Context meaning

I didn’t understand what are contexts in the meaning of minifilter context registering.
I understood that context is something that should pass from the preoperation to the postoepration callbacks. It suppose to connect them so when a minifilter will get the same request after it went to the file system it will be able to understand which operation was it before it was processed.
But i don’t understand what it has to do with the registration? does it suppose to mean which kind of operation the minifilter will monitor?
Can someone please explain? Or maybe can redirect me to a good guide that can explain me about it? because the msdn documentation simply dives in to the implantation without explaining what it is, and i am very confused about it

I mainly want to know about the transaction context because i honestly couldn’t find anyone who explained me what is it, what is it for? how can i see transactions in my daily use of my computer? how it has to do with minifilters?

(All this messages are written at the same time - just clarifying that i am not writing in order to get my thread to the top)
And i wanted to know what happens if i register no context at all? can i do it?
My main goal is to pass all write operations to user-mode application and then wait for response,
one of the response might be (Maybe even pending and then just wait for second message that will be send to the FltGetMessage handle that would complete the pending operations). Do i really need Context registration for that purpose?

Omric,

So many (good) questions, so little time to answer them.

Or maybe can redirect me to a good guide that can explain me about it?
I strongly suggest that if you get your employers to send you on a file
system filter training course. The one our list sponsors run is excellent.

And if you haven’t discovered it Alex Carp’s blog is tremendous
http://fsfilters.blogspot.com/

As to your question briefly:

  • A Context is (mostly) a datatstrucure reserved to you that hangs off
    important OS structures. There is one you can associate with a HANDLE
    (kinda), one you can associate with an open-to-the-fs stream (KINDA) and one
    you can associate with an open-to-the-system FILE, one you can associate
    with your filter instance and so on. There is also one you can associate
    with tranactions which are a whole other can of worms with some
    documentation on MSDN. All these structures have lifetimes associated with
    their system object

  • A context is also the data that you can pass from before a call happens to
    after it happens (or in a FltCompletePEndedOperation).

well i would love to ask my employers for explanation,
but the problem is that i am a high school student doing his project on a subject no one no almost anything about.
Thank you for your answer you really helped me. So to my understanding a context is a way to connect a series of operations like, if operations are made on a single file i can look at each file and make a connection between it calls.
But i still didnt understand what are transactions can you please redirect me to some explanation guide? Can you maybe give a legit usage of transactions in my daily use of the computer?

> But i still didnt understand what are transactions

Transactions are Computing 201, and pretty much out of scope for this list.
I’d Google for it. You might then want to look for references to TxFS on
windows.

Can you maybe give a legit usage of transactions in my daily use of the
computer?

IMO there are none. There is quasi zero need to filesystem wide
transactional control and the failure semantics are someone problematic
(IIRC). Applications of filters requiring transactions should build their
own. Yes I’m prejudiced, but I would reckon that TxFS has probably cost
the “third part software for windows industry” tens, if not hundreds, of
millions of dollars.

With my rant put to one side, you will find that windows update uses them a
great deal.

If you are a student, here’s another hint. Download FileSpy, and FileTest
from zezula.net that will give you a feel for the API (and you can see
transactions happening too) also procmon.