FltMgr not honoring modified SecurityContext::DesiredAccess in PreCreateXXX for Citri

Problem is that when application opens any file from Network Share for Write/append mode then
my driver set FILE_READ_DATA flag of
PFLT_CALLBACK_DATA->Iopb->Parameters.Create.SecurityContext->DesiredAccess
inside PreCreateCallback(), So at the time of Cleanup driver can read file data with the help of same FO.
For all other N/W Shares successfully getting Read Desired access as modified in PreCreateXXX but only
with file opened from CITRIX published
drive i.e \Device\PicaDriveRedirector) its getting FAILED. FO only gets Write Desired access though i set Read
in my driver.
Note: I have changed ProcMon altitude assign lower altitude than my driver, Observed modified desired access too on ProcMon logs means FltSetCallbackDataDirty() working, but don’t know why in PostCreate FO gets only Write access.

Does any one know what are the different possibilities that SecurityContext::DesiredAccess request may gets denied/avoid.

FltMgr not honoring modified SecurityContext::DesiredAccess in PreCreateXXX for Citrix Environment

this is your friend here CcGetFileObjectFromSectionPtrs().i think you need to swap ur fo.

FltReadFile failed with error (0xC0000008: INVALID_HANDLE_VALUE).
Whenever my FltReadFile failed, Observed below logs on DbgView may be due to some third party.
Unabled to understand it, If anybody then please help.

Anil: Ok we are in OwCommonRead
Anil:OwCommonRead: We skipped CCReadAhead!
Anil: Ok we are in OwCommonRead
Anil:OwCommonRead: We skipped CCReadAhead!
Anil:OwCommonRead: ALAS! If we come here then we are doing Cached Read
Anil: Ok we are in OwCommonRead
Anil:OwCommonRead: We skipped CCReadAhead!
Anil: Ok we are in OwCommonRead
Anil:OwCommonRead: We skipped CCReadAhead!
Anil: Ok we are in OwCommonRead
Anil:OwCommonRead: We skipped CCReadAhead!
********************************************************
*** FSDK DEBUGGING: Caught exception in FSDK Code ***
*** THIS IS AN EXPECTED CONDITION BEING HANDLED ***
*** FSDK DEBUGGING: Caught exception in FSDK Code ***
*** ***
*** You should execute the following windbg commands: **
*** ***
*** ***
*** .exr 0xFFFFF8800395D430 ; .cxr 0xFFFFF8800395D4D0 ; kv ***

*** ***
*** ***
*** (this is current as of WinDBG 6.5.3.7) ***
*** For current versions please see ***
*** http://www.microsoft.com/whdc/ddk/debugging ***
*** ***
********************************************************
********************************************************
*** FSDK DEBUGGING: Continued past breakpoint. ***
********************************************************

Well I know the FSDK returns this in the read path when someone attempts to perform user reads on a file object that’s been cleaned up.

But that wouldn’t have anything to do with security.

Tony
OSR

vaibhav_langote: Did you find a solution for your problem above (read file failed with INVALID_HANDLE_VALUE). I’m running into the same fsdk exception for picadriveredirector files when trying to read. Thanks.