Simple FltCreateFile hanged in WinXP SP2

I developped a very simple minifilter on the basis of minifilter sample PassThrough.I find a problem in some WinXP SP2 evirionment(added some hotfixs),there are just only one minifilter(my minifilter) and only one legacy filter(fltmanager).And,in other WinXP SP2 evironment,there is no the problem.

I just developped my minifilter from the sample PassThrough,but added the handler:
in pre-Create,I call FltCreate(execlusively) to open the target file,and then FltClose it.
But,I observed the situation:
the call FltCreate will hanged,never return.

By my test,I have the conclusion:
If the target file have opened before this pre-Create,my FltCreate(execlusively) should be STATUS_SHARING_VIOLATION,but the FltCreate(execlusively) will hang(never returned)!

the minifilter is developped on the basis of minifilter sample PassThrough.I just modify the following:
CONST FLT_OPERATION_REGISTRATION Callbacks = {
{ IRP_MJ_CREATE,
0,
PtPreOperationCreate,
PtPostOperationCreate },
…
{ IRP_MJ_OPERATION_END }
};

FLT_PREOP_CALLBACK_STATUS
PtPreOperationCreate (
__inout PFLT_CALLBACK_DATA Data,
__in PCFLT_RELATED_OBJECTS FltObjects,
__deref_out_opt PVOID *CompletionContext
)
{
PFLT_FILE_NAME_INFORMATION nameInfo = NULL;
NTSTATUS status;
BOOLEAN bTest;
OBJECT_ATTRIBUTES objectAttributes;
HANDLE hFile;
IO_STATUS_BLOCK ioStatus;

//get the filename
if (FltObjects->FileObject == NULL)
return FLT_PREOP_SUCCESS_NO_CALLBACK ;
status=FltGetFileNameInformation(Data,
FLT_FILE_NAME_NORMALIZED|FLT_FILE_NAME_QUERY_DEFAULT,
&nameInfo);
if (!NT_SUCCESS(status))
return FLT_PREOP_SUCCESS_NO_CALLBACK ;
status=FltParseFileNameInformation(nameInfo);
if (!NT_SUCCESS(status))
{
FltReleaseFileNameInformation(nameInfo);
return FLT_PREOP_SUCCESS_NO_CALLBACK ;
}
//I just test the files have the specific extension
bTest=CheckExtension( &nameInfo->Extension );
if (!bTest)
{
FltReleaseFileNameInformation(nameInfo);
return FLT_PREOP_SUCCESS_NO_CALLBACK ;
}
KdPrint((“\r\nTest Create File:%wZ”,&nameInfo->Name));

//issue my fltcreate
InitializeObjectAttributes( &objectAttributes,
&nameInfo->Name,
OBJ_KERNEL_HANDLE,
NULL,
NULL );
status=FltCreateFile(gFilterHandle,
FltObjects->Instance,
&hFile,
GENERIC_READ,
&objectAttributes,
&ioStatus,
(PLARGE_INTEGER) NULL,
FILE_ATTRIBUTE_NORMAL,
0,//execlusively
FILE_OPEN,
0L,
NULL,
0L,
0 );
KdPrint((“\r\nTest File:%wZ,Status:%x”,&nameInfo->Name,status));
if (NT_SUCCESS( status ))
{
FltClose(hFile);
}
FltReleaseFileNameInformation( nameInfo );

return FLT_PREOP_SUCCESS_WITH_CALLBACK ;
}

FLT_POSTOP_CALLBACK_STATUS
PtPostOperationCreate (
__inout PFLT_CALLBACK_DATA Data,
__in PCFLT_RELATED_OBJECTS FltObjects,
__in_opt PVOID CompletionContext,
__in FLT_POST_OPERATION_FLAGS Flags
)
{
return FLT_POSTOP_FINISHED_PROCESSING;
}

//
// This is a static list of file name extensions files we are interested in testing
//
const UNICODE_STRING ExtensionsToTest =
{RTL_CONSTANT_STRING( L"txt"),
{0, 0, NULL}
};

BOOLEAN
CheckExtension (
__in PUNICODE_STRING Extension
)
/*++
Routine Description:
Checks if this file name extension is something we are interested in
–*/
{
const UNICODE_STRING *ext;
if (Extension->Length == 0) {
return FALSE;
}

//
// Check if it matches any one of our static extension list
//

ext = ExtensionsToTest;
while (ext->Buffer != NULL) {
if (RtlCompareUnicodeString( Extension, ext, TRUE ) == 0) {
//
// A match. We are interested in this file
//
return TRUE;
}
ext++;
}
return FALSE;
}

Anybody can clear it?Thank you very much!

xxxxx@hotmail.com wrote:

What are your CreateOptions set to? Your EaLength should also be a ulong
instead of a long.

