Why would a file stream suddenly stop?

OSR_Community_User · May 3, 2002, 1:48pm

First of all, I’d like to say thanks to all those who have contributed to
this board. It’s been a wealth of knowledge in the beginnings of trying
to write a filter driver. I’ve come up against a problem that has me a
bit bewildered right now though.

The filter driver I’m writing is to do encryption on the fly in certain
protected directories. Seems to be a lot of that here From all I’ve
read, I realize that I can’t just modify the data buffer being sent down
through the IRP, so this has been my tactic so far for the encryption side
of things:

1 - Catch the IRP_MJ_WRITE and determine whether or not this is in a
protected folder. If the folder isn’t protected, I just pass the IRP
along, otherwise, I keep going in my own process below.

2 - I need the correct file size, and the only way I could figure to find
that was to generate another IRP with major function
IRP_MJ_QUERY_INFORMATION. This seems to get me the proper file size.

3 - I then copy the data buffer from the original IRP into my own buffer,
and encrypt the portion of data necessary (just making sure not to go
beyone the end of the file as this seemed to cause problems).

4 - I then generate another IRP with major function IRP_MJ_WRITE. I point
the IRP to the encrypted data buffer, and then send it off.

My first question is am I going about this completely wrong? It seems to
work a great deal of the time, but I’m sure there will be situations that
call for something different.

My second question, and the reason for the post is this. I got the idea
from a post on here to try building projects with developer studio in a
protected folder. This sometimes works, and other times, the compiler
just hangs while compiling. It seems to always get stuck on the .pch
files. I see it merrily sending data to me in 64k packets which I encrypt
and keep passing along. Eventually, no more packets are sent in, yet the
file isn’t complete yet. Sometimes it makes it all the way through
several projects before hanging, but it always seems to be on the .pch
file where it stops. Anyone have any ideas what I could possibly be doing
wrong?

That’s about it for now… if anyone has any suggestions, or if you think
it’s just a bug in my code, I would really appreciate any input. Thanks
for your time!

Bill

OSR_Community_User · May 3, 2002, 2:07pm

Not so sure how safe it is to call the FSD to get the file size at a
raised IRQL. So for example, if you get a read or write at a raised IRQL
(paging IO), it is probably not a good idea to call and get the file
size. I suspect a dead-lock is just around the corner.

Take a look at fastfat and see if it has any restrictions when calling
to get the file size; i.e. something is happening in the routine that
would not be good to happen at a raised IRQL.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Champion
Sent: Friday, May 03, 2002 10:48 AM
To: File Systems Developers
Subject: [ntfsd] Why would a file stream suddenly stop?

First of all, I’d like to say thanks to all those who have contributed
to this board. It’s been a wealth of knowledge in the beginnings of
trying to write a filter driver. I’ve come up against a problem that
has me a bit bewildered right now though.

The filter driver I’m writing is to do encryption on the fly in certain
protected directories. Seems to be a lot of that here From all I’ve
read, I realize that I can’t just modify the data buffer being sent down
through the IRP, so this has been my tactic so far for the encryption
side of things:

1 - Catch the IRP_MJ_WRITE and determine whether or not this is in a
protected folder. If the folder isn’t protected, I just pass the IRP
along, otherwise, I keep going in my own process below.

2 - I need the correct file size, and the only way I could figure to
find that was to generate another IRP with major function
IRP_MJ_QUERY_INFORMATION. This seems to get me the proper file size.

3 - I then copy the data buffer from the original IRP into my own
buffer, and encrypt the portion of data necessary (just making sure not
to go beyone the end of the file as this seemed to cause problems).

4 - I then generate another IRP with major function IRP_MJ_WRITE. I
point the IRP to the encrypted data buffer, and then send it off.

My first question is am I going about this completely wrong? It seems
to work a great deal of the time, but I’m sure there will be situations
that call for something different.

My second question, and the reason for the post is this. I got the idea
from a post on here to try building projects with developer studio in a
protected folder. This sometimes works, and other times, the compiler
just hangs while compiling. It seems to always get stuck on the .pch
files. I see it merrily sending data to me in 64k packets which I
encrypt and keep passing along. Eventually, no more packets are sent
in, yet the file isn’t complete yet. Sometimes it makes it all the way
through several projects before hanging, but it always seems to be on
the .pch file where it stops. Anyone have any ideas what I could
possibly be doing wrong?

That’s about it for now… if anyone has any suggestions, or if you
think it’s just a bug in my code, I would really appreciate any input.
Thanks for your time!

Bill

You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · May 3, 2002, 2:40pm

Jamey,

I appreciate your response. Unfortunately, I work for a company with a
legal team which is particularly petrified, and because of that, I wasn’t
allowed to sign the license agreement for the IFS kit. This is extremely
unfortunate because I’m stuck with very few resources. I’ve been looking
at the filemon code, and read through the NT FS internals book, so that’s
about all I have to go on so far. I hope to take the OSR seminar later
this year though.

If you or anyone else has any suggestions other than the way I’m querying
the file size, I would be happy to try something different. Or possibly
should I put the query in a worker thread? Just a thought…

Thanks,
Bill

Not so sure how safe it is to call the FSD to get the file size at a
raised IRQL. So for example, if you get a read or write at a raised IRQL
(paging IO), it is probably not a good idea to call and get the file
size. I suspect a dead-lock is just around the corner.

Take a look at fastfat and see if it has any restrictions when calling
to get the file size; i.e. something is happening in the routine that
would not be good to happen at a raised IRQL.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Champion
Sent: Friday, May 03, 2002 10:48 AM
To: File Systems Developers
Subject: [ntfsd] Why would a file stream suddenly stop?

First of all, I’d like to say thanks to all those who have contributed
to this board. It’s been a wealth of knowledge in the beginnings of
trying to write a filter driver. I’ve come up against a problem that
has me a bit bewildered right now though.

The filter driver I’m writing is to do encryption on the fly in certain
protected directories. Seems to be a lot of that here From all I’ve
read, I realize that I can’t just modify the data buffer being sent down
through the IRP, so this has been my tactic so far for the encryption
side of things:

1 - Catch the IRP_MJ_WRITE and determine whether or not this is in a
protected folder. If the folder isn’t protected, I just pass the IRP
along, otherwise, I keep going in my own process below.

2 - I need the correct file size, and the only way I could figure to
find that was to generate another IRP with major function
IRP_MJ_QUERY_INFORMATION. This seems to get me the proper file size.

3 - I then copy the data buffer from the original IRP into my own
buffer, and encrypt the portion of data necessary (just making sure not
to go beyone the end of the file as this seemed to cause problems).

4 - I then generate another IRP with major function IRP_MJ_WRITE. I
point the IRP to the encrypted data buffer, and then send it off.

My first question is am I going about this completely wrong? It seems
to work a great deal of the time, but I’m sure there will be situations
that call for something different.

My second question, and the reason for the post is this. I got the idea
from a post on here to try building projects with developer studio in a
protected folder. This sometimes works, and other times, the compiler
just hangs while compiling. It seems to always get stuck on the .pch
files. I see it merrily sending data to me in 64k packets which I
encrypt and keep passing along. Eventually, no more packets are sent
in, yet the file isn’t complete yet. Sometimes it makes it all the way
through several projects before hanging, but it always seems to be on
the .pch file where it stops. Anyone have any ideas what I could
possibly be doing wrong?

That’s about it for now… if anyone has any suggestions, or if you
think it’s just a bug in my code, I would really appreciate any input.
Thanks for your time!

Bill

You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · May 3, 2002, 3:23pm

Wow!

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Champion
Sent: Friday, May 03, 2002 11:40 AM
To: File Systems Developers
Subject: [ntfsd] RE: Why would a file stream suddenly stop?

Jamey,

I appreciate your response. Unfortunately, I work for a company with a
legal team which is particularly petrified, and because of that, I
wasn’t allowed to sign the license agreement for the IFS kit. This is
extremely unfortunate because I’m stuck with very few resources. I’ve
been looking at the filemon code, and read through the NT FS internals
book, so that’s about all I have to go on so far. I hope to take the
OSR seminar later this year though.

If you or anyone else has any suggestions other than the way I’m
querying the file size, I would be happy to try something different. Or
possibly should I put the query in a worker thread? Just a thought…

Thanks,
Bill

Not so sure how safe it is to call the FSD to get the file size at a
raised IRQL. So for example, if you get a read or write at a raised
IRQL (paging IO), it is probably not a good idea to call and get the
file size. I suspect a dead-lock is just around the corner.

