Reading files opened exclusively

NTFSD
1

I need to read files that are opened exclusively. For my test I’m using
\hiberfil.sys (is this the registry?).

I am trying to roll my own IRP_MJ_CREATE. I am having a big problem
creating a file object from scratch. The NTFS driver crashes with a bad
access. Is there a better way to do this?

Here is my code I’ve been trying to use. devExt is the same as defined in
FileSpy.

PIRP Irp;
PIO_STACK_LOCATION irpSp;
KEVENT event;
FILE_OBJECT fileObject;

Path = L"\hiberfil.sys";
Irp = IoAllocateIrp( MAXIMUM_IRP_STACK_LOCATIONS, FALSE );
Irp->Flags = IRP_CREATE_OPERATION | IRP_DEFER_IO_COMPLETION |
IRP_SYNCHRONOUS_API;
Irp->RequestorMode = KernelMode;
Irp->UserEvent = &event;
Irp->UserIosb = &ioStatus;
Irp->Tail.Overlay.Thread = PsGetCurrentThread();
Irp->Tail.Overlay.OriginalFileObject = NULL;
irpSp = IoGetNextIrpStackLocation(Irp);
irpSp->Flags = 0;
irpSp->MajorFunction = IRP_MJ_CREATE;
irpSp->MinorFunction = 0;
irpSp->Parameters.Create.EaLength = 0;
irpSp->Parameters.Create.FileAttributes = FILE_ATTRIBUTE_NORMAL;
irpSp->Parameters.Create.Options = FILE_NON_DIRECTORY_FILE |
FILE_SEQUENTIAL_ONLY |
FILE_SYNCHRONOUS_IO_NONALERT;
irpSp->Parameters.Create.SecurityContext = NULL;
irpSp->DeviceObject = devExt->AttachedToDeviceObject;
irpSp->FileObject = NULL;
irpSp->Parameters.Create.ShareAccess = FILE_SHARE_READ | FILE_SHARE_WRITE |
FILE_SHARE_DELETE;
RtlZeroMemory( &fileObject, sizeof(fileObject));
fileObject.Type = 5;
fileObject.Size = sizeof(fileObject);
fileObject.DeviceObject = devExt->DiskDeviceObject;
fileObject.Vpb = devExt->DiskDeviceObject->Vpb;
fileObject.Flags = FO_SYNCHRONOUS_IO;
fileObject.FileName.Length = (SHORT) (wcslen(Path) * sizeof(WCHAR));
fileObject.FileName.MaximumLength = fileObject.FileName.Length;
fileObject.FileName.Buffer = Path;
irpSp->FileObject = &fileObject;
KeInitializeEvent( &event, NotificationEvent , FALSE);
IoSetCompletionRoutine( Irp, CpsSyncCreateCompletion, NULL, TRUE, TRUE,
TRUE );
status = IoCallDriver( devExt->AttachedToDeviceObject, Irp );

2

How about. ZwCreateFile for SYNCHRONIZE, and roll your own IRP_MJ_READ?