Wow, your the first person I ever recall seeing using “L” for casting a
long… Had to look that
one up…

Matt

I developped a very simple minifilter on the basis of minifilter sample PassThrough.I find a problem in some WinXP SP2 evirionment(added some hotfixs),there are just only one minifilter(my minifilter) and only one legacy filter(fltmanager).And,in other WinXP SP2 evironment,there is no the problem.

I just developped my minifilter from the sample PassThrough,but added the handler:
in pre-Create,I call FltCreate(execlusively) to open the target file,and then FltClose it.
But,I observed the situation:
the call FltCreate will hanged,never return.

By my test,I have the conclusion:
If the target file have opened before this pre-Create,my FltCreate(execlusively) should be STATUS_SHARING_VIOLATION,but the FltCreate(execlusively) will hang(never returned)!

the minifilter is developped on the basis of minifilter sample PassThrough.I just modify the following:
CONST FLT_OPERATION_REGISTRATION Callbacks = {
{ IRP_MJ_CREATE,
0,
PtPreOperationCreate,
PtPostOperationCreate },
…
{ IRP_MJ_OPERATION_END }
};

FLT_PREOP_CALLBACK_STATUS
PtPreOperationCreate (
__inout PFLT_CALLBACK_DATA Data,
__in PCFLT_RELATED_OBJECTS FltObjects,
__deref_out_opt PVOID *CompletionContext
)
{
PFLT_FILE_NAME_INFORMATION nameInfo = NULL;
NTSTATUS status;
BOOLEAN bTest;
OBJECT_ATTRIBUTES objectAttributes;
HANDLE hFile;
IO_STATUS_BLOCK ioStatus;

//get the filename
if (FltObjects->FileObject == NULL)
return FLT_PREOP_SUCCESS_NO_CALLBACK ;
status=FltGetFileNameInformation(Data,
FLT_FILE_NAME_NORMALIZED|FLT_FILE_NAME_QUERY_DEFAULT,
&nameInfo);
if (!NT_SUCCESS(status))
return FLT_PREOP_SUCCESS_NO_CALLBACK ;
status=FltParseFileNameInformation(nameInfo);
if (!NT_SUCCESS(status))
{
FltReleaseFileNameInformation(nameInfo);
return FLT_PREOP_SUCCESS_NO_CALLBACK ;
}
//I just test the files have the specific extension
bTest=CheckExtension( &nameInfo->Extension );
if (!bTest)
{
FltReleaseFileNameInformation(nameInfo);
return FLT_PREOP_SUCCESS_NO_CALLBACK ;
}
KdPrint((“\r\nTest Create File:%wZ”,&nameInfo->Name));

//issue my fltcreate
InitializeObjectAttributes( &objectAttributes,
&nameInfo->Name,
OBJ_KERNEL_HANDLE,
NULL,
NULL );
status=FltCreateFile(gFilterHandle,
FltObjects->Instance,
&hFile,
GENERIC_READ,
&objectAttributes,
&ioStatus,
(PLARGE_INTEGER) NULL,
FILE_ATTRIBUTE_NORMAL,
0,//execlusively
FILE_OPEN,
0L,
NULL,
0L,
0 );
KdPrint((“\r\nTest File:%wZ,Status:%x”,&nameInfo->Name,status));
if (NT_SUCCESS( status ))
{
FltClose(hFile);
}
FltReleaseFileNameInformation( nameInfo );

return FLT_PREOP_SUCCESS_WITH_CALLBACK ;
}

FLT_POSTOP_CALLBACK_STATUS
PtPostOperationCreate (
__inout PFLT_CALLBACK_DATA Data,
__in PCFLT_RELATED_OBJECTS FltObjects,
__in_opt PVOID CompletionContext,
__in FLT_POST_OPERATION_FLAGS Flags
)
{
return FLT_POSTOP_FINISHED_PROCESSING;
}

