Hi list,
I have recently been struggling with deciphering the new filename for
a renamed file in my minifilter driver. My previous travails are
documented here:
http://www.osronline.com/showThread.CFM?link=173932
To recap my goal: when a user does something like this:
ren \myserver\myshare\myfile.txt yourfile.txt
I want to be able to determine that the file’s new name is
“\myserver\myshare\yourfile.txt”. For the record, I only care about
network shares, and my test/debug machines are all fully up-to-date
with their service packs and hotfixes.
I came up with two approaches:
- Call FltGetDestinationFileNameInformation in the
SET_INFORMATION post-op handler - Call FltGetDestinationFileNameInformation in the pre-op
handler and double check the name in the post-op handler using
FltGetTunneledName
Approach (1) is the simpler of the two, since I don’t need the name in
the pre-op handler. This works just fine for files on a local NTFS
partition, but not for a LanManRedirector share on XP – in this case
FltGetDestinationFileNameInformation fails with
STATUS_FLT_INVALID_NAME_REQUEST.
By means of some dissassembly of the
FltGetDestinationFileNameInformation code I was able to determine that
the function call fails because an internal call to IoGetTopLevelIrp
indicates that the IRP is part of a recursive request, and hence it is
not safe to make further queries of the filesystem since such a query
may lead to deadlocks. Unfortunately, this fact also scuppers
approach (2), since FltGetTunneledName fails for the same reason. As
such, I’m left with one final approach that I can think of:
- Call FltGetDestinationFileNameInformation in the pre-op
handler (at this point IoGetTopLevelIrp says the request isn’t
recursive), and hope that nothing changes due to filesystem tunneling
Of course, approach (3) is rather unpalatable since it flies directly
in the face of the MSDN documentation for
FltGetDestinationFileNameInformation – surely the kind of thing the
assiduous developer does only at her peril !
So, after all this investigation and head/wall interface events, I
have the following questions:
i) Can anyone suggest a safe, preferably MS-sanctified, method of
determining a renamed file’s new name on a LanMan share on XP ?
ii) Can anyone tell me whether filesystem tunneling is an issue on
LanMan shares ? Could I ignore it in this special case, making
approach (3) safe ?
Best regards,
Tom
NB. I note that on Vista I don’t have this issue with
FltGetDestinationFileNameInformation. On Vista, IoGetTopLevelIrp
indicates the post-rename is not part of a recursive call and hence
the filesystem query calls succeed. I assume this is due to the
re-architecture of LanManRedirector into Mup – and indeed, IrpTracker
shows me two separate calls on Vista (FltMgr -> Mup; Mup-> mrxsmb),
whereas it shows me only one on XP (FltMgr->LanManRedirector).
Tom Parkin
www.thhp.org.uk
The worst moment for the atheist is when he is really thankful and has
nobody to thank /Rossetti/