“Mark Hahn” wrote in message news:xxxxx@ntfsd…
>I need to read files that are opened exclusively. For my test I’m using
>\hiberfil.sys (is this the registry?).
>
> I am trying to roll my own IRP_MJ_CREATE. I am having a big problem
> creating a file object from scratch. The NTFS driver crashes with a bad
> access. Is there a better way to do this?
>
> Here is my code I’ve been trying to use. devExt is the same as defined in
> FileSpy.
>
> PIRP Irp;
> PIO_STACK_LOCATION irpSp;
> KEVENT event;
> FILE_OBJECT fileObject;
>
> Path = L"\hiberfil.sys";
> Irp = IoAllocateIrp( MAXIMUM_IRP_STACK_LOCATIONS, FALSE );
> Irp->Flags = IRP_CREATE_OPERATION | IRP_DEFER_IO_COMPLETION |
> IRP_SYNCHRONOUS_API;
> Irp->RequestorMode = KernelMode;
> Irp->UserEvent = &event;
> Irp->UserIosb = &ioStatus;
> Irp->Tail.Overlay.Thread = PsGetCurrentThread();
> Irp->Tail.Overlay.OriginalFileObject = NULL;
> irpSp = IoGetNextIrpStackLocation(Irp);
> irpSp->Flags = 0;
> irpSp->MajorFunction = IRP_MJ_CREATE;
> irpSp->MinorFunction = 0;
> irpSp->Parameters.Create.EaLength = 0;
> irpSp->Parameters.Create.FileAttributes = FILE_ATTRIBUTE_NORMAL;
> irpSp->Parameters.Create.Options = FILE_NON_DIRECTORY_FILE |
> FILE_SEQUENTIAL_ONLY |
> FILE_SYNCHRONOUS_IO_NONALERT;
> irpSp->Parameters.Create.SecurityContext = NULL;
> irpSp->DeviceObject = devExt->AttachedToDeviceObject;
> irpSp->FileObject = NULL;
> irpSp->Parameters.Create.ShareAccess = FILE_SHARE_READ | FILE_SHARE_WRITE
> | FILE_SHARE_DELETE;
> RtlZeroMemory( &fileObject, sizeof(fileObject));
> fileObject.Type = 5;
> fileObject.Size = sizeof(fileObject);
> fileObject.DeviceObject = devExt->DiskDeviceObject;
> fileObject.Vpb = devExt->DiskDeviceObject->Vpb;
> fileObject.Flags = FO_SYNCHRONOUS_IO;
> fileObject.FileName.Length = (SHORT) (wcslen(Path) * sizeof(WCHAR));
> fileObject.FileName.MaximumLength = fileObject.FileName.Length;
> fileObject.FileName.Buffer = Path;
> irpSp->FileObject = &fileObject;
> KeInitializeEvent( &event, NotificationEvent , FALSE);
> IoSetCompletionRoutine( Irp, CpsSyncCreateCompletion, NULL, TRUE, TRUE,
> TRUE );
> status = IoCallDriver( devExt->AttachedToDeviceObject, Irp );
>
>

3

“Lyndon J Clarke” wrote …

How about. ZwCreateFile for SYNCHRONIZE, and roll your own IRP_MJ_READ?

I tried that with no luck. My ZwCreateFile is returning “A file cannot be
opened because the share access flags are incompatible.” Maybe my
ZwCreateFile is set up wrong. Could you take a look at my code?

UNICODE_STRING path;
OBJECT_ATTRIBUTES fileAttributes;
HANDLE fileHandle;

Path = L"\DosDevices\D:\hiberfil.sys";
path.Length = wcslen(Path) * sizeof(WCHAR);
path.MaximumLength = path.Length;
path.Buffer = Path;

InitializeObjectAttributes( &fileAttributes, &path, OBJ_CASE_INSENSITIVE |
OBJ_KERNEL_HANDLE, NULL, NULL );

status = ZwCreateFile( &fileHandle, SYNCHRONIZE, &fileAttributes, &ioStatus,
NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE |
FILE_SHARE_DELETE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0 );

4

Building create IRP yourself doesn’t help to avoid sharing violation error.
If you got sharing violation then the file is already opened; you may use
FileObject that is already exist for the file to perform your operations.

Alexei.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Mark Hahn
Sent: Monday, March 14, 2005 4:02 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Reading files opened exclusively

“Lyndon J Clarke” wrote …

How about. ZwCreateFile for SYNCHRONIZE, and roll your own IRP_MJ_READ?

I tried that with no luck. My ZwCreateFile is returning “A file cannot be
opened because the share access flags are incompatible.” Maybe my
ZwCreateFile is set up wrong. Could you take a look at my code?