//
// This is a static list of file name extensions files we are interested in testing
//
const UNICODE_STRING ExtensionsToTest =
{RTL_CONSTANT_STRING( L"txt"),
{0, 0, NULL}
};

BOOLEAN
CheckExtension (
__in PUNICODE_STRING Extension
)
/*++
Routine Description:
Checks if this file name extension is something we are interested in
–*/
{
const UNICODE_STRING *ext;
if (Extension->Length == 0) {
return FALSE;
}

//
// Check if it matches any one of our static extension list
//

ext = ExtensionsToTest;
while (ext->Buffer != NULL) {
if (RtlCompareUnicodeString( Extension, ext, TRUE ) == 0) {
//
// A match. We are interested in this file
//
return TRUE;
}
ext++;
}
return FALSE;
}

Anybody can clear it?Thank you very much!

---

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

your attension is not the key.
the code you attensioned is from the sample minifilter metadatamanager.

xxxxx@hotmail.com wrote:

Hummmmm, just looking at that sample that you pointed out.

From what I see that sample puts a LONG in an ULONG, not to big of a
deal, but shouldn’t non-
theless. Secondly, while looking for the definitions for the possible
options for CreateOptions I
see this:

/* NT Create CreateOptions bits */
#define FILE_DIRECTORY_FILE (0x00000001)
#define FILE_WRITE_THROUGH (0x00000002)
#define FILE_SEQUENTIAL_ONLY (0x00000004)
#define FILE_NON_DIRECTORY_FILE (0x00000040)
#define FILE_NO_EA_KNOWLEDGE (0x00000200)
#define FILE_EIGHT_DOT_THREE_ONLY (0x00000400)
#define FILE_RANDOM_ACCESS (0x00000800)
#define FILE_DELETE_ON_CLOSE (0x00001000)

None of these would equal “0L”.

Then again, even as screwy as that sample code looks to me, I’m busy
and don’t have time to think about it to much.

Why can’t you just play with the flags and see what works. That would of
taken 5 mins…

Googling for working code takes 0.3 seconds…

Good luck to you, but that sample looks a little weird to me…

Matt

your attension is not the key.
the code you attensioned is from the sample minifilter metadatamanager.

---

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Matt wrote:

0x00000000 is FILE_SUPERSEDE in my reading. In my docs, this is not a
valid CreateOptions
for FltCreateFile.

The metadata sample that sets create options to “0L” I believe is in
error…

What does the rest of the community say about this? I’m a rookie, I
wouldn’t want to call this
a ‘bug’, I don’t feel I’m at that point yet; I’ll chalk this up to my
‘fuzzy logic’ (like my ‘fuzzy math’).

Matt

xxxxx@hotmail.com wrote:

Hummmmm, just looking at that sample that you pointed out.

From what I see that sample puts a LONG in an ULONG, not to big of a
deal, but shouldn’t non-
theless. Secondly, while looking for the definitions for the possible
options for CreateOptions I
see this:

/* NT Create CreateOptions bits */
#define FILE_DIRECTORY_FILE (0x00000001)
#define FILE_WRITE_THROUGH (0x00000002)
#define FILE_SEQUENTIAL_ONLY (0x00000004)
#define FILE_NON_DIRECTORY_FILE (0x00000040)
#define FILE_NO_EA_KNOWLEDGE (0x00000200)
#define FILE_EIGHT_DOT_THREE_ONLY (0x00000400)
#define FILE_RANDOM_ACCESS (0x00000800)
#define FILE_DELETE_ON_CLOSE (0x00001000)

None of these would equal “0L”.

Then again, even as screwy as that sample code looks to me, I’m busy
and don’t have time to think about it to much.
Why can’t you just play with the flags and see what works. That would
of taken 5 mins…

Googling for working code takes 0.3 seconds…

Good luck to you, but that sample looks a little weird to me…

Matt

> your attension is not the key.
> the code you attensioned is from the sample minifilter metadatamanager.
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

---

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Matt,

metadata-sample provides 0 for CreateOptions, but FILE_SUPERSEDE ist not for
“CreateOptions” … it’s for “CreateDisposition”.

And for CreateDisposition" metadata-sample provides FILE_OPEN_IF or
FILE_OPEN.