Take a look at fastfat and see if it has any restrictions when calling

to get the file size; i.e. something is happening in the routine that
would not be good to happen at a raised IRQL.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Champion
Sent: Friday, May 03, 2002 10:48 AM
To: File Systems Developers
Subject: [ntfsd] Why would a file stream suddenly stop?

First of all, I’d like to say thanks to all those who have contributed

to this board. It’s been a wealth of knowledge in the beginnings of
trying to write a filter driver. I’ve come up against a problem that
has me a bit bewildered right now though.

The filter driver I’m writing is to do encryption on the fly in
certain protected directories. Seems to be a lot of that here
From all I’ve read, I realize that I can’t just modify the data buffer

being sent down through the IRP, so this has been my tactic so far for

the encryption side of things:

1 - Catch the IRP_MJ_WRITE and determine whether or not this is in a
protected folder. If the folder isn’t protected, I just pass the IRP
along, otherwise, I keep going in my own process below.

2 - I need the correct file size, and the only way I could figure to
find that was to generate another IRP with major function
IRP_MJ_QUERY_INFORMATION. This seems to get me the proper file size.

3 - I then copy the data buffer from the original IRP into my own
buffer, and encrypt the portion of data necessary (just making sure
not to go beyone the end of the file as this seemed to cause
problems).

4 - I then generate another IRP with major function IRP_MJ_WRITE. I
point the IRP to the encrypted data buffer, and then send it off.

My first question is am I going about this completely wrong? It seems

to work a great deal of the time, but I’m sure there will be
situations that call for something different.

My second question, and the reason for the post is this. I got the
idea from a post on here to try building projects with developer
studio in a protected folder. This sometimes works, and other times,
the compiler just hangs while compiling. It seems to always get stuck

on the .pch files. I see it merrily sending data to me in 64k packets

which I encrypt and keep passing along. Eventually, no more packets
are sent in, yet the file isn’t complete yet. Sometimes it makes it
all the way through several projects before hanging, but it always
seems to be on the .pch file where it stops. Anyone have any ideas
what I could possibly be doing wrong?

That’s about it for now… if anyone has any suggestions, or if you
think it’s just a bug in my code, I would really appreciate any input.

Thanks for your time!

Bill

You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
unsubscribe send a blank email to %%email.unsub%%

You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · May 3, 2002, 3:44pm

“I realize that I can’t just modify the data buffer being sent down through
the IRP”

Why not?

Brian Young

----- Original Message -----
From: “Bill Champion”
To: “File Systems Developers”
Sent: Friday, May 03, 2002 10:48 AM
Subject: [ntfsd] Why would a file stream suddenly stop?

> First of all, I’d like to say thanks to all those who have contributed to
> this board. It’s been a wealth of knowledge in the beginnings of trying
> to write a filter driver. I’ve come up against a problem that has me a
> bit bewildered right now though.
>
> The filter driver I’m writing is to do encryption on the fly in certain
> protected directories. Seems to be a lot of that here From all I’ve
> read, I realize that I can’t just modify the data buffer being sent down
> through the IRP, so this has been my tactic so far for the encryption side
> of things:
>
> 1 - Catch the IRP_MJ_WRITE and determine whether or not this is in a
> protected folder. If the folder isn’t protected, I just pass the IRP
> along, otherwise, I keep going in my own process below.
>
> 2 - I need the correct file size, and the only way I could figure to find
> that was to generate another IRP with major function
> IRP_MJ_QUERY_INFORMATION. This seems to get me the proper file size.
>
> 3 - I then copy the data buffer from the original IRP into my own buffer,
> and encrypt the portion of data necessary (just making sure not to go
> beyone the end of the file as this seemed to cause problems).
>
> 4 - I then generate another IRP with major function IRP_MJ_WRITE. I point
> the IRP to the encrypted data buffer, and then send it off.
>
> My first question is am I going about this completely wrong? It seems to
> work a great deal of the time, but I’m sure there will be situations that
> call for something different.
>
> My second question, and the reason for the post is this. I got the idea
> from a post on here to try building projects with developer studio in a
> protected folder. This sometimes works, and other times, the compiler
> just hangs while compiling. It seems to always get stuck on the .pch
> files. I see it merrily sending data to me in 64k packets which I encrypt
> and keep passing along. Eventually, no more packets are sent in, yet the
> file isn’t complete yet. Sometimes it makes it all the way through
> several projects before hanging, but it always seems to be on the .pch
> file where it stops. Anyone have any ideas what I could possibly be doing
> wrong?
>
> That’s about it for now… if anyone has any suggestions, or if you think
> it’s just a bug in my code, I would really appreciate any input. Thanks
> for your time!
>
> Bill
>
> —
> You are currently subscribed to ntfsd as: xxxxx@kinocode.com
> To unsubscribe send a blank email to %%email.unsub%%
>

OSR_Community_User · May 3, 2002, 3:58pm

Because you are modifying the user buffer to be encrypted. If the user
tries to use the buffer after sending down the write, it will be
encrypted in his program; not so good. You need to copy the buffer and
the encrypt the copy; not touching the user buffer.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Brian Young
Sent: Friday, May 03, 2002 2:45 PM
To: File Systems Developers
Subject: [ntfsd] Re: Why would a file stream suddenly stop?

“I realize that I can’t just modify the data buffer being sent down
through the IRP”

Why not?

Brian Young

----- Original Message -----
From: “Bill Champion”
To: “File Systems Developers”
Sent: Friday, May 03, 2002 10:48 AM
Subject: [ntfsd] Why would a file stream suddenly stop?

> First of all, I’d like to say thanks to all those who have contributed

> to this board. It’s been a wealth of knowledge in the beginnings of
> trying to write a filter driver. I’ve come up against a problem that
> has me a bit bewildered right now though.
>
> The filter driver I’m writing is to do encryption on the fly in
> certain protected directories. Seems to be a lot of that here
> From all I’ve read, I realize that I can’t just modify the data buffer

> being sent down through the IRP, so this has been my tactic so far for

> the encryption side of things:
>
> 1 - Catch the IRP_MJ_WRITE and determine whether or not this is in a
> protected folder. If the folder isn’t protected, I just pass the IRP
> along, otherwise, I keep going in my own process below.
>
> 2 - I need the correct file size, and the only way I could figure to
> find that was to generate another IRP with major function
> IRP_MJ_QUERY_INFORMATION. This seems to get me the proper file size.
>
> 3 - I then copy the data buffer from the original IRP into my own
> buffer, and encrypt the portion of data necessary (just making sure
> not to go beyone the end of the file as this seemed to cause
> problems).
>
> 4 - I then generate another IRP with major function IRP_MJ_WRITE. I
> point the IRP to the encrypted data buffer, and then send it off.
>
> My first question is am I going about this completely wrong? It seems

> to work a great deal of the time, but I’m sure there will be
> situations that call for something different.
>
> My second question, and the reason for the post is this. I got the
> idea from a post on here to try building projects with developer
> studio in a protected folder. This sometimes works, and other times,
> the compiler just hangs while compiling. It seems to always get stuck

> on the .pch files. I see it merrily sending data to me in 64k packets

> which I encrypt and keep passing along. Eventually, no more packets
> are sent in, yet the file isn’t complete yet. Sometimes it makes it
> all the way through several projects before hanging, but it always
> seems to be on the .pch file where it stops. Anyone have any ideas
> what I could possibly be doing wrong?
>
> That’s about it for now… if anyone has any suggestions, or if you
> think it’s just a bug in my code, I would really appreciate any input.

> Thanks for your time!
>
> Bill
>
> —
> You are currently subscribed to ntfsd as: xxxxx@kinocode.com To
> unsubscribe send a blank email to %%email.unsub%%
>

—
You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · May 3, 2002, 4:03pm

Couldn’t you copy the original data into the drivers memory, encrypt the
data in the buffer for the write to the disk, and set the completion routine
for when the write is complete. Then, when your completion routine is
called with the IRP, copy the original data back into the buffer for the
user? Or would this cause problems?

Brian Young

----- Original Message -----
From: “Jamey Kirby”
To: “File Systems Developers”
Sent: Friday, May 03, 2002 12:52 PM
Subject: [ntfsd] Re: Why would a file stream suddenly stop?