UNICODE_STRING path;
OBJECT_ATTRIBUTES fileAttributes;
HANDLE fileHandle;

Path = L"\DosDevices\D:\hiberfil.sys";
path.Length = wcslen(Path) * sizeof(WCHAR);
path.MaximumLength = path.Length;
path.Buffer = Path;

InitializeObjectAttributes( &fileAttributes, &path, OBJ_CASE_INSENSITIVE |
OBJ_KERNEL_HANDLE, NULL, NULL );

status = ZwCreateFile( &fileHandle, SYNCHRONIZE, &fileAttributes, &ioStatus,
NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE |
FILE_SHARE_DELETE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0 );

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@vmware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

5

First, you could replace all 4 lines initializing path with:

RtlInitUnicodeString( &path, L"\DosDevices\D:\hiberfil.sys" );

Second, try setting your second argument to FILE_READ_DATA|SYNCHRONIZE.

Third, consider using IoCreateFileSpecifyDeviceObjectHint() where you can
set the Options argument to IO_IGNORE_SHARE_ACCESS_CHECK.

Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
Sent: Monday, March 14, 2005 7:02 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Reading files opened exclusively

“Lyndon J Clarke” wrote …

How about. ZwCreateFile for SYNCHRONIZE, and roll your own IRP_MJ_READ?

I tried that with no luck. My ZwCreateFile is returning “A file cannot be
opened because the share access flags are incompatible.” Maybe my
ZwCreateFile is set up wrong. Could you take a look at my code?

UNICODE_STRING path;
OBJECT_ATTRIBUTES fileAttributes;
HANDLE fileHandle;

Path = L"\DosDevices\D:\hiberfil.sys";
path.Length = wcslen(Path) * sizeof(WCHAR);
path.MaximumLength = path.Length;
path.Buffer = Path;

InitializeObjectAttributes( &fileAttributes, &path, OBJ_CASE_INSENSITIVE |
OBJ_KERNEL_HANDLE, NULL, NULL );

status = ZwCreateFile( &fileHandle, SYNCHRONIZE, &fileAttributes, &ioStatus,

NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE |
FILE_SHARE_DELETE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0 );

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com

6

“Alexei Jelvis” wrote …

Building create IRP yourself doesn’t help to avoid sharing violation
error.
If you got sharing violation then the file is already opened; you may use
FileObject that is already exist for the file to perform your operations.

I thought that the only security checking was done in the IO Manager, but
you must be right.

I’ll try that next. Now I just have to figure out how to find the existing
file object. I keep track of all the open files, but I’m not sure how I’m
going to figure out which one I want. Comparing names isn’t guaranteed to
work.

Thanks…

7

“Ken Cross” wrote …

First, you could replace all 4 lines initializing path with:
RtlInitUnicodeString( &path, L"\DosDevices\D:\hiberfil.sys" );

Thanks. I suspected there was something for that.

Second, try setting your second argument to FILE_READ_DATA|SYNCHRONIZE.

I’ve tried that. No luck.

Third, consider using IoCreateFileSpecifyDeviceObjectHint() where you can
set the Options argument to IO_IGNORE_SHARE_ACCESS_CHECK.

Unfortunately this needs to work with Win2K.

8

You will need snapshotting software to read such files.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Mark Hahn”
Newsgroups: ntfsd
To: “Windows File Systems Devs Interest List”
Sent: Tuesday, March 15, 2005 5:27 AM
Subject: Re:[ntfsd] Reading files opened exclusively

>
> “Alexei Jelvis” wrote …
>
> > Building create IRP yourself doesn’t help to avoid sharing violation
> > error.
> > If you got sharing violation then the file is already opened; you may use
> > FileObject that is already exist for the file to perform your operations.
>
> I thought that the only security checking was done in the IO Manager, but
> you must be right.
>
> I’ll try that next. Now I just have to figure out how to find the existing
> file object. I keep track of all the open files, but I’m not sure how I’m
> going to figure out which one I want. Comparing names isn’t guaranteed to
> work.
>
> Thanks…
>
>
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

9

“Maxim S. Shatskih” wrote …

You will need snapshotting software to read such files.

I assume you mean filtering at the sector level instead of files.