“Matt” wrote news:xxxxx@ntfsd…
> Matt wrote:
>
> 0x00000000 is FILE_SUPERSEDE in my reading. In my docs, this is not a
> valid CreateOptions
> for FltCreateFile.
>
> The metadata sample that sets create options to “0L” I believe is in
> error…
>
> What does the rest of the community say about this? I’m a rookie, I
> wouldn’t want to call this
> a ‘bug’, I don’t feel I’m at that point yet; I’ll chalk this up to my
> ‘fuzzy logic’ (like my ‘fuzzy math’).
>
> Matt
>
>
>> xxxxx@hotmail.com wrote:
>>
>> Hummmmm, just looking at that sample that you pointed out.
>>
>> From what I see that sample puts a LONG in an ULONG, not to big of a
>> deal, but shouldn’t non-
>> theless. Secondly, while looking for the definitions for the possible
>> options for CreateOptions I
>> see this:
>>
>> /* NT Create CreateOptions bits */
>> #define FILE_DIRECTORY_FILE (0x00000001)
>> #define FILE_WRITE_THROUGH (0x00000002)
>> #define FILE_SEQUENTIAL_ONLY (0x00000004)
>> #define FILE_NON_DIRECTORY_FILE (0x00000040)
>> #define FILE_NO_EA_KNOWLEDGE (0x00000200)
>> #define FILE_EIGHT_DOT_THREE_ONLY (0x00000400)
>> #define FILE_RANDOM_ACCESS (0x00000800)
>> #define FILE_DELETE_ON_CLOSE (0x00001000)
>>
>> None of these would equal “0L”.
>>
>> Then again, even as screwy as that sample code looks to me, I’m busy
>> and don’t have time to think about it to much.
>> Why can’t you just play with the flags and see what works. That would of
>> taken 5 mins…
>>
>> Googling for working code takes 0.3 seconds…
>>
>> Good luck to you, but that sample looks a little weird to me…
>>
>> Matt
>>
>>
>>> your attension is not the key.
>>> the code you attensioned is from the sample minifilter metadatamanager.
>>> —
>>> NTFSD is sponsored by OSR
>>>
>>> For our schedule debugging and file system seminars
>>> (including our new fs mini-filter seminar) visit:
>>> http://www.osr.com/seminars
>>>
>>> You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>
>>>
>>
>>
>> —
>> NTFSD is sponsored by OSR
>>
>> For our schedule debugging and file system seminars
>> (including our new fs mini-filter seminar) visit:
>> http://www.osr.com/seminars
>>
>> You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
>

frank wrote:

That is where I’m confused. Look at (from the metadata sample):

status = FltCreateFile( Globals.Filter,
InstanceContext->Instance,
&InstanceContext->MetadataHandle,
FILE_ALL_ACCESS,
&objectAttributes,
&ioStatus,
(PLARGE_INTEGER) NULL,
FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN,
FILE_SHARE_READ,
(CreateIfNotPresent ? FILE_OPEN_IF : FILE_OPEN),
0L,
NULL,
0L,
0 );

The 11th parameter is CreateOptions. I understand FILE_SUPERSEDE is for
“CreateDisposition” (like you said). However, in the above
paste from the metadata sample, parameter 11 is set as “0L” - if I
understand correctly that equals 0x00000000. <-that is a supersede.

The value for parameter 11 should be “0x00000001” or higher.

Matt

P.S. albeit I’m a little tanked and ready to crash, I can’t see my error
here… Perhaps I can’t count, but from what I see, the sample has
parameter
11 (CreateOptions) set to FILE_SUPERSEDE (which should be one up, under
createdisposition). Assuming your sober, perhaps you could
teach me how to count…

Matt,

metadata-sample provides 0 for CreateOptions, but FILE_SUPERSEDE ist
not for “CreateOptions” … it’s for “CreateDisposition”.

And for CreateDisposition" metadata-sample provides FILE_OPEN_IF or
FILE_OPEN.

