Hi,
I am interested in calling ZwFSControlFile with the FSCTL_MARK_HANDLE opcode
from my kernel driver. I checked it and it appears to be working (At least
on win2k3).
However, the relevant MSDN site
(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/IFSK_r/hh/IFSK_r/zwref_5da20655-11b0-4366-bca2-8cee3aadbeab.xml.asp)
explicitly says what are the supported F/S IOCTLs (Without explaining why)
and FSCTL_MARK_HANDLE isn’t one of them.
At least theoratically, I cannot see the difference between issuing this
call from one of the system threads (At PASSIVE_LEVEL), to issuing this call
from a user-mode process which in the end simply calls ZwFSControlFile.
Is it still OK to call FSCTL_MARK_HANDLE from kernel mode, or should I try
another approach as the Win2k3 behaviour might break in another Service Pack
or OS version?
Thanks,
Eran.
MSDN site says only about “currently documented” but not about supported
types.
If there is no check for the input FSCTL code in ZwFsControlFile you
approach will work.
“Eran Borovik” wrote in message news:xxxxx@ntfsd…
> Hi,
> I am interested in calling ZwFSControlFile with the FSCTL_MARK_HANDLE
> opcode from my kernel driver. I checked it and it appears to be working
> (At least on win2k3).
> However, the relevant MSDN site
> (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/IFSK_r/hh/IFSK_r/zwref_5da20655-11b0-4366-bca2-8cee3aadbeab.xml.asp)
> explicitly says what are the supported F/S IOCTLs (Without explaining why)
> and FSCTL_MARK_HANDLE isn’t one of them.
> At least theoratically, I cannot see the difference between issuing this
> call from one of the system threads (At PASSIVE_LEVEL), to issuing this
> call from a user-mode process which in the end simply calls
> ZwFSControlFile.
> Is it still OK to call FSCTL_MARK_HANDLE from kernel mode, or should I try
> another approach as the Win2k3 behaviour might break in another Service
> Pack or OS version?
>
> Thanks,
> Eran.
>
>