Are you sure? The OSR IFS FAQ says that it can be done if you have a file
object and roll your own IRPs for read and write. Is there some reason this
won’t work?

10

Don’t know if this works for you or not, but
CreateFileWithHint will come with the filter manager
update for win2k. This will be packaged as a
“security” rollup for win2k and as a redistributable
that you can ship with your product.

— Mark Hahn wrote:
>
> Unfortunately this needs to work with Win2K.
>

11

“Randy Cook” wrote …

Don’t know if this works for you or not, but
CreateFileWithHint will come with the filter manager
update for win2k. This will be packaged as a
“security” rollup for win2k and as a redistributable
that you can ship with your product.

That would be great. Any idea when this would be released?

12

I see … hiberfil.sys … have you tried using IoCreateFile() and Options
like IO_NO_PARAMETER_CHECKING and maybe some of the other definitions you
can find in ntifs.h but not in the ddk documentation?

“Mark Hahn” wrote in message news:xxxxx@ntfsd…
> “Lyndon J Clarke” wrote …
>
>> How about. ZwCreateFile for SYNCHRONIZE, and roll your own IRP_MJ_READ?
>
> I tried that with no luck. My ZwCreateFile is returning “A file cannot be
> opened because the share access flags are incompatible.” Maybe my
> ZwCreateFile is set up wrong. Could you take a look at my code?
>
> UNICODE_STRING path;
> OBJECT_ATTRIBUTES fileAttributes;
> HANDLE fileHandle;
>
> Path = L"\DosDevices\D:\hiberfil.sys";
> path.Length = wcslen(Path) * sizeof(WCHAR);
> path.MaximumLength = path.Length;
> path.Buffer = Path;
>
> InitializeObjectAttributes( &fileAttributes, &path, OBJ_CASE_INSENSITIVE |
> OBJ_KERNEL_HANDLE, NULL, NULL );
>
> status = ZwCreateFile( &fileHandle, SYNCHRONIZE, &fileAttributes,
> &ioStatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE
> | FILE_SHARE_DELETE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0 );
>
>

13

Neal says by the middle of the year.

— Mark Hahn wrote:
>
> That would be great. Any idea when this would be
> released?
>

14

Thanks. Now I have to make the big decision whether to trust Microsoft with
something this important to my product.

“Randy Cook” wrote in message news:xxxxx@ntfsd…
> Neal says by the middle of the year.
>
> — Mark Hahn wrote:
>>
>> That would be great. Any idea when this would be
>> released?
>>
>
>

15

If you decide to take that path, consider using Filter Manager (minifilters)
which is a major reason for the update.

Almost everything is easier, such as filename retrieval, file I/O, and
context tracking. Also, the final released forms of minifilters are
loadable/unloadable on running systems without reboots (yea!).

I had a fully operational legacy filter driver and threw it out in favor of
writing a minifilter from scratch and am extremely glad I did.

Just my $0.02…

Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
Sent: Tuesday, March 15, 2005 2:24 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Re:Re:Reading files opened exclusively

Thanks. Now I have to make the big decision whether to trust Microsoft with

something this important to my product.

“Randy Cook” wrote in message news:xxxxx@ntfsd…
> Neal says by the middle of the year.
>
> — Mark Hahn wrote:
>>
>> That would be great. Any idea when this would be
>> released?
>>
>
>


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com

16

Where is the best place to read up on mini-filters? I see mentions of them
in passing but I’ve never seen a comprehensive description anywhere.