“Matt” wrote news:xxxxx@ntfsd…
>> Matt wrote:
>>
>> 0x00000000 is FILE_SUPERSEDE in my reading. In my docs, this is not a
>> valid CreateOptions
>> for FltCreateFile.
>>
>> The metadata sample that sets create options to “0L” I believe is in
>> error…
>>
>> What does the rest of the community say about this? I’m a rookie, I
>> wouldn’t want to call this
>> a ‘bug’, I don’t feel I’m at that point yet; I’ll chalk this up to my
>> ‘fuzzy logic’ (like my ‘fuzzy math’).
>>
>> Matt
>>
>>
>>> xxxxx@hotmail.com wrote:
>>>
>>> Hummmmm, just looking at that sample that you pointed out.
>>>
>>> From what I see that sample puts a LONG in an ULONG, not to big of a
>>> deal, but shouldn’t non-
>>> theless. Secondly, while looking for the definitions for the
>>> possible options for CreateOptions I
>>> see this:
>>>
>>> /* NT Create CreateOptions bits */
>>> #define FILE_DIRECTORY_FILE (0x00000001)
>>> #define FILE_WRITE_THROUGH (0x00000002)
>>> #define FILE_SEQUENTIAL_ONLY (0x00000004)
>>> #define FILE_NON_DIRECTORY_FILE (0x00000040)
>>> #define FILE_NO_EA_KNOWLEDGE (0x00000200)
>>> #define FILE_EIGHT_DOT_THREE_ONLY (0x00000400)
>>> #define FILE_RANDOM_ACCESS (0x00000800)
>>> #define FILE_DELETE_ON_CLOSE (0x00001000)
>>>
>>> None of these would equal “0L”.
>>>
>>> Then again, even as screwy as that sample code looks to me, I’m busy
>>> and don’t have time to think about it to much.
>>> Why can’t you just play with the flags and see what works. That
>>> would of taken 5 mins…
>>>
>>> Googling for working code takes 0.3 seconds…
>>>
>>> Good luck to you, but that sample looks a little weird to me…
>>>
>>> Matt
>>>
>>>
>>>> your attension is not the key.
>>>> the code you attensioned is from the sample minifilter
>>>> metadatamanager.
>>>> —
>>>> NTFSD is sponsored by OSR
>>>>
>>>> For our schedule debugging and file system seminars
>>>> (including our new fs mini-filter seminar) visit:
>>>> http://www.osr.com/seminars
>>>>
>>>> You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
>>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>>
>>>>
>>>
>>>
>>> —
>>> NTFSD is sponsored by OSR
>>>
>>> For our schedule debugging and file system seminars
>>> (including our new fs mini-filter seminar) visit:
>>> http://www.osr.com/seminars
>>>
>>> You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>
>>
>>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

I think FILE_SUPERSEDE can not be seen in the context of “CreateOptions”.
Zero for “CreateOptions” just means: “take no special options, that would
narrow my create operation”.

And maybe that’s the problem which op sees here. I would try to carry over
as much narrowing options as possible from the original create request to my
forwarding FltCreateFile. Just my two cents.

