Hello everyone,
I’m developing a minifilter and am in need of some help.
Basically I want the following flow:
- User opens file ‘a.txt’, suppose it contains ‘abcdef’
- I have an IRP_MJ_CREATE pre operation that will return the user with a handle to a memory stream inside the driver, suppose it contains ‘123456’
- User reads N bytes and gets N bytes from the memory stream, say he reads 6 bytes, he will then get ‘123456’
My plan was to replace the TargetFileObject with my own constructed FILE_OBJECT via IoCreateStreamFileObjectLite,
and within settings the SectionObjectPointer to my own.
Is this possible using the method I’ve described ?
If not, any recommendation on an alternate route would be extremely appreciated!
Thank you very much !
You are talking about a layered file system where you take ownership of
the file objects. This will work but it is a huge task. Remember that
now you have taken ownership of those file objects by setting your own
FsContext and SOP structures, they can NEVER get passed down to the
underlying file system else it will BSOD. You will need to implement
every call and swap out the file object accordingly with the one which
you opened.
But to clarify, during PreCreate you would take ownership of the passed
in file object opening a second file object via the IoCreate…() API.
You would then complete this request without passing it down to the
underlying file system. Then for any subsequent request, you would swap
out the TargetFileObject, marking the CDB dirty, and then pass the
request down the stack.
Again, this is a huge undertaking, there is a ton of information on this
forum on the topic.
As an alternative you could investigate processing only the read-write
pathways. When a non-cached read or write request is handled for the
file of interest, return the appropriate data. The problem with this
approach comes in when the file size between the virtual file and the
real file differ. If they do then there are lots of headaches to get
past with file size faking and to get it right will take you nearly as
long, if not longer, than writing a layered file system.
Pete
–
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com http:</http:>
866.263.9295
------ Original Message ------
From: xxxxx@gmail.com
To: “Windows File Systems Devs Interest List”
Sent: 9/12/2015 9:36:08 AM
Subject: [ntfsd] Return a ‘virtual’ file handle instead of the requested
file
>Hello everyone,
>
>I’m developing a minifilter and am in need of some help.
>Basically I want the following flow:
>
>- User opens file ‘a.txt’, suppose it contains ‘abcdef’
>- I have an IRP_MJ_CREATE pre operation that will return the user with
>a handle to a memory stream inside the driver, suppose it contains
>‘123456’
>- User reads N bytes and gets N bytes from the memory stream, say he
>reads 6 bytes, he will then get ‘123456’
>
>My plan was to replace the TargetFileObject with my own constructed
>FILE_OBJECT via IoCreateStreamFileObjectLite,
>and within settings the SectionObjectPointer to my own.
>
>Is this possible using the method I’ve described ?
>If not, any recommendation on an alternate route would be extremely
>appreciated!
>
>Thank you very much !
>
>—
>NTFSD is sponsored by OSR
>
>OSR is hiring!! Info at http://www.osr.com/careers
>
>For our schedule of debugging and file system seminars visit:
>http://www.osr.com/seminars
>
>To unsubscribe, visit the List Server section of OSR Online at
>http://www.osronline.com/page.cfm?name=ListServer
Hey Pete, thanks ! Seems like I have some work to do then 
One thing I didn’t quite understand is the creation of the SFO along with the FsContex and SOP.
Say I create the file object, I’m not really sure how to fill it properly.
Im guessing that if I’m sending the SFO down the stack in non-create calls then it should be initialized appropriately.
Also, Is there a method to fill the SFO in a way that will point to my memory buffer,
and then make the reads/writes happen automatically ?
Thank you so much for you help!