streamfileobject's problem

I am developing a file system filter driver,The basic method is when I receive a irp_mj_create irp,Create a streamfileobject,Replace the fileobject in the irp stack location,Then Forward the irp,Check file when it completed successfully,If I want filter this file,Create my own private FCB,Copy some filed From streamfileobject’s FCB(such as file size infomation)and then set it to original fileobject’s FCB,Complete irp and return to IO Manager.When I receive read,write or other operation on the original fileobject ,I replace fileobject in the irp stack location with streamobject,Then Forward the irp.Normally it will work,But some time I noticed some applicetion’s write operation changes, Example excel write file from 0 offset but without my filter driver it will from 512 offset(I used a same file to save as another file to test this),I don’t know what cause this problem!Is there some process I missed in my create routine?

Hi,All
Any body knows?Please give me some suggestion!
thanks.
G

C’mon G.

You asked at 9:33 BST, in a group that is supported on people’s best wishes
and then whined at 15:11BST

  1. Some people only read this once a day
  2. That window of time is outside working hours for a huge tract of people.
    Like anyone east of Mountain time and west of Siganpore.

To answer your question: I dunno - but

  1. Are you setting up FileObject->SectionObjectPointers correctly? What is
    thde definition of correctly?
  2. What are you doing abou the length fields in FileObject->FsContext?
  3. How do you know that Excel is asking at the wrong offset?
  4. Does this work in passthrough mode (where all you do is swap the file
    objects but leave everything else intact)
  5. Oh yes, what function are you using to create your stream file object.
    It matters. Which (if any) device object are you using?
  6. And are you doing the correct thing with IRP_MJ_CLEANUP.

It sounds as though you are doing a layered file system. This is reasonable
thing to do, but it is a quite a lot of work (I’d say as much as a FSD, but
with the added cost of a panful lower edge - just like minifilters). On the
plus side a lot of things become soooo much easier.

R

wrote in message news:xxxxx@ntfsd…
> Hi,All
> Any body knows?Please give me some suggestion!
> thanks.
> G
>

> Like anyone east of Mountain time and west of Siganpore.

I mean West of Mountain and East of Signapore, but you knew that…

Thank your reply,Rod widdowson!

  1. Are you setting up FileObject->SectionObjectPointers correctly? What is
    thde definition of correctly?
    I have allocate NonPagedPool memory for struct SECTION_OBJECT_POINTERS,set DataSectionObject = NULL,
    SharedCacheMap = NULL,ImageSectionObject = NULL.
  2. What are you doing abou the length fields in FileObject->FsContext?
    If file was Created,the length was copied from low streamfileobject’s FCB .
  3. How do you know that Excel is asking at the wrong offset?
    I have traced Excel with ProcessMonitor,the same file it’s behave(write offset and length) was different.
  4. Does this work in passthrough mode (where all you do is swap the file
    objects but leave everything else intact)
    Normally it will work,but Excel’s behave changed yet.
  5. Oh yes, what function are you using to create your stream file object.
    It matters. Which (if any) device object are you using?
    I created stream file object like this:
    MyFileObject = IoCreateStreamFileObjectLite(FileObject, NULL); set FileName field and set flag like this :
    MyFileObject->Flags = FileObject->Flags & ~(FO_STREAM_FILE | FO_HANDLE_CREATED | FO_CLEANUP_COMPLETE);
    Initialize Event field:
    KeInitializeEvent(&MyFileObject->Lock, SynchronizationEvent, FALSE);
    KeInitializeEvent(&MyFileObject->Event, NotificationEvent, FALSE);
    then do like this:
    IrpSp->FileObject = MyFileObject;
    IoCopyCurrentIrpStackLocationToNext(Irp);
    IoSetCompletionRoutine(Irp, SecFSPreCreateCompletion, &MyFileObject->Event, TRUE, TRUE, TRUE);
    Status = IoCallDriver(DevExt->AttachedToDeviceObject, Irp);
  6. And are you doing the correct thing with IRP_MJ_CLEANUP.
    I UninitializeCacheMap for FileObject(only used it’s cache),forward cleanup with stream file object.

G.

I’m not sure I understand your architecture but here we go…

  1. Are you setting up FileObject->SectionObjectPointers correctly? What
    is
    thde definition of correctly?
    I have allocate NonPagedPool memory for struct SECTION_OBJECT_POINTERS,set
    DataSectionObject = NULL,
    SharedCacheMap = NULL,ImageSectionObject = NULL.

and the SOP is in your FCB?

  1. What are you doing abou the length fields in FileObject->FsContext?
    If file was Created,the length was copied from low streamfileobject’s FCB
    .

And you are tracking the size changes in the header and telling the
cachemanager when they change as appropriate… fair enough…

  1. How do you know that Excel is asking at the wrong offset?
    I have traced Excel with ProcessMonitor,the same file it’s behave(write
    offset and length) was different.

So its not the the offset is necesasarily wrong - it’s different. Is that
the first difference you see? (no oplocking, no byte range locking, nothing
like that?) This is what you have to tease at - work out when the first
difference happens and from that try to work out what part of your behavior
isn’t the same as the native FSDs.

  1. Does this work in passthrough mode (where all you do is swap the file
    objects but leave everything else intact)
    Normally it will work,but Excel’s behave changed yet.

And in *that* case are you handling or not handling caching? Thats what I
really don’t understand it sounds as though you are handling caching, but
you are then passing the cache reads and writes to the FSD. This is
confusing me…

  1. Oh yes, what function are you using to create your stream file object.
    It matters. Which (if any) device object are you using?
    I created stream file object like this:
    MyFileObject = IoCreateStreamFileObjectLite(FileObject, NULL); set
    FileName field and set flag like this :

I’m a bit worried that your device object isn’t anywhere there. Again, I’m
not sure I see how you are distinguishing your device stack from the FSD’s
device stack. You have two file object, both pointing to the FSD below you
but you ‘own’ the top one. Unless you take great care you are going to get
all sorts of confusions here…

By the way, do the reference counts “just work”? What about all the odd
close cases? What about PnP? (oh yes, and some FSDs use FsContext/FsContext2
as hidden parameters to create, so watch out for that)

MyFileObject->Flags = FileObject->Flags & ~(FO_STREAM_FILE |
FO_HANDLE_CREATED | FO_CLEANUP_COMPLETE);

Jusrt FMI - why do you clear these three flags?

IrpSp->FileObject = MyFileObject;
IoCopyCurrentIrpStackLocationToNext(Irp);
IoSetCompletionRoutine(Irp, SecFSPreCreateCompletion,
&MyFileObject->Event, TRUE, TRUE, TRUE);
Status = IoCallDriver(DevExt->AttachedToDeviceObject, Irp);

I think you will fail under stress like this. There is nothing stopping you
having torn down the FsContext2 associated with the upper file object by the
time you get the completion function returned.

Good luck!

Thanks your reply again,Rod widdowson!
I have found the problem was caused by my process of CurrentByteOffset incorretly today.

MyFileObject->Flags = FileObject->Flags & ~(FO_STREAM_FILE |
FO_HANDLE_CREATED | FO_CLEANUP_COMPLETE);

Jusrt FMI - why do you clear these three flags?
Because NTFS failed my request!

I think you will fail under stress like this. There is nothing stopping you
having torn down the FsContext2 associated with the upper file object by the
time you get the completion function returned.
FsContext2 in my upper file object is NULL.

thanks you very much.
G