Hi everyone,
A question here re. the legacy world (in this case, w2k before sp4 rollup1).
The FileSpy routine SpyIsAttachedToDeviceW2K has the comment
Note: For this routine to operate safely, the caller must ensure two
things:
* the DeviceObject is the base file system’s device object and therefore
is at the bottom of the file system stack
* this device stack won’t be going away while we walk up this stack. If
we currently have a file object open for this device stack or we are
in the process of mounting this device, this guarantee is satisfied.
#2 is fairly obvious, but I wasn’t quite sure about #1. I can see you would want to start at the base FS DO to get *complete* results, but why is it required for safety?
(Is it more that if you haven’t got a ref to the *base* then the system *may* start taking down the stack during this routine? Which would make point #1 a variation on #2).
Any wise words / illuminating factoids gratefully received, as ever.
>I can see you would want to start at the base FS DO to get *complete*
results, but why is it required for safety? Is it more that if you >haven’t
got a ref to the *base* then the system *may* start taking down the stack
during this routine? Which would make point #1 a >variation on #2
My best guess is that this is more just about getting correct results, I
can’t think what this would have to do for safety.
While the idea that you need a reference on the base device object sounds
plausible, the old samples use IoGetBaseFileSystemDeviceObject to get the FS
device object from the file object. This routine doesn’t actually add a
reference to the base device object (you need IoGetDeviceAttachmentBaseRef
for that, which came later), so the samples aren’t putting a reference on
that base device anyway.
-scott
–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@ntfsd…
Hi everyone,
A question here re. the legacy world (in this case, w2k before sp4 rollup1).
The FileSpy routine SpyIsAttachedToDeviceW2K has the comment
Note: For this routine to operate safely, the caller must ensure two
things:
* the DeviceObject is the base file system’s device object and
therefore
is at the bottom of the file system stack
* this device stack won’t be going away while we walk up this stack.
If
we currently have a file object open for this device stack or we are
in the process of mounting this device, this guarantee is satisfied.
#2 is fairly obvious, but I wasn’t quite sure about #1. I can see you would
want to start at the base FS DO to get *complete* results, but why is it
required for safety?
(Is it more that if you haven’t got a ref to the *base* then the system
*may* start taking down the stack during this routine? Which would make
point #1 a variation on #2).
Any wise words / illuminating factoids gratefully received, as ever.
Thanks Scott. Well of course the samples aren’t always 100% perfect (I tried running filespy through PreFAST recently…!) - which means one always has to check…