> Because you are modifying the user buffer to be encrypted. If the user
> tries to use the buffer after sending down the write, it will be
> encrypted in his program; not so good. You need to copy the buffer and
> the encrypt the copy; not touching the user buffer.
>
> Jamey
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Brian Young
> Sent: Friday, May 03, 2002 2:45 PM
> To: File Systems Developers
> Subject: [ntfsd] Re: Why would a file stream suddenly stop?
>
>
> “I realize that I can’t just modify the data buffer being sent down
> through the IRP”
>
> Why not?
>
> Brian Young
>
> ----- Original Message -----
> From: “Bill Champion”
> To: “File Systems Developers”
> Sent: Friday, May 03, 2002 10:48 AM
> Subject: [ntfsd] Why would a file stream suddenly stop?
>
>
> > First of all, I’d like to say thanks to all those who have contributed
>
> > to this board. It’s been a wealth of knowledge in the beginnings of
> > trying to write a filter driver. I’ve come up against a problem that
> > has me a bit bewildered right now though.
> >
> > The filter driver I’m writing is to do encryption on the fly in
> > certain protected directories. Seems to be a lot of that here
> > From all I’ve read, I realize that I can’t just modify the data buffer
>
> > being sent down through the IRP, so this has been my tactic so far for
>
> > the encryption side of things:
> >
> > 1 - Catch the IRP_MJ_WRITE and determine whether or not this is in a
> > protected folder. If the folder isn’t protected, I just pass the IRP
> > along, otherwise, I keep going in my own process below.
> >
> > 2 - I need the correct file size, and the only way I could figure to
> > find that was to generate another IRP with major function
> > IRP_MJ_QUERY_INFORMATION. This seems to get me the proper file size.
> >
> > 3 - I then copy the data buffer from the original IRP into my own
> > buffer, and encrypt the portion of data necessary (just making sure
> > not to go beyone the end of the file as this seemed to cause
> > problems).
> >
> > 4 - I then generate another IRP with major function IRP_MJ_WRITE. I
> > point the IRP to the encrypted data buffer, and then send it off.
> >
> > My first question is am I going about this completely wrong? It seems
>
> > to work a great deal of the time, but I’m sure there will be
> > situations that call for something different.
> >
> > My second question, and the reason for the post is this. I got the
> > idea from a post on here to try building projects with developer
> > studio in a protected folder. This sometimes works, and other times,
> > the compiler just hangs while compiling. It seems to always get stuck
>
> > on the .pch files. I see it merrily sending data to me in 64k packets
>
> > which I encrypt and keep passing along. Eventually, no more packets
> > are sent in, yet the file isn’t complete yet. Sometimes it makes it
> > all the way through several projects before hanging, but it always
> > seems to be on the .pch file where it stops. Anyone have any ideas
> > what I could possibly be doing wrong?
> >
> > That’s about it for now… if anyone has any suggestions, or if you
> > think it’s just a bug in my code, I would really appreciate any input.
>
> > Thanks for your time!
> >
> > Bill
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@kinocode.com To
> > unsubscribe send a blank email to %%email.unsub%%
> >
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
> unsubscribe send a blank email to %%email.unsub%%
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@kinocode.com
> To unsubscribe send a blank email to %%email.unsub%%
>

OSR_Community_User · May 3, 2002, 4:07pm

You are also not guaranteed write access to the buffer on IRP_MJ_WRITE.
This will bite you.

Ravi

-----Original Message-----
From: Jamey Kirby [mailto:xxxxx@storagecraft.com]
Sent: Friday, May 03, 2002 12:53 PM
To: File Systems Developers
Subject: [ntfsd] Re: Why would a file stream suddenly stop?

Because you are modifying the user buffer to be encrypted. If the user
tries to use the buffer after sending down the write, it will be
encrypted in his program; not so good. You need to copy the buffer and
the encrypt the copy; not touching the user buffer.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Brian Young
Sent: Friday, May 03, 2002 2:45 PM
To: File Systems Developers
Subject: [ntfsd] Re: Why would a file stream suddenly stop?

“I realize that I can’t just modify the data buffer being sent down
through the IRP”

Why not?

Brian Young

----- Original Message -----
From: “Bill Champion”
To: “File Systems Developers”
Sent: Friday, May 03, 2002 10:48 AM
Subject: [ntfsd] Why would a file stream suddenly stop?

> First of all, I’d like to say thanks to all those who have contributed

> to this board. It’s been a wealth of knowledge in the beginnings of
> trying to write a filter driver. I’ve come up against a problem that
> has me a bit bewildered right now though.
>
> The filter driver I’m writing is to do encryption on the fly in
> certain protected directories. Seems to be a lot of that here
> From all I’ve read, I realize that I can’t just modify the data buffer

> being sent down through the IRP, so this has been my tactic so far for

> the encryption side of things:
>
> 1 - Catch the IRP_MJ_WRITE and determine whether or not this is in a
> protected folder. If the folder isn’t protected, I just pass the IRP
> along, otherwise, I keep going in my own process below.
>
> 2 - I need the correct file size, and the only way I could figure to
> find that was to generate another IRP with major function
> IRP_MJ_QUERY_INFORMATION. This seems to get me the proper file size.
>
> 3 - I then copy the data buffer from the original IRP into my own
> buffer, and encrypt the portion of data necessary (just making sure
> not to go beyone the end of the file as this seemed to cause
> problems).
>
> 4 - I then generate another IRP with major function IRP_MJ_WRITE. I
> point the IRP to the encrypted data buffer, and then send it off.
>
> My first question is am I going about this completely wrong? It seems

> to work a great deal of the time, but I’m sure there will be
> situations that call for something different.
>
> My second question, and the reason for the post is this. I got the
> idea from a post on here to try building projects with developer
> studio in a protected folder. This sometimes works, and other times,
> the compiler just hangs while compiling. It seems to always get stuck

> on the .pch files. I see it merrily sending data to me in 64k packets

> which I encrypt and keep passing along. Eventually, no more packets
> are sent in, yet the file isn’t complete yet. Sometimes it makes it
> all the way through several projects before hanging, but it always
> seems to be on the .pch file where it stops. Anyone have any ideas
> what I could possibly be doing wrong?
>
> That’s about it for now… if anyone has any suggestions, or if you
> think it’s just a bug in my code, I would really appreciate any input.

> Thanks for your time!
>
> Bill
>
> —
> You are currently subscribed to ntfsd as: xxxxx@kinocode.com To
> unsubscribe send a blank email to %%email.unsub%%
>

—
You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
unsubscribe send a blank email to %%email.unsub%%

—
You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · May 3, 2002, 4:10pm

Sure, but the buffer should be allocated from the pool and not static in
the driver memory. Otherwise you will need ot put a spinlock around
access. Not so good either. It is just plain easier to allocate a
buffer, copy, encrypt and send own.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Brian Young
Sent: Friday, May 03, 2002 3:03 PM
To: File Systems Developers
Subject: [ntfsd] Re: Why would a file stream suddenly stop?

Couldn’t you copy the original data into the drivers memory, encrypt the
data in the buffer for the write to the disk, and set the completion
routine for when the write is complete. Then, when your completion
routine is called with the IRP, copy the original data back into the
buffer for the user? Or would this cause problems?

Brian Young

----- Original Message -----
From: “Jamey Kirby”
To: “File Systems Developers”
Sent: Friday, May 03, 2002 12:52 PM
Subject: [ntfsd] Re: Why would a file stream suddenly stop?