“Ken Cross” wrote in message news:xxxxx@ntfsd…
> If you decide to take that path, consider using Filter Manager
> (minifilters)
> which is a major reason for the update.
>
> Almost everything is easier, such as filename retrieval, file I/O, and
> context tracking. Also, the final released forms of minifilters are
> loadable/unloadable on running systems without reboots (yea!).
>
> I had a fully operational legacy filter driver and threw it out in favor
> of
> writing a minifilter from scratch and am extremely glad I did.
>
> Just my $0.02…
>
> Ken
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
> Sent: Tuesday, March 15, 2005 2:24 PM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] Re:Re:Reading files opened exclusively
>
> Thanks. Now I have to make the big decision whether to trust Microsoft
> with
>
> something this important to my product.
>
> “Randy Cook” wrote in message news:xxxxx@ntfsd…
>> Neal says by the middle of the year.
>>
>> — Mark Hahn wrote:
>>>
>>> That would be great. Any idea when this would be
>>> released?
>>>
>>
>>
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@comcast.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>

17

You have to sign up for the beta test. From a post from Molly Brown:

"A new version of the IFSKit has been posted on betaplace. This contains
the latest version of the kit and an update to the filter manager. This
is a little newer then the kit that was given at the December PlugFest.

Go to: http://beta.microsoft.com

If you are not currently registered for the beta go to the above link
and give a Guest ID of: Filtermgr

The only prerequisite is that you have previously purchased an IFSKit
(any version)."

HTH,
Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
Sent: Tuesday, March 15, 2005 2:49 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Re:Re:Reading files opened exclusively

Where is the best place to read up on mini-filters? I see mentions of them
in passing but I’ve never seen a comprehensive description anywhere.

“Ken Cross” wrote in message news:xxxxx@ntfsd…
> If you decide to take that path, consider using Filter Manager
> (minifilters)
> which is a major reason for the update.
>
> Almost everything is easier, such as filename retrieval, file I/O, and
> context tracking. Also, the final released forms of minifilters are
> loadable/unloadable on running systems without reboots (yea!).
>
> I had a fully operational legacy filter driver and threw it out in favor
> of
> writing a minifilter from scratch and am extremely glad I did.
>
> Just my $0.02…
>
> Ken
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
> Sent: Tuesday, March 15, 2005 2:24 PM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] Re:Re:Reading files opened exclusively
>
> Thanks. Now I have to make the big decision whether to trust Microsoft
> with
>
> something this important to my product.
>
> “Randy Cook” wrote in message news:xxxxx@ntfsd…
>> Neal says by the middle of the year.
>>
>> — Mark Hahn wrote:
>>>
>>> That would be great. Any idea when this would be
>>> released?
>>>
>>
>>
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@comcast.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com

18

Thanks again. The site says I am signed up for the Beta program. I guess
it automatically recognized my purchase of the IFS kit. Now I just need to
figure out how to download it. That isn’t mentioned anywhere on the site at
all.

“Ken Cross” wrote in message news:xxxxx@ntfsd…
> You have to sign up for the beta test. From a post from Molly Brown:
>
> “A new version of the IFSKit has been posted on betaplace. This contains
> the latest version of the kit and an update to the filter manager. This
> is a little newer then the kit that was given at the December PlugFest.
>
> Go to: http://beta.microsoft.com
>
> If you are not currently registered for the beta go to the above link
> and give a Guest ID of: Filtermgr
>
> The only prerequisite is that you have previously purchased an IFSKit
> (any version).”
>
>
> HTH,
> Ken
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
> Sent: Tuesday, March 15, 2005 2:49 PM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] Re:Re:Reading files opened exclusively
>
> Where is the best place to read up on mini-filters? I see mentions of
> them
> in passing but I’ve never seen a comprehensive description anywhere.
>
> “Ken Cross” wrote in message news:xxxxx@ntfsd…
>> If you decide to take that path, consider using Filter Manager
>> (minifilters)
>> which is a major reason for the update.
>>
>> Almost everything is easier, such as filename retrieval, file I/O, and
>> context tracking. Also, the final released forms of minifilters are
>> loadable/unloadable on running systems without reboots (yea!).
>>
>> I had a fully operational legacy filter driver and threw it out in favor
>> of
>> writing a minifilter from scratch and am extremely glad I did.
>>
>> Just my $0.02…
>>
>> Ken
>>
>>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
>> Sent: Tuesday, March 15, 2005 2:24 PM
>> To: Windows File Systems Devs Interest List
>> Subject: Re:[ntfsd] Re:Re:Reading files opened exclusively
>>
>> Thanks. Now I have to make the big decision whether to trust Microsoft
>> with
>>
>> something this important to my product.
>>
>> “Randy Cook” wrote in message news:xxxxx@ntfsd…
>>> Neal says by the middle of the year.
>>>
>>> — Mark Hahn wrote:
>>>>
>>>> That would be great. Any idea when this would be
>>>> released?
>>>>
>>>
>>>
>>
>>
>>
>> —
>> Questions? First check the IFS FAQ at
>> https://www.osronline.com/article.cfm?id=17
>>
>> You are currently subscribed to ntfsd as: xxxxx@comcast.net
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>>
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@comcast.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

