FltCreateFile

Ariel_K · August 18, 2009, 11:00am

Hi.

I’m trying to create a file over SMB - lets say “\Device\LanmanRedirector\serverName\sharedFolder\1.txt”

I adopted the passthrough example and during every file’s precreate I try to create the file, if it doesn’t exist.

If I use FltCreateFile I get STATUS_INVALID_DEVICE_OBJECT_PARAMETER.
When I use ZWCreateFile with the same parameters, The file is created flawlessly.

However, when I use another driver I wrote some time ago, FltCreateFile succeeds (for the smae remote machine, but a different folder) and ZWCreateFile fails with STATUS_ACCESS_DENIED.
In that case I tried impersonation the user - both with SeCreateClientSecurityFromSubjectContext() and SeImpersonateClientEx() with SeDeleteClientSecurity(),
and SeCreateClientSecurity() and SeImpersonateClient() with PsRevertToSelf().
None seem to help.

Both machines are in the same domain, but one somehow manages to create the file, while the other doesn’t.That leads me to believe it might be a configuration problem.

Please help,
Ariel.

Ariel_K · August 18, 2009, 9:58pm

I have some more data.

I monitor all file creation and block every *.txt - my minifilter is to be the only elligeble creator of such files.
That means that ACCESS_DENIED on my own ZwCreateFiles is my own doing…

Is there any way to recognize IO operations initiated by me?
Naturally, I’d much rather use FltCreateFile with an instance parameter, but that doesn’t work (as posted above).
Ariel.

Ariel_K · August 18, 2009, 10:07pm

I’ll try and bookkeep my issueing threads, and compare them with the FLT_CALLBACK_DATA received in pre creates.

I still don’t understand why sometimes ZwCreateFile fails while FltcreateFile doesn’t.

Ariel_K · August 19, 2009, 7:31am

I have some new information -
I’ve changed my driver so that it would try and create a file (GENERIC_WRITE/READ, FILE_OPEN_IF) every time the PreCreate callback is called
1.Using FltCreateFile() and get the error value of 0xC0000369 (STATUS_INVALID_DEVICE_OBJECT_PARAMETER)
2.Using ZwCreateFile while during the PreCreate callback checking if the IO is issued by my minifilter according to the sending thread and if so, allowing it to process unhandled.

The first time ZwCreateFile is called, the file is created successfully and I close the handle to it.
In every other time ZwCreateFile is called I receive the peculiar error code of C0000388 (STATUS_DOWNGRADE_DETECTED)

The path to the file I’m creating is \Device\LanmanRedirector\serverName\c$\1.txt.

Ariel.

Ariel_K · August 19, 2009, 8:36am

Sometimes ZwCreateFile fails with 0xC00000BE (STATUS_BAD_NETWORK_PATH) as well, even though the path is unchanged.

Ariel.