Hi Don, could you please explain more about your method ? I have a method
using a FS minifilter and a UM mode together. But if there can be a simpler
option I’ll move to that method.
Marion, I do have a KM component. However I want to have a UM component
that can handle files opened exclusively before the driver is installed and
loaded (mainly some core OS files). There are some applications that I want
to keep simple and hence I have a mixed mode approach.
Thanks,
Arun
On Wed, Oct 29, 2014 at 6:11 PM, Don Burn wrote:
> Depending on what he wants to do, this does not even require a file system
> filter. I years ago prototyped for a client a driver, that allow you to do
> this by appending the path to device name of the driver. You can
> completely stay out of the stack and get access to the file.
>
>
> Don Burn
> Windows Filesystem and Driver Consulting
> Website: http://www.windrvr.com
>
>
>
>
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com [mailto:
> xxxxx@lists.osr.com] On Behalf Of Marion Bond
> Sent: Wednesday, October 29, 2014 8:49 PM
> To: Windows File Systems Devs Interest List
> Subject: [ntfsd] Re: [ntfsd] Re: [ntfsd] get sharemode of file handle
> opened in another process
>
> Your project is impossible from UM. In KM, you don’t need to care about
> the sharing - your file system filter will simply allow you a backdoor to
> read data. Your biggest problems will be memory mapped files and cache
> coherency given that you have no obvious way of synchronizing an arbitrary
> write pattern with your read access. Assuming you are replicating, backing
> up or virus scanning, you are okay - as you can coalesce operations or your
> need is probabilistic
>
>
> Sent from Surface Pro
>
> From: Arun M. Krishnakumar mailto:xxxxx
> Sent: Tuesday, October 28, 2014 10:37 PM
> To: Windows File Systems Devs Interest List mailto:xxxxx
>
> I am working on a project where I need to have read access to all files on
> the system to which I have privileges as per ACL.
>
> There are some files that are opened in exclusive mode by services that
> start early at boot. I don’t have control over the processes and I have not
> opened the handle.
>
> I know that one way to get this access is to do a CreateFile. I wanted to
> know if there was another way.
>
> In any case I have been able to work using CreateFile and it doesn’t seem
> to be too time-intensive.
>
> Thanks,
>
> On Mon, Oct 27, 2014 at 3:29 PM, Marion Bond
> wrote:
>
>
> What do you want this for? If you opened the handle, you should
> know what sharing you specified. If this handle was passed to you, then
> sharing will have been dealt with by them
>
>
> Sent from Surface Pro
>
> From: Arun M. Krishnakumar mailto:xxxxx
> Sent: Sunday, October 26, 2014 10:38 PM
> To: Windows File Systems Devs Interest List mailto:> xxxxx@lists.osr.com>
>
> I know that it is possible to get the ShareMode from the
> FILE_OBJECT in a mini-filter. But I am unable to know this from user-mode.
> There is an object address that I get as part of each entry returned by
> NtQuerySystemInformation but I cannot access that memory area.
>
> Is there any other way ?
>
> Thanks,
> Arun
>
> On Sun, Oct 26, 2014 at 1:51 AM, Arun M. Krishnakumar <
> xxxxx@gmail.com> wrote:
>
>
> Hi,
>
> (This is a user-land API question. I hope it’s okay to ask
> here as it’s windows and FS related. Kindly help me redirect this in case
> this is the wrong forum.)
>
> I have an case where I need to determine in user-mode the
> share-mode of a file handle opened by another process, mainly to determine
> if the file is opened exclusively (sharemode = 0). I do the following:
>
> 1. Set Debug Privilege
> 2. NtQuerySystemInformation
>
> 3. OpenProcess
> 4. NtDuplicateObject (process, handle)
> 5. NtQueryObject(duplicate-handle, ObjectBasicInformation)
>
>
> The issue is that the Object Attributes returned by the
> NtQueryObject is always zero. I was hoping that there would be an
> OBJ_EXCLUSIVE indicating that the open is exclusive. Is this a valid
> assumption for this problem ?
>
> Is there some other way I can get the shared-mode, other
> than (attempting to open the file as that would be slower)?
>
> P.S.: The calls above have worked with no errors. I can
> also get the file path etc from other similar calls. I’m stuck only at the
> share-mode.
>
> Thanks,
>
>
>
> — NTFSD is sponsored by OSR OSR is hiring!! Info at
> http://www.osr.com/careers For our schedule of debugging and file system
> seminars visit: http://www.osr.com/seminars To unsubscribe, visit the
> List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTFSD is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> — NTFSD is sponsored by OSR OSR is hiring!! Info at
> http://www.osr.com/careers For our schedule of debugging and file system
> seminars visit: http://www.osr.com/seminars To unsubscribe, visit the
> List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTFSD is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTFSD is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
></mailto:></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>