CODEWITHSUNDEEP
windowsdriverminifilter
pit
pit

Reputation: 5

check if read operation is for spesific file in filter driver

Hello im new at filter driver programming, i took windows swapBuffer example and i try to modify it to pritn me the file name for each read/write operation and print the data tryed to read/ write.

i tried to do it like this:

FLT_PREOP_CALLBACK_STATUS SwapPreWriteBuffers(
_Inout_ PFLT_CALLBACK_DATA Data,
_In_ PCFLT_RELATED_OBJECTS FltObjects,
_Flt_CompletionContext_Outptr_ PVOID *CompletionContext)
{
 /* here we do some logic that check that we want to write more the 
    0 bytes and  get volume context and allocate aligned nonPaged  memory 
    for the "swapping memory" ,  build a MDL and then if all succeed i try this: 
 */
    WCHAR filename[300] = {0};
    wfprintf(filename, "%wZ\0", Data->Iopb->TargetFileObject->FileName);
    if (NULL != wcstr(filename, L"try_me.txt"))
    {
         DbgPrint("Fname %S try to write %S\n", filename, Data->Iopb->Parameters.Write.WriteBuffe);
    }
}

my main problem (i think) Data->Iopb->TargetFileObject->FileName is unicode and i dont know how to make the compae betwine this and a string of the file name

my outher problem is how do i print the buffer curretly to the dbg string without risking at getting blue screen? (i got alot from them laytly...) sometimes i get to this function without writing a string , how do i recognize the different and printing it saftely?

last question , are there any way to nake try except in drivers or all the faults are continue directly to blue screen?

thank you

p.s. here is the link to the entire code (Without the additions I wrote (which I listed in this post above)) https://github.com/Microsoft/Windows-driver-samples/blob/master/filesys/miniFilter/swapBuffers/swapBuffers.c

Upvotes: 0

Views: 305

Answers (1)

Dev
Dev

Reputation: 26

File name are the concepts at IRP_MJ_CREATE. you can't rely on the name at irp_mj_write or read. so better to do it in create. also try to get the name from FltObject->FileObject->FileName it may give you the desired name of your file aling with other names too.

For printing the written data you need to check for Irp flag in minifilter it is from Data->Iopb->IrpFlags, IRP_PAGING_IO if its true then print the buffer using KdPrint((".... "));

Yes, you can use try, except in driver too.

Hope this may help.

:)

Upvotes: 1

Related Questions