assertion while using ‘shadow device object’ recursion removal techniqueAn
even more secure mechanism may be to use a service and have the threads
always run in the context of the service. You can use an IOCTL to register
the service with the driver to get process context. This allows you to use
flexible security policies on the “phantom” file you are accessing; or not.
Jamey
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Smith, Joel
Sent: Monday, July 17, 2000 4:03 PM
To: File Systems Developers
Subject: [ntfsd] assertion while using ‘shadow device object’ recursion
removal te chnique
I’ve implemented my interpretation of the ‘shadow device object’
technique that has been discussed over the last couple days on this group.
Basically, when creating my filter device I create a second ‘shadow’ device
with a unique name. This shadow device is, of course, not in the file
system device stack.
In my filter’s IRP_MJ_CREATE handler, if I have to call
ZwCreateFile, instead of initializing the file name with the partition’s
device object’s name prepended, I prepend the name of my ‘shadow’ device:
(i.e. \Device\shadow_0\somefile.txt). I then call ZwCreateFile.
Also in my filter’s IRP_MJ_CREATE handler is a special case to
handle creates redirected to the ‘shadow’ device object. (i.e.
ZwCreate(\Device\shadow_0\somefile.txt). If a create comes in for the
shadow device object the special case simply forwards the create to the fsd
with IoCallDriver.
This technique works well 99% of the time. Occasionally, however,
I get an assertion from the FSD:
*** Assertion failed: No correspondence btwn file and device in
irp((IrpSp->FileObject->Vpb == NULL) && ((IrpSp->FileObject->DeviceObject !=
NULL) && (IrpSp->FileObject->DeviceObject->Vpb != NULL) &&
(IrpSp->DeviceObject == IrpSp->FileObject->DeviceO
bject->Vpb->DeviceObject))) || ((IrpSp->FileObject->Vpb != NULL) &&
(IrpSp->DeviceObject == IrpSp->FileObject->Vpb->DeviceObject)) ||
!FlagOn( Vcb->VcbState, VCB_STATE_VOLUME_MOUNTED ))
*** Source File: D:\nt\private\ntos\cntfs\strucsup.c, line 6670
This may not be enough to tell what I’ve done wrong, but its all
I’ve got now. I’ll update the thread with some more information tommorrow,
after I continue to debug the problem (I’m just hoping the problem will be
obvious to one of you and you can save me time :))
Thanks,
Joel