Message 2 of 2
08 Jun 18 19:18
Join Date: 23 Feb 2011
Posts To This List: 175
importing fltKernel in usera-mode application
No you cannot use FltQueryInformationFile or any other FltXXX call in a user
space application. But you might want to look at
nf-ntifs-ntqueryinformationfile since ZwQueryInformationFile can be called
from user space.
Windows Driver Consulting
[mailto:email@example.com] On Behalf Of firstname.lastname@example.org
Sent: Friday, June 08, 2018 6:40 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] importing fltKernel in usera-mode application
Hello, I am new to the subject of minifilter development and i wanted to
know if i can call functions from fltkernel.h, because i still want to use
some of the functions in this api in order to analyze the fltcallbackdata
struct. I understand that it is possible to analyze everything in the
minifitler and then send it to the user-mode application but i still want
the freedom of using this api also in the user-mode application.
I thought that maybe because minifilter usually runs at kernel mode and this
library is meant to a driver development maybe i can't access some of those
funcitons but i still want to know if i can use it.
Mostly i want access to the structs (which i can build myself but it would
be very hard), and FltQueryInformationFile function.
Another short question about the FltQueryInformationFile (I just don't want
to open an entire thread just for this question). I know that in order to
find a fileobject full path i should access the data structure of a create
operation, but in FltQueryInformationFile I can use it on any operation and
i can ask for FileNameInformation. So is it possible to get the full path of
a WRITE or READ operation with FltQueryInformationFile?
NTFSD is sponsored by OSR
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
To unsubscribe, visit the List Server section of OSR Online at