Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

On-Access, Transparent, Per-File Data Encryption:

OSR's File Encryption Solution Framework (FESF) provides all the infrastructure you need to build a transparent file encryption product REALLY FAST.

Super flexible policy determination and customization, all done in user-mode. Extensive starter/sample code provided.

Proven, robust, flexible. In use in multiple commercial products.

Currently available on Windows. FESF for Linux will ship in 2018.

For more info: https://www.osr.com/fesf

Go Back   OSR Online Lists > ntfsd
Welcome, Guest
You must login to post to this list
  Message 1 of 5  
12 Jan 04 10:29
ntfsd member 12622
xxxxxx@volny.cz
Join Date:
Posts To This List: 1372
Filter context of file object ?

Hi, all, does anyone know something about the "FilterContext" of the file object ? This is the value returned by IoGetFileObjectFilterContext (WinXP, SP1), which can be written as following: PVOID IoGetFileObjectFilterContext(PFILE_OBJECT FileObject) { if(FileObject->Flags & 0x00800000) return (FileObject->dwOffs78); return NULL; } I have a problem with it. The file object itself has the size of 0x70 bytes, but the function gets a DWORD value from offset 0x78. L.
  Message 2 of 5  
12 Jan 04 11:09
ntfsd member 8
xxxxxx@osr.com
Join Date:
Posts To This List: 2736
Filter context of file object ?

The size of the file object is not germane in this case. Specifically, note that this flag is the FO_FILE_OBJECT_HAS_EXTENSION flag. Thus, all they are doing is offseting past the file object into the extension area; I believe this extension area is private to the OS and is not available via public symbols. Regards, Tony Tony Mason Consulting Partner OSR Open Systems Resources, Inc. http://www.osr.com -----Original Message----- From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Ladislav Zezula Sent: Monday, January 12, 2004 10:29 PM To: ntfsd redirect Subject: [ntfsd] Filter context of file object ? Hi, all, does anyone know something about the "FilterContext" of the file object ? This is the value returned by IoGetFileObjectFilterContext (WinXP, SP1), which can be written as following: PVOID IoGetFileObjectFilterContext(PFILE_OBJECT FileObject) { if(FileObject->Flags & 0x00800000) return (FileObject->dwOffs78); return NULL; } I have a problem with it. The file object itself has the size of 0x70 bytes, but the function gets a DWORD value from offset 0x78. L. --- Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=3D17 You are currently subscribed to ntfsd as: xxxxx@osr.com To unsubscribe send a blank email to xxxxx@lists.osr.com
  Message 3 of 5  
13 Jan 04 01:18
ntfsd member 12622
xxxxxx@volny.cz
Join Date:
Posts To This List: 1372
Filter context of file object ?

Thank you very much. L.
  Message 4 of 5  
15 Jan 04 20:11
ntfsd member 1661
xxxxxx@windows.microsoft.com
Join Date:
Posts To This List: 608
Filter context of file object ?

Only file objects that are generated via a call to IoCreateFileSpecifyDeviceObjectHint() have this file object extension area. This is an internal feature of windows and you should not be using it. Note that future versions of the OS will do this differently. Is this simply a curiosity question or are you trying to do something with this? Neal Christiansen Microsoft File System Filter Group Lead This posting is provided "AS IS" with no warranties, and confers no rights. -----Original Message----- From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Tony Mason Sent: Monday, January 12, 2004 8:09 AM To: Windows File Systems Devs Interest List Subject: RE: [ntfsd] Filter context of file object ? The size of the file object is not germane in this case. Specifically, note that this flag is the FO_FILE_OBJECT_HAS_EXTENSION flag. Thus, all they are doing is offseting past the file object into the extension area; I believe this extension area is private to the OS and is not available via public symbols. Regards, Tony Tony Mason Consulting Partner OSR Open Systems Resources, Inc. http://www.osr.com -----Original Message----- From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Ladislav Zezula Sent: Monday, January 12, 2004 10:29 PM To: ntfsd redirect Subject: [ntfsd] Filter context of file object ? Hi, all, does anyone know something about the "FilterContext" of the file object ? This is the value returned by IoGetFileObjectFilterContext (WinXP, SP1), which can be written as following: PVOID IoGetFileObjectFilterContext(PFILE_OBJECT FileObject) { if(FileObject->Flags & 0x00800000) return (FileObject->dwOffs78); return NULL; } I have a problem with it. The file object itself has the size of 0x70 bytes, but the function gets a DWORD value from offset 0x78. L. --- Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=3D17 You are currently subscribed to ntfsd as: xxxxx@osr.com To unsubscribe send a blank email to xxxxx@lists.osr.com --- Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=3D17 You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com To unsubscribe send a blank email to xxxxx@lists.osr.com
  Message 5 of 5  
16 Jan 04 01:17
ntfsd member 12622
xxxxxx@volny.cz
Join Date:
Posts To This List: 1372
Filter context of file object ?

> Is this simply a curiosity question or are you trying to do something > with this? No, I worked on a bug that occured in our filter driver in cooperation another one above it. Yes, the file object has been created using IoCreateFileSpecifyDeviceObjectHint(). In our filter, we duplicate the file object using ObCreateObject+ObInsertObject+RtlCopyMemory. (written long ago, don't shoot at me :-)) The bug is obvious - if the source file object has the FO_FILE_OBJECT_HAS_EXTENSION flag set, the target FO will have it too, but won't have the extension itself. The solution is not to copy this flag. Because I don't have the newest IFS kit, I didn't know the meaning of the flag, I only knew its value and how it's handled by OS. L.
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntfsd list to be able to post.

All times are GMT -5. The time now is 07:03.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license