Size of buffer in IRP_MJ_DIRECTORY_CONTROL/IRP_MN_QUERY_DIRECTORY

OSR_Community_User · November 4, 2010, 1:20pm

Hello,

In theory, the size of the buffer in a directory listing operation can
be arbitrary, right?

Is there a usual size this buffer comes in? Who chooses this size, the
OS or the application issuing the directory listing operation?

Thanks you.

–
Thanos Makatos
Junior Engineer
Storage Systems Research Group - Computer Science Department
Barcelona Supercomputing Center - Centro Nacional de Supercomputación
http://www.bsc.es/StorageSystems

WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.

http://www.bsc.es/disclaimer.htm

OSR_Community_User · November 4, 2010, 6:30pm

The size of the buffer is chosen by the application.

For example, it appears the Win32 layer chooses a buffer that is large enough to contain the entire first entry for the first call and then subsequent calls pass in a larger buffer. That first call (from Win32) is marked SL_RETURN_SINGLE_ENTRY and subsequent calls are not. Of course, this is based upon my recollection of observed behavior. This is subject to change over time and from release to release.

You can write your own application to test this (and I encourage you to do so, since it’s a much more controlled environment in that way.) Many years ago I wrote a series of tests that poked at the various edge conditions to look at the behavior - it was an interesting experience as I recall.

Tony
OSR

Alex_Carp · November 4, 2010, 7:06pm

The only thing I’d like to add is that in win7 there is this flag:
FIND_FIRST_EX_LARGE_FETCH which is somewhat related to your question…

Thanks,
Alex.

Scott_Noone_OSR · November 4, 2010, 7:33pm

> In theory, the size of the buffer in a directory listing operation can be

arbitrary, right?

Absolutely.

Is there a usual size this buffer comes in? Who chooses this size, the OS
or the application issuing the directory listing operation?

Most applications use FindFirstFile/FindNextFile, so the size would be
chosen as an implementation detail of those APIs. ZwQueryDirectoryFile is
documented though, so any application could call the native API directly an
supply whatever buffer size they want. Drivers can also call this API or
build an IRP directly.

So, in the end, the buffer size is completely arbitrary.

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Thanos Makatos” wrote in message
news:xxxxx@ntfsd…
> Hello,
>
> In theory, the size of the buffer in a directory listing operation can be
> arbitrary, right?
>
> Is there a usual size this buffer comes in? Who chooses this size, the OS
> or the application issuing the directory listing operation?
>
> Thanks you.
>
> –
> Thanos Makatos
> Junior Engineer
> Storage Systems Research Group - Computer Science Department
> Barcelona Supercomputing Center - Centro Nacional de Supercomputación
> http://www.bsc.es/StorageSystems
>
> WARNING / LEGAL TEXT: This message is intended only for the use of the
> individual or entity to which it is addressed and may contain
> information which is privileged, confidential, proprietary, or exempt
> from disclosure under applicable law. If you are not the intended
> recipient or the person responsible for delivering the message to the
> intended recipient, you are strictly prohibited from disclosing,
> distributing, copying, or in any way using this message. If you have
> received this communication in error, please notify the sender and
> destroy and delete any copies you may have received.
>
> http://www.bsc.es/disclaimer.htm
>

OSR_Community_User · November 5, 2010, 6:19am

> In theory, the size of the buffer in a directory listing operation can

be arbitrary, right?

Yes.

Is there a usual size this buffer comes in? Who chooses this size

kernel32!FindFirstFileW code chooses.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

OSR_Community_User · November 19, 2010, 9:06am

On 05/11/2010 0:33, Scott Noone wrote:

> In theory, the size of the buffer in a directory listing operation can
> be arbitrary, right?

Absolutely.

> Is there a usual size this buffer comes in? Who chooses this size, the
> OS or the application issuing the directory listing operation?

Most applications use FindFirstFile/FindNextFile, so the size would be
chosen as an implementation detail of those APIs. ZwQueryDirectoryFile
is documented though, so any application could call the native API
directly an supply whatever buffer size they want. Drivers can also call
this API or build an IRP directly.

So, in the end, the buffer size is completely arbitrary.

Thank you for your replies.

Is there a way to specify the size of this buffer without breaking things?

For instance, I was wondering if I could set the
“Data->Iopb->Parameters.DirectoryControl.QueryDirectory.Length” to
anything in the pre-operation callback, and restore it at the post-op
callback, or ever replace the buffer in the
“Data->Iopb->Parameters.DirectoryControl.QueryDirectory.DirectoryBuffer”
at the pre-op and restore the original one at the post-op.

Would such a thing cause havoc to other mini-filters?

-scott

–
Thanos Makatos
Junior Engineer
Storage Systems Research Group - Computer Science Department
Barcelona Supercomputing Center - Centro Nacional de Supercomputación
http://www.bsc.es/StorageSystems

WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.

http://www.bsc.es/disclaimer.htm

Peter_Scott · November 19, 2010, 10:48am

On 11/19/2010 7:05 AM, Thanos Makatos wrote:

Thank you for your replies.

Is there a way to specify the size of this buffer without breaking things?

For instance, I was wondering if I could set the
“Data->Iopb->Parameters.DirectoryControl.QueryDirectory.Length” to
anything in the pre-operation callback, and restore it at the post-op
callback, or ever replace the buffer in the
“Data->Iopb->Parameters.DirectoryControl.QueryDirectory.DirectoryBuffer”
at the pre-op and restore the original one at the post-op.

You can change this length just make sure if you are increasing the
length that you re-allocate the buffer. You’ll need to swap out the
buffers on completion, moving over data, modifying the return length, etc.

Pete

–
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295