Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

On-Access, Transparent, Per-File Data Encryption:

OSR's File Encryption Solution Framework (FESF) provides all the infrastructure you need to build a transparent file encryption product REALLY FAST.

Super flexible policy determination and customization, all done in user-mode. Extensive starter/sample code provided.

Proven, robust, flexible. In use in multiple commercial products.

Currently available on Windows. FESF for Linux will ship in 2018.

For more info: https://www.osr.com/fesf

Go Back   OSR Online Lists > ntfsd
Welcome, Guest
You must login to post to this list
  Message 1 of 9  
12 Sep 17 17:16
Mickey H
xxxxxx@gmail.com
Join Date: 23 Jul 2017
Posts To This List: 19
Best way to open ADS in pre-read

Hi, In my minifilter driver I would like to read data from an ADS of a file on pre-read. I understand I have 2 options to open ADS: 1. Get the file name, allocate a string and create the ADS full name (file name + ADS name), and open the ADS using FltCreateFile. 2. Open the ADS from a file handle: I need to open the file first (using FltCreateFile) to get a file handle, and then open the ADS using this handle & ADS name. I don't want to get the name every time, or maintain it because it may change. I also don't like the overhead of 2 calls to FltCreateFile in the second option. Is there a way to open ADS using file id and ADS name? Or maybe in the second option, get a handle to the file (from file object?) without the overhead of opening it? Thanks
  Message 2 of 9  
13 Sep 17 01:01
Slava Imameev
xxxxxx@hotmail.com
Join Date: 13 Sep 2013
Posts To This List: 251
Best way to open ADS in pre-read

The first option is better. It has less problems with third party filters that might not process smoothly a combination of a relative open with a file handle instead of a directory handle. There is a bigger problem you should worry about when calling FltCreateFile on a read path. A possible deadlock scenario. There is one thing you should avoid - calling FltCreateFile on a paging read path. Calling FltCreateFile for non paging read is less risky but still has a good probability for a deadlock. <QUOTE> Or maybe in the second option, get a handle to the file (from file object?) without the overhead of opening it? </QUOTE> ObOpenObjectByPointer can be called if at least one handle has been opened for a file object. It is not possible to synchronize a call to ObOpenObjectByPointer and a concurrent call to ZwClose if you do not have control over calls to ZwClose.
  Message 3 of 9  
13 Sep 17 02:11
Mickey H
xxxxxx@gmail.com
Join Date: 23 Jul 2017
Posts To This List: 19
Best way to open ADS in pre-read

Thanks Slava. From your answer, I think it will be simpler to move this code to post-create. But what does ObOpenObjectByPointer actually do? Does it initiate a new "Create" flow?
  Message 4 of 9  
13 Sep 17 03:19
Slava Imameev
xxxxxx@hotmail.com
Join Date: 13 Sep 2013
Posts To This List: 251
Best way to open ADS in pre-read

<QUOTE> what does ObOpenObjectByPointer actually do? </QUOTE> It takes an initialized file object and creates an entry for it in the process' handles table. The process' handles table is essentially an array of file object pointers. A handle is an index in that array. <QUOTE> I think it will be simpler to move this code to post-create. </QUOTE> Use a full path instead of a relative open with a file handle as it is not correct to call ObOpenObjectByPointer for a file object in post-create. A file opening can be cancelled by an upper filter and having an open handle in that case results in an incorrect system behavior.
  Message 5 of 9  
13 Sep 17 03:34
Mickey H
xxxxxx@gmail.com
Join Date: 23 Jul 2017
Posts To This List: 19
Best way to open ADS in pre-read

Thanks Slava.
  Message 6 of 9  
13 Sep 17 03:36
Mickey H
xxxxxx@gmail.com
Join Date: 23 Jul 2017
Posts To This List: 19
Best way to open ADS in pre-read

Is it possible for the name to modified during post-create? Can rename take place during that time?
  Message 7 of 9  
13 Sep 17 03:47
Slava Imameev
xxxxxx@hotmail.com
Join Date: 13 Sep 2013
Posts To This List: 251
Best way to open ADS in pre-read

<QUOTE> Is it possible for the name to modified during post-create? Can rename take place during that time? </QUOTE> The rename can be made by a concurrent thread and be completed before FltCreateFile is being called in a post create callback.
  Message 8 of 9  
13 Sep 17 04:34
Mickey H
xxxxxx@gmail.com
Join Date: 23 Jul 2017
Posts To This List: 19
Best way to open ADS in pre-read

If I try to open the ADS by full name as you suggested, how can I be sure a rename doesn't take place between the calls? I want to be sure I am opening the ADS of the right file.
  Message 9 of 9  
13 Sep 17 06:59
Slava Imameev
xxxxxx@hotmail.com
Join Date: 13 Sep 2013
Posts To This List: 251
Best way to open ADS in pre-read

You can track all rename operations in your filter and synchronize FltCreateFile for ADS with ongoing rename operations.
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntfsd list to be able to post.

All times are GMT -5. The time now is 13:38.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license