19

If you are signed up, there will be a section entitled “You are enrolled in
the Following Beta Programs” and, below that, there should be a link to the
Filter Manager.

I’d be surprised if it’s there yet. It took me almost 2 weeks to convince
them I bought the IFS, and they themselves say that it takes at least 24
hours:

“If you have received an email welcoming you to a program and you do not see
the program listed below, please wait 24 hours and try again.”

Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
Sent: Tuesday, March 15, 2005 6:54 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Re:Re:Reading files opened exclusively

Thanks again. The site says I am signed up for the Beta program. I guess
it automatically recognized my purchase of the IFS kit. Now I just need to
figure out how to download it. That isn’t mentioned anywhere on the site at

all.

“Ken Cross” wrote in message news:xxxxx@ntfsd…
> You have to sign up for the beta test. From a post from Molly Brown:
>
> “A new version of the IFSKit has been posted on betaplace. This contains
> the latest version of the kit and an update to the filter manager. This
> is a little newer then the kit that was given at the December PlugFest.
>
> Go to: http://beta.microsoft.com
>
> If you are not currently registered for the beta go to the above link
> and give a Guest ID of: Filtermgr
>
> The only prerequisite is that you have previously purchased an IFSKit
> (any version).”
>
>
> HTH,
> Ken
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
> Sent: Tuesday, March 15, 2005 2:49 PM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] Re:Re:Reading files opened exclusively
>
> Where is the best place to read up on mini-filters? I see mentions of
> them
> in passing but I’ve never seen a comprehensive description anywhere.
>
> “Ken Cross” wrote in message news:xxxxx@ntfsd…
>> If you decide to take that path, consider using Filter Manager
>> (minifilters)
>> which is a major reason for the update.
>>
>> Almost everything is easier, such as filename retrieval, file I/O, and
>> context tracking. Also, the final released forms of minifilters are
>> loadable/unloadable on running systems without reboots (yea!).
>>
>> I had a fully operational legacy filter driver and threw it out in favor
>> of
>> writing a minifilter from scratch and am extremely glad I did.
>>
>> Just my $0.02…
>>
>> Ken
>>
>>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
>> Sent: Tuesday, March 15, 2005 2:24 PM
>> To: Windows File Systems Devs Interest List
>> Subject: Re:[ntfsd] Re:Re:Reading files opened exclusively
>>
>> Thanks. Now I have to make the big decision whether to trust Microsoft
>> with
>>
>> something this important to my product.
>>
>> “Randy Cook” wrote in message news:xxxxx@ntfsd…
>>> Neal says by the middle of the year.
>>>
>>> — Mark Hahn wrote:
>>>>
>>>> That would be great. Any idea when this would be
>>>> released?
>>>>
>>>
>>>
>>
>>
>>
>> —
>> Questions? First check the IFS FAQ at
>> https://www.osronline.com/article.cfm?id=17
>>
>> You are currently subscribed to ntfsd as: xxxxx@comcast.net
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>>
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@comcast.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com

20

The link is definitely there. It says “Filter Manager Preview”. It
appeared immediately after I logged in with my .net passport. The page that
links to says:

Welcome to the Filter Manager Preview Beta Program!
To nominate a tester for this beta program Click on the “Survey” link on the
left.
Select the “Filter Manager Preview Nomination Form” and provide all the
information sought for in the form. For any administrative issues that you
may have please feel free to send email to …

I nominated myself in the form, which was quite weird and confusing. There
was a link in the banner to “Participation Info” which had a lot of info
about the testing program except how to download anything.

