Thank you for your reply!
I did exactly what you told me to and now I have a
FULLY WORKING routine for reading a file line by line,
in kernel-mode. I am now able to read the config file
with no problems.
The problem i now encounter is that I can’t hook all
drives. I can’t hook I/O requests to/from floppy disk
or CD drives. Can anyone help?
I found out that when I try to hook A:\ with a disk
inside, i successfully connect to the device and after
that I can hook all I/O requests (even without a
floppy disk inside). But when I try connecting to A:\
without a disk inside… I can’t.
So my question is:
Is there a way to connect to removable devices
(without a disk in that drive) in order to hook I/O
requests?
— xxxxx@seagate.com wrote:
If you are in kernel mode, use the documented kernel
mode file access
functions. If you are in user mode, use documented
user mode file access
functions. Config files for drivers can be very
difficult, because you
have no guarantee that your initialization will
happen after the FS is
fully functional, unless your Start Type is system
or automatic. But since
this is an FSD list, those are probably not options.
So the right place
for your configuration information is the registry,
specifically, the
HKLM\System\CurrentControlSet\Services\YourDriver
key. That exists largely
for the purpose of giving you a place to keep your
config info available,
and it’s guaranteed to be available to you at init
time. So use it.Don’t have a clue about detecting Direct Write
access.Phil
Ken Galipeau @lists.osr.com on
> 03/18/2002 10:26:12 PM
>
> Please respond to “File Systems Developers”
>
>
> Sent by: xxxxx@lists.osr.com
>
>
> To: “File Systems Developers”
>
> cc:
>
> Subject: [ntfsd] RE: NtReadFile problem & Direct
> Write Access detection
>
>
> 1. I don’t have a working example. YOu just have to
> declare the buffer as a
> global or allocate it using ExAllocatePool. As far
> as reading line by line
> you’ll have to read a block of data into a buffer
> and scan for the EOL
> characters. There is no support for reading line by
> line in the kernel that
> I know of.
>
> 2. don’t know
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of
> The Mind Phobia
> Sent: Monday, March 18, 2002 5:57 PM
> To: File Systems Developers
> Subject: [ntfsd] RE: NtReadFile problem & Direct
> Write Access detection
>
>
> 1. can you provide me with a working example? forget
> mine and write a working example. the file i’ll read
> is a configuration file so i need to read it line by
> line. can this be done?
>
> 2. any ideas for preventing format? (DIRECT WRITE
> ACCESS)
>
> thank you.
> — Ken Galipeau wrote:
> > pBuffer has not been initialized to anything! It
> is
> > probably NULL.
> > Also sizeof(pBuffer) will yield 4 since the size
> of
> > a pointer is 4 bytes.
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com]On Behalf
> Of
> > The Mind Phobia
> > Sent: Monday, March 18, 2002 4:39 PM
> > To: File Systems Developers
> > Subject: [ntfsd] NtReadFile problem & Direct Write
> > Access detection
> >
> >
> > Hi there!
> >
> > ---------------------------------------
> > 1. I have problems reading a text file. I want to
> > read
> > it (line by line if possible) and I do this:
> >
> > PVOID pBuffer;
> >
> > main (int Argc, char ** Argv )
> > {
> > NTSTATUS Status;
> > UNICODE_STRING UnicodeFilespec;
> > OBJECT_ATTRIBUTES ObjectAttributes;
> > HANDLE FileHandle;
> > IO_STATUS_BLOCK Iosb;
> >
> >
> > RtlInitUnicodeString(&UnicodeFilespec,
> > L"\DosDevices\C:\Temp\filetoread.txt");
> >
> > InitializeObjectAttributes(&ObjectAttributes,
> > &UnicodeFilespec,OBJ_CASE_INSENSITIVE,NULL,NULL );
> >
> > Status =
> NtCreateFile(&FileHandle,(GENERIC_READ
> > |
> >
> SYNCHRONIZE),&ObjectAttributes,
> &Iosb,0,0,FILE_SHARE_READ,FILE_OPEN,FILE_SYNC
> >
> HRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE,NULL,0);
> >
> > if(!NT_SUCCESS(Iosb.Status) )
> > {
> > printf(“CREATE failed with status =
> > 0x%0x\n”,Iosb.Status);
> > exit(0);
> > }
> >
> > Status =
> >
> NtReadFile(FileHandle,0,NULL,NULL,
> &Iosb,(PVOID)pBuffer,sizeof(pBuffer),0,NUL
> > L);
> >
> > if(!NT_SUCCESS(Status) )
> > {
> > printf(“NtReadFile request failed 0x%0x\n”,
> > Status);
> > exit(0);
> > }
> >
> > Status = NtClose(FileHandle);
> >
> >
> > if(!NT_SUCCESS(Status) )
> > {
> > printf(“NtClose request failed 0x%0x\n”,
> > Status);
> > exit(0);
> > }
> >
> > printf(“Read buffer:\n”);
> > printf(“%s\n”,pBuffer);
> >
> > exit(1);
> > }
> >
> > After successfully opening the file, i get ACCESS
> > VIOLATION (0xc000005) as return value of
> NtReadFile.
> > What’s wrong?
> > -----------------------------------------------
> >
> > 2. How can i detect (in my file system filter
> > driver)
> > and stop an attempt to format the disk (DIRECT
> DISK
> > WRITE ACCESS)? Any ideas or code snippets?
> >
> > Thank you!
> >
> >
> > Do You Yahoo!?
> > Yahoo! Sports - live college hoops coverage
> > http://sports.yahoo.com/
> >
> > —
> > You are currently subscribed to ntfsd as:
> > xxxxx@legato.com
> > To unsubscribe send a blank email to
> %%email.unsub%%
> >
> >
> >
> > —
> > You are currently subscribed to ntfsd as:
> > xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> %%email.unsub%%
>
>
>
>
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards®
http://movies.yahoo.com/