> Because you are modifying the user buffer to be encrypted. If the user

> tries to use the buffer after sending down the write, it will be
> encrypted in his program; not so good. You need to copy the buffer and

> the encrypt the copy; not touching the user buffer.
>
> Jamey
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Brian Young
> Sent: Friday, May 03, 2002 2:45 PM
> To: File Systems Developers
> Subject: [ntfsd] Re: Why would a file stream suddenly stop?
>
>
> “I realize that I can’t just modify the data buffer being sent down
> through the IRP”
>
> Why not?
>
> Brian Young
>
> ----- Original Message -----
> From: “Bill Champion”
> To: “File Systems Developers”
> Sent: Friday, May 03, 2002 10:48 AM
> Subject: [ntfsd] Why would a file stream suddenly stop?
>
>
> > First of all, I’d like to say thanks to all those who have
> > contributed
>
> > to this board. It’s been a wealth of knowledge in the beginnings of

> > trying to write a filter driver. I’ve come up against a problem
> > that has me a bit bewildered right now though.
> >
> > The filter driver I’m writing is to do encryption on the fly in
> > certain protected directories. Seems to be a lot of that here
> > From all I’ve read, I realize that I can’t just modify the data
> > buffer
>
> > being sent down through the IRP, so this has been my tactic so far
> > for
>
> > the encryption side of things:
> >
> > 1 - Catch the IRP_MJ_WRITE and determine whether or not this is in a

> > protected folder. If the folder isn’t protected, I just pass the
> > IRP along, otherwise, I keep going in my own process below.
> >
> > 2 - I need the correct file size, and the only way I could figure to

> > find that was to generate another IRP with major function
> > IRP_MJ_QUERY_INFORMATION. This seems to get me the proper file
> > size.
> >
> > 3 - I then copy the data buffer from the original IRP into my own
> > buffer, and encrypt the portion of data necessary (just making sure
> > not to go beyone the end of the file as this seemed to cause
> > problems).
> >
> > 4 - I then generate another IRP with major function IRP_MJ_WRITE. I

> > point the IRP to the encrypted data buffer, and then send it off.
> >
> > My first question is am I going about this completely wrong? It
> > seems
>
> > to work a great deal of the time, but I’m sure there will be
> > situations that call for something different.
> >
> > My second question, and the reason for the post is this. I got the
> > idea from a post on here to try building projects with developer
> > studio in a protected folder. This sometimes works, and other
> > times, the compiler just hangs while compiling. It seems to always
> > get stuck
>
> > on the .pch files. I see it merrily sending data to me in 64k
> > packets
>
> > which I encrypt and keep passing along. Eventually, no more packets

> > are sent in, yet the file isn’t complete yet. Sometimes it makes it

> > all the way through several projects before hanging, but it always
> > seems to be on the .pch file where it stops. Anyone have any ideas
> > what I could possibly be doing wrong?
> >
> > That’s about it for now… if anyone has any suggestions, or if you
> > think it’s just a bug in my code, I would really appreciate any
> > input.
>
> > Thanks for your time!
> >
> > Bill
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@kinocode.com To
> > unsubscribe send a blank email to %%email.unsub%%
> >
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
> unsubscribe send a blank email to %%email.unsub%%
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@kinocode.com To
> unsubscribe send a blank email to %%email.unsub%%
>

—
You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · May 3, 2002, 4:10pm

Think about the multi-threaded and asynchronous cases. What happens if
the caller dispatches more than one IO with the same buffer? What if the
buffer pages are marked readonly? Etc.

dan

This posting is provided “AS IS” with no warranties, and confers no
rights.

-----Original Message-----
From: Brian Young [mailto:xxxxx@kinocode.com]
Sent: Friday, May 03, 2002 3:03 PM
To: File Systems Developers
Subject: [ntfsd] Re: Why would a file stream suddenly stop?

Couldn’t you copy the original data into the drivers memory, encrypt the
data in the buffer for the write to the disk, and set the completion
routine
for when the write is complete. Then, when your completion routine is
called with the IRP, copy the original data back into the buffer for the
user? Or would this cause problems?

Brian Young

----- Original Message -----
From: “Jamey Kirby”
To: “File Systems Developers”
Sent: Friday, May 03, 2002 12:52 PM
Subject: [ntfsd] Re: Why would a file stream suddenly stop?

> Because you are modifying the user buffer to be encrypted. If the user
> tries to use the buffer after sending down the write, it will be
> encrypted in his program; not so good. You need to copy the buffer and
> the encrypt the copy; not touching the user buffer.
>
> Jamey
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Brian Young
> Sent: Friday, May 03, 2002 2:45 PM
> To: File Systems Developers
> Subject: [ntfsd] Re: Why would a file stream suddenly stop?
>
>
> “I realize that I can’t just modify the data buffer being sent down
> through the IRP”
>
> Why not?
>
> Brian Young
>
> ----- Original Message -----
> From: “Bill Champion”
> To: “File Systems Developers”
> Sent: Friday, May 03, 2002 10:48 AM
> Subject: [ntfsd] Why would a file stream suddenly stop?
>
>
> > First of all, I’d like to say thanks to all those who have
contributed
>
> > to this board. It’s been a wealth of knowledge in the beginnings of
> > trying to write a filter driver. I’ve come up against a problem
that
> > has me a bit bewildered right now though.
> >
> > The filter driver I’m writing is to do encryption on the fly in
> > certain protected directories. Seems to be a lot of that here
> > From all I’ve read, I realize that I can’t just modify the data
buffer
>
> > being sent down through the IRP, so this has been my tactic so far
for
>
> > the encryption side of things:
> >
> > 1 - Catch the IRP_MJ_WRITE and determine whether or not this is in a
> > protected folder. If the folder isn’t protected, I just pass the
IRP
> > along, otherwise, I keep going in my own process below.
> >
> > 2 - I need the correct file size, and the only way I could figure to
> > find that was to generate another IRP with major function
> > IRP_MJ_QUERY_INFORMATION. This seems to get me the proper file
size.
> >
> > 3 - I then copy the data buffer from the original IRP into my own
> > buffer, and encrypt the portion of data necessary (just making sure
> > not to go beyone the end of the file as this seemed to cause
> > problems).
> >
> > 4 - I then generate another IRP with major function IRP_MJ_WRITE. I
> > point the IRP to the encrypted data buffer, and then send it off.
> >
> > My first question is am I going about this completely wrong? It
seems
>
> > to work a great deal of the time, but I’m sure there will be
> > situations that call for something different.
> >
> > My second question, and the reason for the post is this. I got the
> > idea from a post on here to try building projects with developer
> > studio in a protected folder. This sometimes works, and other
times,
> > the compiler just hangs while compiling. It seems to always get
stuck
>
> > on the .pch files. I see it merrily sending data to me in 64k
packets
>
> > which I encrypt and keep passing along. Eventually, no more packets
> > are sent in, yet the file isn’t complete yet. Sometimes it makes it
> > all the way through several projects before hanging, but it always
> > seems to be on the .pch file where it stops. Anyone have any ideas
> > what I could possibly be doing wrong?
> >
> > That’s about it for now… if anyone has any suggestions, or if you
> > think it’s just a bug in my code, I would really appreciate any
input.
>
> > Thanks for your time!
> >
> > Bill
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@kinocode.com To
> > unsubscribe send a blank email to %%email.unsub%%
> >
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
> unsubscribe send a blank email to %%email.unsub%%
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@kinocode.com
> To unsubscribe send a blank email to %%email.unsub%%
>

—
You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · May 3, 2002, 4:10pm

Also, how can you guarantee that someone will not access the encrypted
buffer from Um while it is in the driver? You can’t.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Brian Young
Sent: Friday, May 03, 2002 3:03 PM
To: File Systems Developers
Subject: [ntfsd] Re: Why would a file stream suddenly stop?

Couldn’t you copy the original data into the drivers memory, encrypt the
data in the buffer for the write to the disk, and set the completion
routine for when the write is complete. Then, when your completion
routine is called with the IRP, copy the original data back into the
buffer for the user? Or would this cause problems?

Brian Young

----- Original Message -----
From: “Jamey Kirby”
To: “File Systems Developers”
Sent: Friday, May 03, 2002 12:52 PM
Subject: [ntfsd] Re: Why would a file stream suddenly stop?