“Matt” wrote news:xxxxx@ntfsd…
> frank wrote:
>
> That is where I’m confused. Look at (from the metadata sample):
>
>
> status = FltCreateFile( Globals.Filter,
> InstanceContext->Instance,
> &InstanceContext->MetadataHandle,
> FILE_ALL_ACCESS,
> &objectAttributes,
> &ioStatus,
> (PLARGE_INTEGER) NULL,
> FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN,
> FILE_SHARE_READ,
> (CreateIfNotPresent ? FILE_OPEN_IF :
> FILE_OPEN),
> 0L,
> NULL,
> 0L,
> 0 );
>
> The 11th parameter is CreateOptions. I understand FILE_SUPERSEDE is for
> “CreateDisposition” (like you said). However, in the above
> paste from the metadata sample, parameter 11 is set as “0L” - if I
> understand correctly that equals 0x00000000. <-that is a supersede.
>
> The value for parameter 11 should be “0x00000001” or higher.
>
> Matt
>
> P.S. albeit I’m a little tanked and ready to crash, I can’t see my error
> here… Perhaps I can’t count, but from what I see, the sample has
> parameter
> 11 (CreateOptions) set to FILE_SUPERSEDE (which should be one up, under
> createdisposition). Assuming your sober, perhaps you could
> teach me how to count…
>
>> Matt,
>>
>> metadata-sample provides 0 for CreateOptions, but FILE_SUPERSEDE ist not
>> for “CreateOptions” … it’s for “CreateDisposition”.
>>
>> And for CreateDisposition" metadata-sample provides FILE_OPEN_IF or
>> FILE_OPEN.
>>
>>
>>
>>
>>
>> “Matt” wrote news:xxxxx@ntfsd…
>>> Matt wrote:
>>>
>>> 0x00000000 is FILE_SUPERSEDE in my reading. In my docs, this is not a
>>> valid CreateOptions
>>> for FltCreateFile.
>>>
>>> The metadata sample that sets create options to “0L” I believe is in
>>> error…
>>>
>>> What does the rest of the community say about this? I’m a rookie, I
>>> wouldn’t want to call this
>>> a ‘bug’, I don’t feel I’m at that point yet; I’ll chalk this up to my
>>> ‘fuzzy logic’ (like my ‘fuzzy math’).
>>>
>>> Matt
>>>
>>>
>>>> xxxxx@hotmail.com wrote:
>>>>
>>>> Hummmmm, just looking at that sample that you pointed out.
>>>>
>>>> From what I see that sample puts a LONG in an ULONG, not to big of a
>>>> deal, but shouldn’t non-
>>>> theless. Secondly, while looking for the definitions for the possible
>>>> options for CreateOptions I
>>>> see this:
>>>>
>>>> /* NT Create CreateOptions bits */
>>>> #define FILE_DIRECTORY_FILE (0x00000001)
>>>> #define FILE_WRITE_THROUGH (0x00000002)
>>>> #define FILE_SEQUENTIAL_ONLY (0x00000004)
>>>> #define FILE_NON_DIRECTORY_FILE (0x00000040)
>>>> #define FILE_NO_EA_KNOWLEDGE (0x00000200)
>>>> #define FILE_EIGHT_DOT_THREE_ONLY (0x00000400)
>>>> #define FILE_RANDOM_ACCESS (0x00000800)
>>>> #define FILE_DELETE_ON_CLOSE (0x00001000)
>>>>
>>>> None of these would equal “0L”.
>>>>
>>>> Then again, even as screwy as that sample code looks to me, I’m busy
>>>> and don’t have time to think about it to much.
>>>> Why can’t you just play with the flags and see what works. That would
>>>> of taken 5 mins…
>>>>
>>>> Googling for working code takes 0.3 seconds…
>>>>
>>>> Good luck to you, but that sample looks a little weird to me…
>>>>
>>>> Matt
>>>>
>>>>
>>>>> your attension is not the key.
>>>>> the code you attensioned is from the sample minifilter
>>>>> metadatamanager.
>>>>> —
>>>>> NTFSD is sponsored by OSR
>>>>>
>>>>> For our schedule debugging and file system seminars
>>>>> (including our new fs mini-filter seminar) visit:
>>>>> http://www.osr.com/seminars
>>>>>
>>>>> You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
>>>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>>>
>>>>>
>>>>
>>>>
>>>> —
>>>> NTFSD is sponsored by OSR
>>>>
>>>> For our schedule debugging and file system seminars
>>>> (including our new fs mini-filter seminar) visit:
>>>> http://www.osr.com/seminars
>>>>
>>>> You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
>>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>>
>>>
>>>
>>
>>
>> —
>> NTFSD is sponsored by OSR
>>
>> For our schedule debugging and file system seminars
>> (including our new fs mini-filter seminar) visit:
>> http://www.osr.com/seminars
>>
>> You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
>

frank wrote:

I would try to carry over as much narrowing options as possible from
the original create request to my forwarding FltCreateFile. Just my
two cents.
Lets try not to be too logical here…

Matt

CreateOptions are flags so 0 means no flag(s).

-bg

Did you try to analyze where it hangs. Use !stacks to dump all threads which are currently in kernel. Then you can use !thread [ethread] to dump thread stack or .thread [ethread] to switch to thread context so you can inspect stack variables. There is also !locks command, but IIRC you have to allow deadlock detection in Driver Verifier or GFlags.

-bg

I would also check that InstanceContext->Instance is not NULL so you are sending create to the next lower device/or mini-filter. In other case it goes to the top of device stack.

