Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

On-Access, Transparent, Per-File Data Encryption:

OSR's File Encryption Solution Framework (FESF) provides all the infrastructure you need to build a transparent file encryption product REALLY FAST.

Super flexible policy determination and customization, all done in user-mode. Extensive starter/sample code provided.

Proven, robust, flexible. In use in multiple commercial products.

Currently available on Windows. FESF for Linux will ship in 2018.

For more info: https://www.osr.com/fesf

Go Back   OSR Online Lists > ntfsd
Welcome, Guest
You must login to post to this list
  Message 1 of 3  
05 Dec 17 14:34
Hunter Wang
xxxxxx@serpurity.com
Join Date: 20 Mar 2017
Posts To This List: 9
How to filter the request in MUP?

Hi all, I'm developing an encryption filter driver based on Isolation Filter, now I encounter a problem when the file is stored in the server, such as win2003. My minifilter could intercept the request to "\\??\\UNC\\192.168.1.233\\test\\ccedr.txt", and just do the same thing as the file stored in the local. But I got an BSOD as follows, it seems that mup can not resolve the fileobject just like didn't go through my encryption filter, is there a FLT_OPERATION_REGISTRATION such as IRP_MJ_MUP_XXX? How can my encryption filter intercept the request before it go down the mup?: MUP_FILE_SYSTEM (103) MUP file system detected an error. Arguments: Arg1: 0000000000000001, MUP_BUGCHECK_NO_FILECONTEXT Could not locate MUP file context corresponding to a file object. Arg2: ffffbe058df963a0, Irp Address if an IRP was used, NULL otherwise. Arg3: ffffbe058fd0aa10, FILE_OBJECT Address whose MUP file context could not be found Arg4: ffffbe058d9c3b00, DEVICE_OBJECT Address ...... STACK_TEXT: ffffce81`8f89a078 fffff802`ab097262 : 00000000`00000001 00000000`00000103 ffffce81`8f89a1e0 fffff802`aaf6d6c0 : nt!DbgBreakPointWithStatus ffffce81`8f89a080 fffff802`ab096b12 : 00000000`00000003 ffffce81`8f89a1e0 fffff802`ab148610 00000000`00000103 : nt!KiBugCheckDebugBreak+0x12 ffffce81`8f89a0e0 fffff802`ab006687 : 00000000`00000000 00000000`00000001 ffffbe05`8df963a0 00000000`00000000 : nt!KeBugCheck2+0x922 ffffce81`8f89a7f0 fffff802`dd0d4ab4 : 00000000`00000103 00000000`00000001 ffffbe05`8df963a0 ffffbe05`8fd0aa10 : nt!KeBugCheckEx+0x107 ffffce81`8f89a830 fffff802`dc573502 : 00000000`00000001 ffff8bc5`e2f177f8 00000000`00000000 00000000`00000000 : mup!MupRemoveFileContext+0x1db4 ffffce81`8f89a8b0 fffff802`ab32f9af : ffffbe05`8fd0aa10 ffffce81`8f89ab80 00000000`00000001 ffffce81`00000000 : FLTMGR!FltpDispatch+0xe2 ffffce81`8f89a910 fffff802`ab3585b9 : ffffbe05`00000000 00000000`00000004 00000047`8507e388 ffffce81`8f89ab80 : nt!IopSynchronousServiceTail+0x1af ffffce81`8f89a9d0 fffff802`ab011413 : ffffbe05`8fd3f7c0 00000047`8507e338 ffff8bc5`e2f177f8 ffff3768`00000018 : nt!NtQueryVolumeInformationFile+0x559 ffffce81`8f89aa90 00007ff9`18a25cc4 : 00007ff9`1523d205 00000216`07feabc0 00000216`07feabc0 00007ff9`17b9e460 : nt!KiSystemServiceCopyEnd+0x13 00000047`8507e318 00007ff9`1523d205 : 00000216`07feabc0 00000216`07feabc0 00007ff9`17b9e460 00000000`00000000 : ntdll!NtQueryVolumeInformationFile+0x14 00000047`8507e320 00007ff7`d6f05b86 : 00007ff7`d6f255c0 00000000`00000001 00000000`00000001 00000000`00000000 : KERNELBASE!GetFileInformationByHandle+0x45 00000047`8507e450 00007ff7`d6f0806d : 00007ff7`d6f255c0 00000000`00000001 00000216`07fe21cc 00000000`00000000 : NOTEPAD!LoadFile+0x166 00000047`8507e9e0 00007ff7`d6f03a67 : 00000216`07fe2188 00007ff9`189da670 00007ff7`d6f24a68 00000216`07fe2188 : NOTEPAD!NPInit+0x781 00000047`8507fce0 00007ff7`d6f19603 : 00000216`07fe3130 00000216`07fe3132 00000000`00000000 00000000`00000000 : NOTEPAD!WinMain+0x1d3 00000047`8507fdf0 00007ff9`15ef2774 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NOTEPAD!__mainCRTStartup+0x19f 00000047`8507feb0 00007ff9`189f0d51 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14 00000047`8507fee0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
  Message 2 of 3  
06 Dec 17 12:17
Peter Scott
xxxxxx@kerneldrivers.com
Join Date: 17 Feb 2012
Posts To This List: 677
How to filter the request in MUP?

Is the FO which is indicated owned by you? Or is it one that you have=20 opened during pre-create and are swapping out the target FOs in the=20 query info request? Pete -- Kernel Drivers Windows File System and Device Driver Consulting www.KernelDrivers.com 866.263.9295 ------ Original Message ------ From: "xxxxx@serpurity.com" <xxxxx@lists.osr.com> To: "Windows File Systems Devs Interest List" <xxxxx@lists.osr.com> Sent: 12/5/2017 12:34:12 PM Subject: [ntfsd] How to filter the request in MUP? >Hi all, I'm developing an encryption filter driver based on Isolation=20 >Filter, now I encounter a problem when the file is stored in the=20 >server, such as win2003. >My minifilter could intercept the request to=20 >"\\??\\UNC\\192.168.1.233\\test\\ccedr.txt", and just do the same thing=20 >as the file stored in the local. >But I got an BSOD as follows, it seems that mup can not resolve the=20 >fileobject just like didn't go through my encryption filter, is there a=20 >FLT_OPERATION_REGISTRATION such as IRP_MJ_MUP_XXX? How can my=20 >encryption filter intercept the request before it go down the mup?: <...excess quoted lines suppressed...>
  Message 3 of 3  
07 Dec 17 11:29
Hunter Wang
xxxxxx@serpurity.com
Join Date: 20 Mar 2017
Posts To This List: 9
How to filter the request in MUP?

The FO(ffffbe058fd0aa10) indicated is just a fake one, the real file object is owned by my encryption filter. If this file located in the local file system things all goes well, but when the file is located in the network position, my encryption filter seems can not catch the request, so it encounter the MUP_BUGCHECK_NO_FILECONTEXT. How can my encryption filter catch the request before it go into the mup? I tried IRP_MJ_QUERY_VOLUME_INFORMATION, but it seems didn't work.
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntfsd list to be able to post.

All times are GMT -5. The time now is 21:41.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license