> Because you are modifying the user buffer to be encrypted. If the user

> tries to use the buffer after sending down the write, it will be
> encrypted in his program; not so good. You need to copy the buffer and

> the encrypt the copy; not touching the user buffer.
>
> Jamey
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Brian Young
> Sent: Friday, May 03, 2002 2:45 PM
> To: File Systems Developers
> Subject: [ntfsd] Re: Why would a file stream suddenly stop?
>
>
> “I realize that I can’t just modify the data buffer being sent down
> through the IRP”
>
> Why not?
>
> Brian Young
>
> ----- Original Message -----
> From: “Bill Champion”
> To: “File Systems Developers”
> Sent: Friday, May 03, 2002 10:48 AM
> Subject: [ntfsd] Why would a file stream suddenly stop?
>
>
> > First of all, I’d like to say thanks to all those who have
> > contributed
>
> > to this board. It’s been a wealth of knowledge in the beginnings of

> > trying to write a filter driver. I’ve come up against a problem
> > that has me a bit bewildered right now though.
> >
> > The filter driver I’m writing is to do encryption on the fly in
> > certain protected directories. Seems to be a lot of that here
> > From all I’ve read, I realize that I can’t just modify the data
> > buffer
>
> > being sent down through the IRP, so this has been my tactic so far
> > for
>
> > the encryption side of things:
> >
> > 1 - Catch the IRP_MJ_WRITE and determine whether or not this is in a

> > protected folder. If the folder isn’t protected, I just pass the
> > IRP along, otherwise, I keep going in my own process below.
> >
> > 2 - I need the correct file size, and the only way I could figure to

> > find that was to generate another IRP with major function
> > IRP_MJ_QUERY_INFORMATION. This seems to get me the proper file
> > size.
> >
> > 3 - I then copy the data buffer from the original IRP into my own
> > buffer, and encrypt the portion of data necessary (just making sure
> > not to go beyone the end of the file as this seemed to cause
> > problems).
> >
> > 4 - I then generate another IRP with major function IRP_MJ_WRITE. I

> > point the IRP to the encrypted data buffer, and then send it off.
> >
> > My first question is am I going about this completely wrong? It
> > seems
>
> > to work a great deal of the time, but I’m sure there will be
> > situations that call for something different.
> >
> > My second question, and the reason for the post is this. I got the
> > idea from a post on here to try building projects with developer
> > studio in a protected folder. This sometimes works, and other
> > times, the compiler just hangs while compiling. It seems to always
> > get stuck
>
> > on the .pch files. I see it merrily sending data to me in 64k
> > packets
>
> > which I encrypt and keep passing along. Eventually, no more packets

> > are sent in, yet the file isn’t complete yet. Sometimes it makes it

> > all the way through several projects before hanging, but it always
> > seems to be on the .pch file where it stops. Anyone have any ideas
> > what I could possibly be doing wrong?
> >
> > That’s about it for now… if anyone has any suggestions, or if you
> > think it’s just a bug in my code, I would really appreciate any
> > input.
>
> > Thanks for your time!
> >
> > Bill
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@kinocode.com To
> > unsubscribe send a blank email to %%email.unsub%%
> >
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
> unsubscribe send a blank email to %%email.unsub%%
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@kinocode.com To
> unsubscribe send a blank email to %%email.unsub%%
>

—
You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · May 3, 2002, 4:11pm

Sorry…

Overlapped IO is a good case in point to my last posting.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Brian Young
Sent: Friday, May 03, 2002 3:03 PM
To: File Systems Developers
Subject: [ntfsd] Re: Why would a file stream suddenly stop?

Couldn’t you copy the original data into the drivers memory, encrypt the
data in the buffer for the write to the disk, and set the completion
routine for when the write is complete. Then, when your completion
routine is called with the IRP, copy the original data back into the
buffer for the user? Or would this cause problems?

Brian Young

----- Original Message -----
From: “Jamey Kirby”
To: “File Systems Developers”
Sent: Friday, May 03, 2002 12:52 PM
Subject: [ntfsd] Re: Why would a file stream suddenly stop?

> Because you are modifying the user buffer to be encrypted. If the user

> tries to use the buffer after sending down the write, it will be
> encrypted in his program; not so good. You need to copy the buffer and

> the encrypt the copy; not touching the user buffer.
>
> Jamey
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Brian Young
> Sent: Friday, May 03, 2002 2:45 PM
> To: File Systems Developers
> Subject: [ntfsd] Re: Why would a file stream suddenly stop?
>
>
> “I realize that I can’t just modify the data buffer being sent down
> through the IRP”
>
> Why not?
>
> Brian Young
>
> ----- Original Message -----
> From: “Bill Champion”
> To: “File Systems Developers”
> Sent: Friday, May 03, 2002 10:48 AM
> Subject: [ntfsd] Why would a file stream suddenly stop?
>
>
> > First of all, I’d like to say thanks to all those who have
> > contributed
>
> > to this board. It’s been a wealth of knowledge in the beginnings of

> > trying to write a filter driver. I’ve come up against a problem
> > that has me a bit bewildered right now though.
> >
> > The filter driver I’m writing is to do encryption on the fly in
> > certain protected directories. Seems to be a lot of that here
> > From all I’ve read, I realize that I can’t just modify the data
> > buffer
>
> > being sent down through the IRP, so this has been my tactic so far
> > for
>
> > the encryption side of things:
> >
> > 1 - Catch the IRP_MJ_WRITE and determine whether or not this is in a

> > protected folder. If the folder isn’t protected, I just pass the
> > IRP along, otherwise, I keep going in my own process below.
> >
> > 2 - I need the correct file size, and the only way I could figure to

> > find that was to generate another IRP with major function
> > IRP_MJ_QUERY_INFORMATION. This seems to get me the proper file
> > size.
> >
> > 3 - I then copy the data buffer from the original IRP into my own
> > buffer, and encrypt the portion of data necessary (just making sure
> > not to go beyone the end of the file as this seemed to cause
> > problems).
> >
> > 4 - I then generate another IRP with major function IRP_MJ_WRITE. I

> > point the IRP to the encrypted data buffer, and then send it off.
> >
> > My first question is am I going about this completely wrong? It
> > seems
>
> > to work a great deal of the time, but I’m sure there will be
> > situations that call for something different.
> >
> > My second question, and the reason for the post is this. I got the
> > idea from a post on here to try building projects with developer
> > studio in a protected folder. This sometimes works, and other
> > times, the compiler just hangs while compiling. It seems to always
> > get stuck
>
> > on the .pch files. I see it merrily sending data to me in 64k
> > packets
>
> > which I encrypt and keep passing along. Eventually, no more packets

> > are sent in, yet the file isn’t complete yet. Sometimes it makes it

> > all the way through several projects before hanging, but it always
> > seems to be on the .pch file where it stops. Anyone have any ideas
> > what I could possibly be doing wrong?
> >
> > That’s about it for now… if anyone has any suggestions, or if you
> > think it’s just a bug in my code, I would really appreciate any
> > input.
>
> > Thanks for your time!
> >
> > Bill
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@kinocode.com To
> > unsubscribe send a blank email to %%email.unsub%%
> >
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
> unsubscribe send a blank email to %%email.unsub%%
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@kinocode.com To
> unsubscribe send a blank email to %%email.unsub%%
>

—
You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · May 3, 2002, 4:19pm

You will find that in IRP_MJ_WRITE the buffer might be read-only, and in
IRP_MJ_READ it might be write-only. Thus an encryption filter would need to
allocate its own data buffers. I haven’t come up to such a situation, but since
it’s possible, one must be prepared.

Regards, Dejan.

Brian Young wrote:

“I realize that I can’t just modify the data buffer being sent down through
the IRP”

Why not?

–
Kind regards, Dejan M. www.alfasp.com
E-mail: xxxxx@alfasp.com ICQ#: 56570367
Alfa File Monitor - File monitoring library for Win32 developers.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa Registry Monitor - Registry monitoring library for Win32 developers.
Alfa Registry Protector - Registry protection library for Win32 developers.

OSR_Community_User · May 3, 2002, 4:21pm

Bill,

As Jamey suggested, this is CERTAINLY due to querying the file size
during paging read/write. In such a situation, unfortunately, the IRQL is
APC_LEVEL, and during heavy file activity involving this path, the system will
block. There is nothing you can do about this.
If you take any FS filter that calls into the file system during all
IRP_MJ_READ/WRITE requests (or at least during paging ones), meaning it does
call into the FS at APC_LEVEL, it might not hang on first call, but if you
try to encrypt/decrypt a large number of files on the same volume, the system
will totally hang. Not crash, but hang.

Regards, Dejan.

–
Kind regards, Dejan M. www.alfasp.com
E-mail: xxxxx@alfasp.com ICQ#: 56570367
Alfa File Monitor - File monitoring library for Win32 developers.
Alfa File Protector - File protection and hiding library for Win32 developers.

Alfa Registry Monitor - Registry monitoring library for Win32 developers.
Alfa Registry Protector - Registry protection library for Win32 developers.

OSR_Community_User · May 3, 2002, 4:36pm

You never know who else is using that piece of memory
at the same time. The NT I/O model is asynchronous;
while you’re overwriting the application’s write
buffer for this request the application could be
simultaneously attempting to use the same memory as a
source for income-tax calculations. You must treat it
as read-only.

