718 830FECC0 94DC0E38 00040002 00000000 E: STATUS_SUCCESS FileFsAttributeInformation Length: 0000021A
114 10:47:52.343 0 cmd.exe 3764 83377778 IRP 82F4D7F0 IRP_MJ_CLEANUP 00000404 00000000 83215718 830FECC0 94DC0E38 00040002 00000000 E: STATUS_SUCCESS
115 10:47:52.343 0 cmd.exe 3764 83377778 IRP 8349B008 IRP_MJ_CLOSE 00000404 00000000 83215718 830FECC0 94DC0E38 00044002 00000000 E: STATUS_SUCCESS
116 10:47:52.939 0 cmd.exe 3764 83377778 FastIO FASTIO_QUERY_OPEN 8B20DC8C 00000000 00000000 00000000 00000000 E:.dll FAILURE
117 10:47:52.939 0 cmd.exe 3764 83377778 IRP 834C7DE0 IRP_MJ_CREATE 00000884 00000000 82E57168 00000000 00000000 00000000 00000000 E:.dll STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 00200000 Access: 00000080 Share: 00000007 Attrib: 0
118 10:47:56.328 0 FileSpy.exe 3368 83377778 IRP 833C48C0 IRP_MJ_CREATE 00000884 00000000 82EE5CF0 831C01F0 94DC0E38 00000002 00000000 E: STATUS_SUCCESS FILE_OPEN CreOpts: 00000020 Access: 00100001 Share: 00000003 Attrib: 0 Result: FILE_OPENED
119 10:47:56.328 0 FileSpy.exe 3368 83377778 IRP 834C7DE0 IRP_MJ_CLEANUP 00000404 00000000 82EE5CF0 831C01F0 94DC0E38 0044000A 831C0390 E: STATUS_SUCCESS
120 10:47:56.328 0 FileSpy.exe 3368 83377778 IRP 833EEA30 IRP_MJ_CLOSE 00000404 00000000 82EE5CF0 831C01F0 94DC0E38 0044400A 831C0390 E: STATUS_SUCCESS

Hi,

bg wrote:

Anyway it works fine on our FSD, but we are remote FS. We have an option
to allow map drive also for privileged processes. If is is enabled we
map drive also into logon session of “administrative” token.

I examined this.
I made drive letter mapping to “all session”, not only admin.
But the trouble didn’t change.
“The parameter is incorrect” message box was still shown.

Unn…
Does anyone know the FSD implementation, which is not remote, and works on VISTA with UAC on?
Famous “Ext2IFS” (http://www.fs-driver.org/) does not work too…

If this is bug of Vista, I want to notify to MS.
Do you know where should I post this?