SOS IRP_MJ_DIRECTORY_CONTROL

OSR_Community_User · May 13, 2003, 10:41am

Hi All,

I want to hide a file called “song” from listing in explorer.

The following code fragment I am including in the completion routine of
IRP_MJ_DIRECTORY_CONTROL for the same purpose, it is working perfectly in
case the returned UserBuffer contains the file in between. i.e. if the
buffer contains information about say five files then if my file (song) is
the last one in list of five files of the buffer, then this module doesn’t
work.

The logic used is to simply move memory in case of matches found,(I have
used the RtlMoveMemory to move memory) and decrease the length of
information returned(Irp->IoStatus.Information).
If the last item is the file to be hidden then I am only decreasing the
length of the user buffer.
Its not working please help.

MOST OF THE CODE, I HAVE TAKEN FOR THIS MODULE IS FROM AN EARLIER QUESTION
POSTED BY Mr. Lindong Xie. THANKS Mr. Lindong…

VOID
SpyLogIrpCompletion (
IN PIRP Irp,
OUT PRECORD_LIST RecordList
)
{

// IN CASE IRP_MJ_DIRECTORY_CONTROL

DbgPrint( “Entered IRP_MJ_DC listing\n”);
if(pIrpStack->MinorFunction == IRP_MN_QUERY_DIRECTORY &&
pIrpStack->Parameters.QueryDirectory.FileInformationClass ==
FileBothDirectoryInformation)
{
PFILE_BOTH_DIR_INFORMATION QueryBuffer = NULL;
ULONG offset = 0;
ULONG prevOffset = 0;
ULONG bufferLength = pIrpStack->Parameters.QueryFile.Length;
ULONG currentPosition = 0;
ULONG NewLength = 0;
WCHAR fileNameToRemove = L"song";
PUCHAR startEntryToRemove = NULL;
PUCHAR startNextEntry = NULL;

NewLength = bufferLength;
DbgPrint( “Entered IRP_MN_QD listing\n”);
QueryBuffer = (PFILE_BOTH_DIR_INFORMATION) Irp->UserBuffer;
if( QueryBuffer->NextEntryOffset > bufferLength ) return;
do {
offset = QueryBuffer->NextEntryOffset;
DbgPrint( “HookRoutine : QUERY_DIR : TestH - %ws******%lu
\n”, QueryBuffer->FileName, QueryBuffer->FileNameLength );
if( wcsncmp(QueryBuffer->FileName, fileNameToRemove, 4 ) == 0
)
{
DbgPrint( “Comparisions Done LALIT\n”); startEntryToRemove =
(PUCHAR) QueryBuffer;
startNextEntry = (PUCHAR) QueryBuffer + offset;
if(offset == 0) // The case when the last element contains the file to
be made hidden
{
NewLength -= prevOffset;
}
else
{
RtlMoveMemory( startEntryToRemove, startNextEntry, bufferLength -
currentPosition - offset );
NewLength -= offset;
}
//if(offset != 0)
break; //No further comparisions needed, dir have unique file names
}
currentPosition += offset;
QueryBuffer = (PFILE_BOTH_DIR_INFORMATION) ( (PUCHAR) QueryBuffer +
offset );
prevOffset = offset;
} while( offset != 0 );
pIrpStack->Parameters.NotifyDirectory.Length = NewLength;
pIrpStack->Parameters.QueryDirectory.Length = NewLength;
if(NewLength == bufferLength)
DbgPrint(“*************Equal*************”);
Irp->IoStatus.Information = NewLength;
DbgPrint(“**************************************************************”);

}
}

Thanks
Lalit.

OSR_Community_User · May 13, 2003, 11:10am

Hi,

If you are going to remove the last entry, in addition to decreasing
the Information field you have to modify NextEntryOffset field in
the previous entry (set it to 0).

Leonid.