— Brian Young wrote:
> Couldn’t you copy the original data into the drivers
> memory, encrypt the
> data in the buffer for the write to the disk, and
> set the completion routine
> for when the write is complete. Then, when your
> completion routine is
> called with the IRP, copy the original data back
> into the buffer for the
> user? Or would this cause problems?
>
> Brian Young
>
> ----- Original Message -----
> From: “Jamey Kirby”
> To: “File Systems Developers”
> Sent: Friday, May 03, 2002 12:52 PM
> Subject: [ntfsd] Re: Why would a file stream
> suddenly stop?
>
>
> > Because you are modifying the user buffer to be
> encrypted. If the user
> > tries to use the buffer after sending down the
> write, it will be
> > encrypted in his program; not so good. You need to
> copy the buffer and
> > the encrypt the copy; not touching the user
> buffer.
> >
> > Jamey
> >
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf
> Of Brian Young
> > Sent: Friday, May 03, 2002 2:45 PM
> > To: File Systems Developers
> > Subject: [ntfsd] Re: Why would a file stream
> suddenly stop?
> >
> >
> > “I realize that I can’t just modify the data
> buffer being sent down
> > through the IRP”
> >
> > Why not?
> >
> > Brian Young
> >
> > ----- Original Message -----
> > From: “Bill Champion”
> > To: “File Systems Developers”
>
> > Sent: Friday, May 03, 2002 10:48 AM
> > Subject: [ntfsd] Why would a file stream suddenly
> stop?
> >
> >
> > > First of all, I’d like to say thanks to all
> those who have contributed
> >
> > > to this board. It’s been a wealth of knowledge
> in the beginnings of
> > > trying to write a filter driver. I’ve come up
> against a problem that
> > > has me a bit bewildered right now though.
> > >
> > > The filter driver I’m writing is to do
> encryption on the fly in
> > > certain protected directories. Seems to be a
> lot of that here
> > > From all I’ve read, I realize that I can’t just
> modify the data buffer
> >
> > > being sent down through the IRP, so this has
> been my tactic so far for
> >
> > > the encryption side of things:
> > >
> > > 1 - Catch the IRP_MJ_WRITE and determine whether
> or not this is in a
> > > protected folder. If the folder isn’t
> protected, I just pass the IRP
> > > along, otherwise, I keep going in my own process
> below.
> > >
> > > 2 - I need the correct file size, and the only
> way I could figure to
> > > find that was to generate another IRP with major
> function
> > > IRP_MJ_QUERY_INFORMATION. This seems to get me
> the proper file size.
> > >
> > > 3 - I then copy the data buffer from the
> original IRP into my own
> > > buffer, and encrypt the portion of data
> necessary (just making sure
> > > not to go beyone the end of the file as this
> seemed to cause
> > > problems).
> > >
> > > 4 - I then generate another IRP with major
> function IRP_MJ_WRITE. I
> > > point the IRP to the encrypted data buffer, and
> then send it off.
> > >
> > > My first question is am I going about this
> completely wrong? It seems
> >
> > > to work a great deal of the time, but I’m sure
> there will be
> > > situations that call for something different.
> > >
> > > My second question, and the reason for the post
> is this. I got the
> > > idea from a post on here to try building
> projects with developer
> > > studio in a protected folder. This sometimes
> works, and other times,
> > > the compiler just hangs while compiling. It
> seems to always get stuck
> >
> > > on the .pch files. I see it merrily sending
> data to me in 64k packets
> >
> > > which I encrypt and keep passing along.
> Eventually, no more packets
> > > are sent in, yet the file isn’t complete yet.
> Sometimes it makes it
> > > all the way through several projects before
> hanging, but it always
> > > seems to be on the .pch file where it stops.
> Anyone have any ideas
> > > what I could possibly be doing wrong?
> > >
> > > That’s about it for now… if anyone has any
> suggestions, or if you
> > > think it’s just a bug in my code, I would really
> appreciate any input.
> >
> > > Thanks for your time!
> > >
> > > Bill
> > >
> > > —
> > > You are currently subscribed to ntfsd as:
> xxxxx@kinocode.com To
> > > unsubscribe send a blank email to
> %%email.unsub%%
> > >
> >
> >
> > —
> > You are currently subscribed to ntfsd as:
> xxxxx@storagecraft.com To
> > unsubscribe send a blank email to %%email.unsub%%
> >
> >
> > —
> > You are currently subscribed to ntfsd as:
> xxxxx@kinocode.com
> > To unsubscribe send a blank email to
> %%email.unsub%%
> >
>
>
> —
> You are currently subscribed to ntfsd as:
> xxxxx@nryan.com
> To unsubscribe send a blank email to
%%email.unsub%%

=====
- Nicholas Ryan

__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com

OSR_Community_User · May 3, 2002, 4:44pm

Thank you so much! What great comments! There are far too many things that
I didn’t think of.

Brian Young

----- Original Message -----
From: “Nicholas Ryan”
To: “File Systems Developers”
Sent: Friday, May 03, 2002 1:33 PM
Subject: [ntfsd] Re: Why would a file stream suddenly stop?

> You never know who else is using that piece of memory
> at the same time. The NT I/O model is asynchronous;
> while you’re overwriting the application’s write
> buffer for this request the application could be
> simultaneously attempting to use the same memory as a
> source for income-tax calculations. You must treat it
> as read-only.
>
> — Brian Young wrote:
> > Couldn’t you copy the original data into the drivers
> > memory, encrypt the
> > data in the buffer for the write to the disk, and
> > set the completion routine
> > for when the write is complete. Then, when your
> > completion routine is
> > called with the IRP, copy the original data back
> > into the buffer for the
> > user? Or would this cause problems?
> >
> > Brian Young
> >
> > ----- Original Message -----
> > From: “Jamey Kirby”
> > To: “File Systems Developers”
> > Sent: Friday, May 03, 2002 12:52 PM
> > Subject: [ntfsd] Re: Why would a file stream
> > suddenly stop?
> >
> >
> > > Because you are modifying the user buffer to be
> > encrypted. If the user
> > > tries to use the buffer after sending down the
> > write, it will be
> > > encrypted in his program; not so good. You need to
> > copy the buffer and
> > > the encrypt the copy; not touching the user
> > buffer.
> > >
> > > Jamey
> > >
> > >
> > > -----Original Message-----
> > > From: xxxxx@lists.osr.com
> > > [mailto:xxxxx@lists.osr.com] On Behalf
> > Of Brian Young
> > > Sent: Friday, May 03, 2002 2:45 PM
> > > To: File Systems Developers
> > > Subject: [ntfsd] Re: Why would a file stream
> > suddenly stop?
> > >
> > >
> > > “I realize that I can’t just modify the data
> > buffer being sent down
> > > through the IRP”
> > >
> > > Why not?
> > >
> > > Brian Young
> > >
> > > ----- Original Message -----
> > > From: “Bill Champion”
> > > To: “File Systems Developers”
> >
> > > Sent: Friday, May 03, 2002 10:48 AM
> > > Subject: [ntfsd] Why would a file stream suddenly
> > stop?
> > >
> > >
> > > > First of all, I’d like to say thanks to all
> > those who have contributed
> > >
> > > > to this board. It’s been a wealth of knowledge
> > in the beginnings of
> > > > trying to write a filter driver. I’ve come up
> > against a problem that
> > > > has me a bit bewildered right now though.
> > > >
> > > > The filter driver I’m writing is to do
> > encryption on the fly in
> > > > certain protected directories. Seems to be a
> > lot of that here
> > > > From all I’ve read, I realize that I can’t just
> > modify the data buffer
> > >
> > > > being sent down through the IRP, so this has
> > been my tactic so far for
> > >
> > > > the encryption side of things:
> > > >
> > > > 1 - Catch the IRP_MJ_WRITE and determine whether
> > or not this is in a
> > > > protected folder. If the folder isn’t
> > protected, I just pass the IRP
> > > > along, otherwise, I keep going in my own process
> > below.
> > > >
> > > > 2 - I need the correct file size, and the only
> > way I could figure to
> > > > find that was to generate another IRP with major
> > function
> > > > IRP_MJ_QUERY_INFORMATION. This seems to get me
> > the proper file size.
> > > >
> > > > 3 - I then copy the data buffer from the
> > original IRP into my own
> > > > buffer, and encrypt the portion of data
> > necessary (just making sure
> > > > not to go beyone the end of the file as this
> > seemed to cause
> > > > problems).
> > > >
> > > > 4 - I then generate another IRP with major
> > function IRP_MJ_WRITE. I
> > > > point the IRP to the encrypted data buffer, and
> > then send it off.
> > > >
> > > > My first question is am I going about this
> > completely wrong? It seems
> > >
> > > > to work a great deal of the time, but I’m sure
> > there will be
> > > > situations that call for something different.
> > > >
> > > > My second question, and the reason for the post
> > is this. I got the
> > > > idea from a post on here to try building
> > projects with developer
> > > > studio in a protected folder. This sometimes
> > works, and other times,
> > > > the compiler just hangs while compiling. It
> > seems to always get stuck
> > >
> > > > on the .pch files. I see it merrily sending
> > data to me in 64k packets
> > >
> > > > which I encrypt and keep passing along.
> > Eventually, no more packets
> > > > are sent in, yet the file isn’t complete yet.
> > Sometimes it makes it
> > > > all the way through several projects before
> > hanging, but it always
> > > > seems to be on the .pch file where it stops.
> > Anyone have any ideas
> > > > what I could possibly be doing wrong?
> > > >
> > > > That’s about it for now… if anyone has any
> > suggestions, or if you
> > > > think it’s just a bug in my code, I would really
> > appreciate any input.
> > >
> > > > Thanks for your time!
> > > >
> > > > Bill
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as:
> > xxxxx@kinocode.com To
> > > > unsubscribe send a blank email to
> > %%email.unsub%%
> > > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntfsd as:
> > xxxxx@storagecraft.com To
> > > unsubscribe send a blank email to %%email.unsub%%
> > >
> > >
> > > —
> > > You are currently subscribed to ntfsd as:
> > xxxxx@kinocode.com
> > > To unsubscribe send a blank email to
> > %%email.unsub%%
> > >
> >
> >
> > —
> > You are currently subscribed to ntfsd as:
> > xxxxx@nryan.com
> > To unsubscribe send a blank email to
> %%email.unsub%%
>
>
> =====
> - Nicholas Ryan
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Health - your guide to health and wellness
> http://health.yahoo.com
>
> —
> You are currently subscribed to ntfsd as: xxxxx@kinocode.com
> To unsubscribe send a blank email to %%email.unsub%%
>