“Ken Cross” wrote in message news:xxxxx@ntfsd…
> If you are signed up, there will be a section entitled “You are enrolled
> in
> the Following Beta Programs” and, below that, there should be a link to
> the
> Filter Manager.
>
> I’d be surprised if it’s there yet. It took me almost 2 weeks to convince
> them I bought the IFS, and they themselves say that it takes at least 24
> hours:
>
> “If you have received an email welcoming you to a program and you do not
> see
> the program listed below, please wait 24 hours and try again.”
>
> Ken
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
> Sent: Tuesday, March 15, 2005 6:54 PM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] Re:Re:Reading files opened exclusively
>
> Thanks again. The site says I am signed up for the Beta program. I guess
> it automatically recognized my purchase of the IFS kit. Now I just need
> to
> figure out how to download it. That isn’t mentioned anywhere on the site
> at
>
> all.
>
> “Ken Cross” wrote in message news:xxxxx@ntfsd…
>> You have to sign up for the beta test. From a post from Molly Brown:
>>
>> “A new version of the IFSKit has been posted on betaplace. This contains
>> the latest version of the kit and an update to the filter manager. This
>> is a little newer then the kit that was given at the December PlugFest.
>>
>> Go to: http://beta.microsoft.com
>>
>> If you are not currently registered for the beta go to the above link
>> and give a Guest ID of: Filtermgr
>>
>> The only prerequisite is that you have previously purchased an IFSKit
>> (any version).”
>>
>>
>> HTH,
>> Ken
>>
>>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
>> Sent: Tuesday, March 15, 2005 2:49 PM
>> To: Windows File Systems Devs Interest List
>> Subject: Re:[ntfsd] Re:Re:Reading files opened exclusively
>>
>> Where is the best place to read up on mini-filters? I see mentions of
>> them
>> in passing but I’ve never seen a comprehensive description anywhere.
>>
>> “Ken Cross” wrote in message news:xxxxx@ntfsd…
>>> If you decide to take that path, consider using Filter Manager
>>> (minifilters)
>>> which is a major reason for the update.
>>>
>>> Almost everything is easier, such as filename retrieval, file I/O, and
>>> context tracking. Also, the final released forms of minifilters are
>>> loadable/unloadable on running systems without reboots (yea!).
>>>
>>> I had a fully operational legacy filter driver and threw it out in favor
>>> of
>>> writing a minifilter from scratch and am extremely glad I did.
>>>
>>> Just my $0.02…
>>>
>>> Ken
>>>
>>>
>>> -----Original Message-----
>>> From: xxxxx@lists.osr.com
>>> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
>>> Sent: Tuesday, March 15, 2005 2:24 PM
>>> To: Windows File Systems Devs Interest List
>>> Subject: Re:[ntfsd] Re:Re:Reading files opened exclusively
>>>
>>> Thanks. Now I have to make the big decision whether to trust Microsoft
>>> with
>>>
>>> something this important to my product.
>>>
>>> “Randy Cook” wrote in message news:xxxxx@ntfsd…
>>>> Neal says by the middle of the year.
>>>>
>>>> — Mark Hahn wrote:
>>>>>
>>>>> That would be great. Any idea when this would be
>>>>> released?
>>>>>
>>>>
>>>>
>>>
>>>
>>>
>>> —
>>> Questions? First check the IFS FAQ at
>>> https://www.osronline.com/article.cfm?id=17
>>>
>>> You are currently subscribed to ntfsd as: xxxxx@comcast.net
>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>
>>>
>>>
>>
>>
>>
>> —
>> Questions? First check the IFS FAQ at
>> https://www.osronline.com/article.cfm?id=17
>>
>> You are currently subscribed to ntfsd as: xxxxx@comcast.net
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@comcast.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>