Hi, all
I found a bug in the filespy driver from the
IFS kit. If I make it attached to \Device\mailslot, it
causes an access violation when IRP_MJ_CREATE_MAILSLOT
comes.
The reason is that FileSpy.sys does not treat this
operation as create request and in SpyGetFullFileName
tries to query the underlying file system for the file name.
Unfortunately, Msfs.sys, which is queried for the file name,
is not prepared to retrieve unopen file object
(FsContext = NULL and FsContext2 = NULL).
The MsDecodeFileObject routine tries to test Fcb->Flags
which causes access violation.
The solution is to handle IRP_MJ_CREATE_MAILSLOT
(and probably IRP_MJ_CREATE_NAMED_PIPE as well)
the same way as IRP_MJ_CREATE.
Could anyone from MS Filter Team tell me any comment, please ?
L.