Hi all,
May be you’ll be laughing, but I wanna get the answer:
when filter does the following in its hooking routine -
// lines from filemon sample
WCHAR filename = L"\DosDevices\A:\";
…
RtlInitUnicodeString( &fileNameUnicodeString, filename );
InitializeObjectAttributes( &objectAttributes,&fileNameUnicodeString,…
ntStatus = ZwCreateFile( &ntFileHandle,SYNCHRONIZE|FILE_ANY_ACCESS,…
…
ntStatus = IoCreateDevice( DriverObject,… &hookDevice );
ntStatus = IoAttachDeviceByPointer( hookDevice, fileSysDevice );
it sets the hook on the whole drive as a file object.
Then, if I change in this routine var filename to L"\DosDevices\C:\Dir1\Dir2\"
and run the driver, what I’ll be hooking - this directory only? And
all other requests will never be passed through filter?
If it is so, can anybody answer me, why sometimes after the OS
reloading with my filter and GUI running, I get the system
message on OS loading after user-password authentification that my
users configuration was not found and system loads the default
configuration with default desktop shortcuts and Hello window?
No any BSODs while shutting down, no error messages… I do not even
touch the windows directory files from drv (may be several reads from
registry).
Can anyone explain this or show me the way to catch the annoying error
Best regards,
Perm mailto:xxxxx@perm.raid.ru
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com