Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

OSR Seminars


Go Back   OSR Online Lists > ntfsd
Welcome, Guest
You must login to post to this list
  Message 1 of 2  
08 Jun 18 18:40
omri aviasr
xxxxxx@gmail.com
Join Date: 25 May 2018
Posts To This List: 5
importing fltKernel in usera-mode application

Hello, I am new to the subject of minifilter development and i wanted to know if i can call functions from fltkernel.h, because i still want to use some of the functions in this api in order to analyze the fltcallbackdata struct. I understand that it is possible to analyze everything in the minifitler and then send it to the user-mode application but i still want the freedom of using this api also in the user-mode application. I thought that maybe because minifilter usually runs at kernel mode and this library is meant to a driver development maybe i can't access some of those funcitons but i still want to know if i can use it. Mostly i want access to the structs (which i can build myself but it would be very hard), and FltQueryInformationFile function. Another short question about the FltQueryInformationFile (I just don't want to open an entire thread just for this question). I know that in order to find a fileobject full path i should access the data structure of a create operation, but in FltQueryInformationFile I can use it on any operation and i can ask for FileNameInformation. So is it possible to get the full path of a WRITE or READ operation with FltQueryInformationFile?
  Message 2 of 2  
08 Jun 18 19:18
Don Burn
xxxxxx@windrvr.com
Join Date: 23 Feb 2011
Posts To This List: 175
importing fltKernel in usera-mode application

No you cannot use FltQueryInformationFile or any other FltXXX call in a user space application. But you might want to look at https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/ntifs/ nf-ntifs-ntqueryinformationfile since ZwQueryInformationFile can be called from user space. Don Burn Windows Driver Consulting Website: http://www.windrvr.com -----Original Message----- From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com Sent: Friday, June 08, 2018 6:40 PM To: Windows File Systems Devs Interest List <xxxxx@lists.osr.com> Subject: [ntfsd] importing fltKernel in usera-mode application Hello, I am new to the subject of minifilter development and i wanted to know if i can call functions from fltkernel.h, because i still want to use some of the functions in this api in order to analyze the fltcallbackdata struct. I understand that it is possible to analyze everything in the minifitler and then send it to the user-mode application but i still want the freedom of using this api also in the user-mode application. I thought that maybe because minifilter usually runs at kernel mode and this library is meant to a driver development maybe i can't access some of those funcitons but i still want to know if i can use it. Mostly i want access to the structs (which i can build myself but it would be very hard), and FltQueryInformationFile function. Another short question about the FltQueryInformationFile (I just don't want to open an entire thread just for this question). I know that in order to find a fileobject full path i should access the data structure of a create operation, but in FltQueryInformationFile I can use it on any operation and i can ask for FileNameInformation. So is it possible to get the full path of a WRITE or READ operation with FltQueryInformationFile? --- NTFSD is sponsored by OSR MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntfsd list to be able to post.

All times are GMT -5. The time now is 23:24.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license