Hi,
Using FileSpy Tool, i am monitoring the calls of MVFS (Multi-Version File System) files from Clearcase repository. My local drives have NTFS file system.
In FileSpy Tool, there are 2 options
- FileSpy-Legacy Filter Driver
- MiniSpy-Minifilter Driver
When MVFS File is Open calls are as follows.
- Using option FileSpy - Legacy Filter Driver.
- IRP_MJ_CREATE - status_success
- FASTIO_QUERY_STANDARD_INFO - failure
- IRP_MJ_QUERY - status_success
- FASTIO_READ - failure
- IRP_MJ_READ - status_success
- IRP_MJ_CLEANUP - status_success
- IRP_MJ_CLOSE - status_success
- Using option MiniSpy - Minifilter Driver.
Type
- IRP_MJ_CREATE - IRP status_success
- IRP_MJ_QUERY - FastIO status_flt_disallow_fast_io
- IRP_MJ_READ - FastIO status_flt_disallow_fast_io
Read & Query Operation for Legacy_Filter_driver it shows properly. But using mini-filter driver option, it shows status_flt_disallow_fast_io.
Is it like, as the undelying file system is MVFS, mini-filter support using Filter-Manager is not provided for MVFS file system.
Mini-filter support is only for NTFS file system ?
But, how can legacy filter driver option able to see the calls properly but not mini-filter option ?
Any inputs will be much helpful.
Thanks,
Mahesh
> Using FileSpy Tool, i am monitoring the calls of MVFS
(Multi-Version File System) files from Clearcase repository. My
local drives have NTFS file system.
In FileSpy Tool, there are 2 options
First of all, get the latest version from
http://www.zezula.net/fstools.html
Then try again. It is indeed possible that your file system is not
supported by filter manager. That’s why legacy filter in FileSpy is for,
it will always show you the requests as-is, not processed by fltmgr.
L.
Hi,
Thanks Ladislav for your reply.
I have downloaded the latest version of FileSpy 4.0, with this tool also i am getting same sequence of calls.
How should i check whether the Filter-Manager supports the MVFS (Multi-Version File System) or not ?
I also tried with Null-filter driver, it gives the same output.
For eg. In null-filter i get Pre-Operation of both Read and Query IRPs but in Post-Operation routine, the IoStatus.Status = -1071906812 (0xC01C0004) i.e Status_Flt_disallow_fast_io
Thanks
Mahesh
Hello Manesh,
Does your MVFS implement support for FSRTL_ADVANCED_FCB_HEADER (http://msdn.microsoft.com/en-us/library/ms791483.aspx) and the related functions ?
Regards,
Alex.
This posting is provided “AS IS” with no warranties, and confers no rights.
Sorry, I read that as MYFS :). You’ll need to ask MVFS support but some of their older versions didn’t support the FSRTL_ADVANCED_FCB_HEADER and Filter Manager wouldn’t attach.
Regards,
Alex.
This posting is provided “AS IS” with no warranties, and confers no rights.
>Does your MVFS implement support for FSRTL_ADVANCED_FCB_HEADER
You can check that easily in debugger. FILE_OBJECT-> FsContext points either to FSRTL_COMMON_FCB_HEADER or FSRTL_ADVANCED_FCB_HEADER.
The member NodeByteSize (second word) should be equal to sizeof() of on structure above.
-bg
Hi,
Using NullFilter driver, i tried to set streamcontext using FltSetStreamContext call in Post-Create operation for Multi-Version File System files, but it failed with Status_Not_Supported.
Also, in Post-Create, i checked that FsContext field is not NULL, then also FltSetStreamContext failed.
(this appears to be strange or may be i am missing something)
Is it like StreamContext is not supported i.e FilterManager doesn’t support for MVFS file system ?
Kindly guide me, also tell whether am i approaching the correct path or not ?
Thanks
Mahesh
Hi Manesh,
You are on the right path. It looks like the MVFS version you are using doesn’t implement what filter manager needs for stream level contexts.
Regards,
Alex.
This posting is provided “AS IS” with no warranties, and confers no rights.
Hi,
How should i confirm, that Filter Manager does not support MVFS File System ?
so that i need to try something different to trap MVFS file calls.
Any inputs are appreciated.
Thanks
Mahesh