OSR_Community_User · May 3, 2002, 4:49pm

Dejan,

Thanks to both you and Jamey for pointing out that this could very well be
the source of my problem. So I guess I’m still stumped with the following
questions if anyone has any suggestions.

1 - Is there any other way for me to know the amount of data that I should
encrypt and decrypt? I haven’t found a reliable way other than this of
obtaining the file size, and it seems like if I encrypt the entire buffer
that’s sent in, there are some ill side effects

2 - Won’t I still have to generate my own IRP to get the encrypted data
down to the file system? Or is there another way I should be handling
this?

I apologize for asking more questions, but I’m just trying to figure out
if my approach is close and I need to clean some things up, or if my
thinking is completely wrong. Again, any additional suggestions or
criticisms are MORE than welcome! Thanks again.

Bill

OSR_Community_User · May 3, 2002, 5:39pm

May the Force be with you, young Jedi. You’ll need it
once you get to the point where you have to spoof file
sizes and file offsets on the fly. (Or alternatively
you just need the $$$ for OSR’s filter framework,
which is supposed to be pretty good).

BTW how are you able to even compile your filter
without the IFS kit? Filemon is a vastly inferior
example of a filesystem filter than is FileSpy (from
the IFS kit). And you need the source to FastFat for
reference.

— Brian Young wrote:
> Thank you so much! What great comments! There are
> far too many things that
> I didn’t think of.
>
> Brian Young
>
> ----- Original Message -----
> From: “Nicholas Ryan”
> To: “File Systems Developers”
> Sent: Friday, May 03, 2002 1:33 PM
> Subject: [ntfsd] Re: Why would a file stream
> suddenly stop?
>
>
> > You never know who else is using that piece of
> memory
> > at the same time. The NT I/O model is
> asynchronous;
> > while you’re overwriting the application’s write
> > buffer for this request the application could be
> > simultaneously attempting to use the same memory
> as a
> > source for income-tax calculations. You must treat
> it
> > as read-only.
> >
> > — Brian Young wrote:
> > > Couldn’t you copy the original data into the
> drivers
> > > memory, encrypt the
> > > data in the buffer for the write to the disk,
> and
> > > set the completion routine
> > > for when the write is complete. Then, when your
> > > completion routine is
> > > called with the IRP, copy the original data back
> > > into the buffer for the
> > > user? Or would this cause problems?
> > >
> > > Brian Young
> > >
> > > ----- Original Message -----
> > > From: “Jamey Kirby”
> > > To: “File Systems Developers”
>
> > > Sent: Friday, May 03, 2002 12:52 PM
> > > Subject: [ntfsd] Re: Why would a file stream
> > > suddenly stop?
> > >
> > >
> > > > Because you are modifying the user buffer to
> be
> > > encrypted. If the user
> > > > tries to use the buffer after sending down the
> > > write, it will be
> > > > encrypted in his program; not so good. You
> need to
> > > copy the buffer and
> > > > the encrypt the copy; not touching the user
> > > buffer.
> > > >
> > > > Jamey
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: xxxxx@lists.osr.com
> > > > [mailto:xxxxx@lists.osr.com] On
> Behalf
> > > Of Brian Young
> > > > Sent: Friday, May 03, 2002 2:45 PM
> > > > To: File Systems Developers
> > > > Subject: [ntfsd] Re: Why would a file stream
> > > suddenly stop?
> > > >
> > > >
> > > > “I realize that I can’t just modify the data
> > > buffer being sent down
> > > > through the IRP”
> > > >
> > > > Why not?
> > > >
> > > > Brian Young
> > > >
> > > > ----- Original Message -----
> > > > From: “Bill Champion”
>
> > > > To: “File Systems Developers”
> > >
> > > > Sent: Friday, May 03, 2002 10:48 AM
> > > > Subject: [ntfsd] Why would a file stream
> suddenly
> > > stop?
> > > >
> > > >
> > > > > First of all, I’d like to say thanks to all
> > > those who have contributed
> > > >
> > > > > to this board. It’s been a wealth of
> knowledge
> > > in the beginnings of
> > > > > trying to write a filter driver. I’ve come
> up
> > > against a problem that
> > > > > has me a bit bewildered right now though.
> > > > >
> > > > > The filter driver I’m writing is to do
> > > encryption on the fly in
> > > > > certain protected directories. Seems to be
> a
> > > lot of that here
> > > > > From all I’ve read, I realize that I can’t
> just
> > > modify the data buffer
> > > >
> > > > > being sent down through the IRP, so this has
> > > been my tactic so far for
> > > >
> > > > > the encryption side of things:
> > > > >
> > > > > 1 - Catch the IRP_MJ_WRITE and determine
> whether
> > > or not this is in a
> > > > > protected folder. If the folder isn’t
> > > protected, I just pass the IRP
> > > > > along, otherwise, I keep going in my own
> process
> > > below.
> > > > >
> > > > > 2 - I need the correct file size, and the
> only
> > > way I could figure to
> > > > > find that was to generate another IRP with
> major
> > > function
> > > > > IRP_MJ_QUERY_INFORMATION. This seems to get
> me
> > > the proper file size.
> > > > >
> > > > > 3 - I then copy the data buffer from the
> > > original IRP into my own
> > > > > buffer, and encrypt the portion of data
> > > necessary (just making sure
> > > > > not to go beyone the end of the file as this
> > > seemed to cause
> > > > > problems).
> > > > >
> > > > > 4 - I then generate another IRP with major
> > > function IRP_MJ_WRITE. I
> > > > > point the IRP to the encrypted data buffer,
> and
> > > then send it off.
> > > > >
> > > > > My first question is am I going about this
> > > completely wrong? It seems
> > > >
> > > > > to work a great deal of the time, but I’m
> sure
> > > there will be
> > > > > situations that call for something
> different.
> > > > >
> > > > > My second question, and the reason for the
> post
> > > is this. I got the
> > > > > idea from a post on here to try building
> > > projects with developer
> > > > > studio in a protected folder. This
> sometimes
> > > works, and other times,
> > > > > the compiler just hangs while compiling. It
> > > seems to always get stuck
> > > >
> > > > > on the .pch files. I see it merrily sending
> > > data to me in 64k packets
> > > >
> > > > > which I encrypt and keep passing along.
> > > Eventually, no more packets
> > > > > are sent in, yet the file isn’t complete
> yet.
> > > Sometimes it makes it
> > > > > all the way through several projects before
> > > hanging, but it always
> > > > > seems to be on the .pch file where it stops.
> > > Anyone have any ideas
> > > > > what I could possibly be doing wrong?
> > > > >
> > > > > That’s about it for now… if anyone has any
> > > suggestions, or if you
> > > > > think it’s just a bug in my code, I would
> really
> > > appreciate any input.
> > > >
> > > > > Thanks for your time!
> > > > >
> > > > > Bill
> > > > >
> > > > > —
> > > > > You are currently subscribed to ntfsd as:
> > > xxxxx@kinocode.com To
> > > > > unsubscribe send a blank email to
> > > %%email.unsub%%
>
=== message truncated ===

=====
- Nicholas Ryan

__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com

OSR_Community_User · May 3, 2002, 5:53pm

Nicholas,

You may have me confused with Brian. I’m the guy that couldn’t get the
IFS kit because of our legal team. I’m using an ntifs.h that I got from
somewhere on the web… I believe it was Bo Branten’s page. I agree that
having the IFS kit would be an amazing resource. I’m currently trying to
get the kit from another department within the company, so maybe I’ll
actually have something to look at in the near future.