-bg

First,Matt is wrong.0 just means no special flags,OK?
And second,this problem is very strange,I have do this test in 3 ways and analyze it(by windbg).
please see:
hanged in IopParseDevice because my IoCreateFileSpecifyDeviceObjectHint
http://www.osronline.com/showThread.cfm?link=123469

hang!CompletionRoutine never been called
http://www.osronline.com/showThread.cfm?link=124006

I have to ask, what does the CreateOptions parameter mean when set to
zero? The one that answered that
stated ‘0’ means NO create options are specified. I hesitate because I
don’t see this documented anywhere,
not even under related functions. I do see ‘0’ specified elsewhere for
that parameter,
but the doc’s I’m looking at do not specify this option nor do they
state this parameter is optional.

Whenever I’ve read a file in a filter, I’ve used the existing FO or
specify flags here during the create. I have a tendancy to follow the docs
as I read them. In this case I see that ZwCreatefile, IoCreateFile,
FltCreateFile, and IoSpecify all use the same flags
for CreateOptions. ‘0’ is not a defined value in the docs.

Matt

>Whenever I’ve read a file in a filter, I’ve used the existing FO or

specify flags here during the create. I have a tendancy to follow the docs
as I read them. In this case I see that ZwCreatefile, IoCreateFile,
FltCreateFile, and IoSpecify all use the same flags
for CreateOptions. ‘0’ is not a defined value in the docs.

ZERO as a CreateOptions value simply means NONE OF THE ABOVE.
Look at the Create/Open Options that are documented and think
about wanting to open a file without any of these special
handlings. ZERO simply means take the defaults.

Also, the documentation always seems to be a bit brief
in the Windows programming arena. If you are getting
everything you do strictly from what the documentation
says versus what may be implied, you are going to have
trouble with Windows programming in general, much less
with driver level stuff.

I typically find some API that does what I think I want
to do. I then try to figure out from the docs how to
properly call it. Then I write a test piece of software,
if I have any uncertainty, so that I can try various options
to figure out exactly how it works so I know the next time
what to do.

Rick…

xxxxx@rdperf.com wrote:

> Whenever I’ve read a file in a filter, I’ve used the existing FO or
> specify flags here during the create. I have a tendancy to follow the docs
> as I read them. In this case I see that ZwCreatefile, IoCreateFile,
> FltCreateFile, and IoSpecify all use the same flags
> for CreateOptions. ‘0’ is not a defined value in the docs.
>

ZERO as a CreateOptions value simply means NONE OF THE ABOVE.

So it should be documented if used in any sample code. Still not seeing
that in Fat… Then
again I’ve only viewed a few functions (under a 1000 lines so far).

Look at the Create/Open Options that are documented and think
about wanting to open a file without any of these special
handlings. ZERO simply means take the defaults.

When I look at fast fat, I see:
CreateDisposition = (Options >> 24) & 0x000000ff;

Also, the documentation always seems to be a bit brief
in the Windows programming arena.
Actually I think the documentation (minus source) is damn good compared to
other OS’s. I can only think of a few areas where it truly sucks.
If you are getting
everything you do strictly from what the documentation
says versus what may be implied,
That is an interesting statement. To paraphrase Lyndon from a few years
ago,
“interpreting the documentation is an art form”.
you are going to have
trouble with Windows programming in general
True, I have trouble with all languages and technologies. Sometimes I have
trouble with VB5-6, C or C++, or Delphi, or vb.net, or C#, or Java, or
ASP, or PHP, or Cold Fusion,
or JS, or VBS, or Real Basic. Hell, I even sometimes have trouble with
CSS or my SQL statements.

I don’t deny having trouble sometimes, I can only remember so much.

, much less
with driver level stuff.

And who doesn’t, I guess drivers are easy for you.

I typically find some API that does what I think I want
to do. I then try to figure out from the docs how to
properly call it.
Fine, but the samples are using a parameter not defined in the docs.
From viewing
the headers and docs, “0” is not specified as valid here. Still have
several million
lines to read in order to understand what is happening what going on.
Then I write a test piece of software,

I have done this, using the relevant code from fast fat in Visual Studio
to inspect
the bit-ness of this. I must have an error, the 24 bit right shift
AND’ed with
0x0000000ff leaves me with an invalid value everytime (i need to fix
this test and
figure out what I’ve done wrong, not matching anything in the headers).

if I have any uncertainty, so that I can try various options
to figure out exactly how it works so I know the next time
what to do.

Been doing this, and will continue.

Rick…

---

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com