“Lalit S. Rana” wrote in message news:xxxxx@ntfsd…
>
> Hi All,
>
> I want to hide a file called “song” from listing in explorer.
>
> The following code fragment I am including in the completion routine of
> IRP_MJ_DIRECTORY_CONTROL for the same purpose, it is working perfectly in
> case the returned UserBuffer contains the file in between. i.e. if the
> buffer contains information about say five files then if my file (song) is
> the last one in list of five files of the buffer, then this module doesn’t
> work.
>
> The logic used is to simply move memory in case of matches found,(I have
> used the RtlMoveMemory to move memory) and decrease the length of
> information returned(Irp->IoStatus.Information).
> If the last item is the file to be hidden then I am only decreasing the
> length of the user buffer.
> Its not working please help.
>
>
> MOST OF THE CODE, I HAVE TAKEN FOR THIS MODULE IS FROM AN EARLIER QUESTION
> POSTED BY Mr. Lindong Xie. THANKS Mr. Lindong…
>
>
> VOID
> SpyLogIrpCompletion (
> IN PIRP Irp,
> OUT PRECORD_LIST RecordList
> )
> {
>
> // IN CASE IRP_MJ_DIRECTORY_CONTROL
>
> DbgPrint( “Entered IRP_MJ_DC listing\n”);
> if(pIrpStack->MinorFunction == IRP_MN_QUERY_DIRECTORY &&
> pIrpStack->Parameters.QueryDirectory.FileInformationClass ==
> FileBothDirectoryInformation)
> {
> PFILE_BOTH_DIR_INFORMATION QueryBuffer = NULL;
> ULONG offset = 0;
> ULONG prevOffset = 0;
> ULONG bufferLength = pIrpStack->Parameters.QueryFile.Length;
> ULONG currentPosition = 0;
> ULONG NewLength = 0;
> WCHAR fileNameToRemove = L"song";
> PUCHAR startEntryToRemove = NULL;
> PUCHAR startNextEntry = NULL;
>
> NewLength = bufferLength;
> DbgPrint( “Entered IRP_MN_QD listing\n”);
> QueryBuffer = (PFILE_BOTH_DIR_INFORMATION) Irp->UserBuffer;
> if( QueryBuffer->NextEntryOffset > bufferLength ) return;
> do

> offset = QueryBuffer->NextEntryOffset;
> DbgPrint( “HookRoutine : QUERY_DIR : TestH - %ws******%lu
> \n”, QueryBuffer->FileName, QueryBuffer->FileNameLength );
> if( wcsncmp(QueryBuffer->FileName, fileNameToRemove, 4 ) == 0
> )
>

> DbgPrint( “Comparisions Done LALIT\n”); startEntryToRemove =
> (PUCHAR) QueryBuffer;
> startNextEntry = (PUCHAR) QueryBuffer + offset;
> if(offset == 0) // The case when the last element contains the file to
> be made hidden
> {
> NewLength -= prevOffset;
> }
> else
> {
> RtlMoveMemory( startEntryToRemove, startNextEntry, bufferLength -
> currentPosition - offset );
> NewLength -= offset;
> }
> file://if(offset != 0)
> break; file://No further comparisions needed, dir have unique file names
> }
> currentPosition += offset;
> QueryBuffer = (PFILE_BOTH_DIR_INFORMATION) ( (PUCHAR) QueryBuffer +
> offset );
> prevOffset = offset;
> } while( offset != 0 );
> pIrpStack->Parameters.NotifyDirectory.Length = NewLength;
> pIrpStack->Parameters.QueryDirectory.Length = NewLength;
> if(NewLength == bufferLength)
> DbgPrint(“Equal”);
> Irp->IoStatus.Information = NewLength;
>
DbgPrint(“**************************************************************”);
>
> }
> }
>
> Thanks
> Lalit.
>
>

Alexei_Jelvis-2 · May 13, 2003, 11:16am

>if(offset == 0) // The case when the last element contains the file to

be made hidden
{
NewLength -= prevOffset;
}

You need to set NextEntryOffset of the entry that became last to 0.

Alexei.

OSR_Community_User · May 14, 2003, 4:17am

> MOST OF THE CODE, I HAVE TAKEN FOR THIS MODULE IS FROM AN EARLIER QUESTION

POSTED BY Mr. Lindong Xie. THANKS Mr. Lindong…

If you check the archive, you will see that Mr. Lindong code has done a
copy&paste of the code I posted. So most of the code is from the original
code posted by me. Just in case you needed to thank someone…

Regards,
Razvan

OSR_Community_User · May 14, 2003, 4:47am

Thank You,
Leonid and Alexie.
With your suggestion code is working perfectly.
Lalit.

OSR_Community_User · May 14, 2003, 4:53am

Thanks Razvan,

Your code really helped a lot.
Thank you all in the group for helping me out in filter driver
development. It has been about 2 weeks I started with driver development
and because of you people and timely help I am able to learn a lot.

Thanks
Lalit