You do have me curious… when does the need arise to spoof file sizes
and offsets? I’m sure I’m nowhere close to such a thing, but it does make
me curious when such a thing would occur. Thanks to everyone again for
their input…

Bill

May the Force be with you, young Jedi. You’ll need it
once you get to the point where you have to spoof file
sizes and file offsets on the fly. (Or alternatively
you just need the $$$ for OSR’s filter framework,
which is supposed to be pretty good).

BTW how are you able to even compile your filter
without the IFS kit? Filemon is a vastly inferior
example of a filesystem filter than is FileSpy (from
the IFS kit). And you need the source to FastFat for
reference.

— Brian Young wrote:
> > Thank you so much! What great comments! There are
> > far too many things that
> > I didn’t think of.
> >
> > Brian Young
> >
> > ----- Original Message -----
> > From: “Nicholas Ryan”
> > To: “File Systems Developers”
> > Sent: Friday, May 03, 2002 1:33 PM
> > Subject: [ntfsd] Re: Why would a file stream
> > suddenly stop?
> >
> >
> > > You never know who else is using that piece of
> > memory
> > > at the same time. The NT I/O model is
> > asynchronous;
> > > while you’re overwriting the application’s write
> > > buffer for this request the application could be
> > > simultaneously attempting to use the same memory
> > as a
> > > source for income-tax calculations. You must treat
> > it
> > > as read-only.
> > >
> > > — Brian Young wrote:
> > > > Couldn’t you copy the original data into the
> > drivers
> > > > memory, encrypt the
> > > > data in the buffer for the write to the disk,
> > and
> > > > set the completion routine
> > > > for when the write is complete. Then, when your
> > > > completion routine is
> > > > called with the IRP, copy the original data back
> > > > into the buffer for the
> > > > user? Or would this cause problems?
> > > >
> > > > Brian Young
> > > >
> > > > ----- Original Message -----
> > > > From: “Jamey Kirby”
> > > > To: “File Systems Developers”
> >
> > > > Sent: Friday, May 03, 2002 12:52 PM
> > > > Subject: [ntfsd] Re: Why would a file stream
> > > > suddenly stop?
> > > >
> > > >
> > > > > Because you are modifying the user buffer to
> > be
> > > > encrypted. If the user
> > > > > tries to use the buffer after sending down the
> > > > write, it will be
> > > > > encrypted in his program; not so good. You
> > need to
> > > > copy the buffer and
> > > > > the encrypt the copy; not touching the user
> > > > buffer.
> > > > >
> > > > > Jamey
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: xxxxx@lists.osr.com
> > > > > [mailto:xxxxx@lists.osr.com] On
> > Behalf
> > > > Of Brian Young
> > > > > Sent: Friday, May 03, 2002 2:45 PM
> > > > > To: File Systems Developers
> > > > > Subject: [ntfsd] Re: Why would a file stream
> > > > suddenly stop?
> > > > >
> > > > >
> > > > > “I realize that I can’t just modify the data
> > > > buffer being sent down
> > > > > through the IRP”
> > > > >
> > > > > Why not?
> > > > >
> > > > > Brian Young
> > > > >
> > > > > ----- Original Message -----
> > > > > From: “Bill Champion”
> >
> > > > > To: “File Systems Developers”
> > > >
> > > > > Sent: Friday, May 03, 2002 10:48 AM
> > > > > Subject: [ntfsd] Why would a file stream
> > suddenly
> > > > stop?
> > > > >
> > > > >
> > > > > > First of all, I’d like to say thanks to all
> > > > those who have contributed
> > > > >
> > > > > > to this board. It’s been a wealth of
> > knowledge
> > > > in the beginnings of
> > > > > > trying to write a filter driver. I’ve come
> > up
> > > > against a problem that
> > > > > > has me a bit bewildered right now though.
> > > > > >
> > > > > > The filter driver I’m writing is to do
> > > > encryption on the fly in
> > > > > > certain protected directories. Seems to be
> > a
> > > > lot of that here
> > > > > > From all I’ve read, I realize that I can’t
> > just
> > > > modify the data buffer
> > > > >
> > > > > > being sent down through the IRP, so this has
> > > > been my tactic so far for
> > > > >
> > > > > > the encryption side of things:
> > > > > >
> > > > > > 1 - Catch the IRP_MJ_WRITE and determine
> > whether
> > > > or not this is in a
> > > > > > protected folder. If the folder isn’t
> > > > protected, I just pass the IRP
> > > > > > along, otherwise, I keep going in my own
> > process
> > > > below.
> > > > > >
> > > > > > 2 - I need the correct file size, and the
> > only
> > > > way I could figure to
> > > > > > find that was to generate another IRP with
> > major
> > > > function
> > > > > > IRP_MJ_QUERY_INFORMATION. This seems to get
> > me
> > > > the proper file size.
> > > > > >
> > > > > > 3 - I then copy the data buffer from the
> > > > original IRP into my own
> > > > > > buffer, and encrypt the portion of data
> > > > necessary (just making sure
> > > > > > not to go beyone the end of the file as this
> > > > seemed to cause
> > > > > > problems).
> > > > > >
> > > > > > 4 - I then generate another IRP with major
> > > > function IRP_MJ_WRITE. I
> > > > > > point the IRP to the encrypted data buffer,
> > and
> > > > then send it off.
> > > > > >
> > > > > > My first question is am I going about this
> > > > completely wrong? It seems
> > > > >
> > > > > > to work a great deal of the time, but I’m
> > sure
> > > > there will be
> > > > > > situations that call for something
> > different.
> > > > > >
> > > > > > My second question, and the reason for the
> > post
> > > > is this. I got the
> > > > > > idea from a post on here to try building
> > > > projects with developer
> > > > > > studio in a protected folder. This
> > sometimes
> > > > works, and other times,
> > > > > > the compiler just hangs while compiling. It
> > > > seems to always get stuck
> > > > >
> > > > > > on the .pch files. I see it merrily sending
> > > > data to me in 64k packets
> > > > >
> > > > > > which I encrypt and keep passing along.
> > > > Eventually, no more packets
> > > > > > are sent in, yet the file isn’t complete
> > yet.
> > > > Sometimes it makes it
> > > > > > all the way through several projects before
> > > > hanging, but it always
> > > > > > seems to be on the .pch file where it stops.
> > > > Anyone have any ideas
> > > > > > what I could possibly be doing wrong?
> > > > > >
> > > > > > That’s about it for now… if anyone has any
> > > > suggestions, or if you
> > > > > > think it’s just a bug in my code, I would
> > really
> > > > appreciate any input.
> > > > >
> > > > > > Thanks for your time!
> > > > > >
> > > > > > Bill
> > > > > >
> > > > > > —
> > > > > > You are currently subscribed to ntfsd as:
> > > > xxxxx@kinocode.com To
> > > > > > unsubscribe send a blank email to
> > > > %%email.unsub%%
> >
> === message truncated ===
>
>
> =====
> - Nicholas Ryan
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Health - your guide to health and wellness
> http://health.yahoo.com

OSR_Community_User · May 3, 2002, 6:23pm

Do I have this straight? Your legal bagels won’t let you sign a license
with MS that every other SW company with a legitimate filter product has
signed, but they will let you pollute your IP with a header file of
unknown parentage that might, in fact, be stolen and render your
employer liable? And when your customers ask hard questions about the
reliability of your driver, and you have to tell them that it is not
built with the approved MS stamp-of-approval SDK, nor tested with the
stress tests therein?