Filtering the I/O requests sent by non-system applications in a file system filter driver.
in [Device Drivers]
|
From: shaji on 30 Apr 2008 01:31 HI, I'm a newbie in the world of drivers. I'm developing a file system filter driver that needs to process all I/O requests sent in by user mode applications eg; MS Word, Excel etc; I don't want to do any sort of processing on IRPs generated on behalf of the Windows OS itself ( I'm not sure I'm using the correct words here :) ). To put it simple, I want to distinguish between IRPs generated on behalf of the OS processes and those generated on behalf of user mode applications. Could anybode tell me the easiest mechanism to achieve this? Thanks in advance, Shaji.
From: David Craig on 30 Apr 2008 02:37 This is the wrong group. Try ntfsd on osronline.com. "shaji" <shajiparemmal(a)gmail.com> wrote in message news:f54062ad-0b05-4911-8f72-4bf0c1023d8e(a)n1g2000prb.googlegroups.com... > HI, > I'm a newbie in the world of drivers. I'm developing a file system > filter driver that needs to process all I/O requests sent in by user > mode applications eg; MS Word, Excel etc; I don't want to do any sort > of processing on IRPs generated on behalf of the Windows OS itself > ( I'm not sure I'm using the correct words here :) ). > > To put it simple, I want to distinguish between IRPs generated on > behalf of the OS processes and those generated on behalf of user mode > applications. > > Could anybode tell me the easiest mechanism to achieve this? > > Thanks in advance, > Shaji.
From: Eugene Mayevski on 30 Apr 2008 02:49 Hello! You wrote on Tue, 29 Apr 2008 22:31:03 -0700 (PDT): s> To put it simple, I want to distinguish between IRPs generated on s> behalf of the OS processes and those generated on behalf of user mode s> applications. There are cases when the OS issues requests on behalf of the application (or it's needs). Examples: if the application accesses the file via MMF, or when cache manager accesses the file (I am not 100% sure about the latter case). With best regards, Eugene Mayevski http://mayevski.blogspot.com/
From: shaji on 30 Apr 2008 05:14 Hi Eugene Mayevski, > There are cases when the OS issues requests on behalf of the application (or > it's needs). Examples: if the application accesses the file via MMF, or when > cache manager accesses the file (I am not 100% sure about the latter case). Thanks a lot for that reply. I know that IoGetRequestorProcess will give me the process which requested the I/O. If the application uses MMF to access the file, will this function return the system process that issues MMF request? Shaji.
From: Maxim S. Shatskih on 1 May 2008 05:21 Impossible. The kernel does not know the difference between, say, OS-provided svchost.exe and the user-installed winword.exe Also note that some work initiated by apps like Word will be executed in System process context - cache flushes and read-aheads. -- Maxim Shatskih, Windows DDK MVP StorageCraft Corporation maxim(a)storagecraft.com http://www.storagecraft.com "shaji" <shajiparemmal(a)gmail.com> wrote in message news:f54062ad-0b05-4911-8f72-4bf0c1023d8e(a)n1g2000prb.googlegroups.com... > HI, > I'm a newbie in the world of drivers. I'm developing a file system > filter driver that needs to process all I/O requests sent in by user > mode applications eg; MS Word, Excel etc; I don't want to do any sort > of processing on IRPs generated on behalf of the Windows OS itself > ( I'm not sure I'm using the correct words here :) ). > > To put it simple, I want to distinguish between IRPs generated on > behalf of the OS processes and those generated on behalf of user mode > applications. > > Could anybode tell me the easiest mechanism to achieve this? > > Thanks in advance, > Shaji.
|
Pages: 1 Prev: windows file system internals -o reilly ebook??????? Next: malloc,free,mbtow problem |