 |  |  |  |  |  |  |  |
File System Filter
 |
Hello,
I am trying to create what I thought would be quite a simple file systme filter, based on the following assumption:
At some point during a readfile() routine, the filesystem HAS to call a readsector() routine (or equivilent).
My intention is, that when this request comes in I redirect it to a different sector on the disk.
Obviously I will be doing the same thing to the writefile/writesector routines when they come in, but I would like to start with read first.
The important thing, is that I catch this action, after it has been written to the NTFS equivilent of the File Allocation Table, so essentially, without my filter installed, the filesystem will look up the wrong sector for a file.
Is what I am trying to do even possible? I have already gotten the barbones of a device driver filter, I am catching the IRP_MJ_CREATE and _READ IRP's, and have managed to catch only certain filenames, so I know when the call to that file is coming in. Interestingly, when opening a 48byte file, I get three calls to IRP_MJ_CREATE, so possibly one of these three is the one.
Thanks
I am trying to create what I thought would be quite a simple file systme filter, based on the following assumption:
At some point during a readfile() routine, the filesystem HAS to call a readsector() routine (or equivilent).
My intention is, that when this request comes in I redirect it to a different sector on the disk.
Obviously I will be doing the same thing to the writefile/writesector routines when they come in, but I would like to start with read first.
The important thing, is that I catch this action, after it has been written to the NTFS equivilent of the File Allocation Table, so essentially, without my filter installed, the filesystem will look up the wrong sector for a file.
Is what I am trying to do even possible? I have already gotten the barbones of a device driver filter, I am catching the IRP_MJ_CREATE and _READ IRP's, and have managed to catch only certain filenames, so I know when the call to that file is coming in. Interestingly, when opening a 48byte file, I get three calls to IRP_MJ_CREATE, so possibly one of these three is the one.
Thanks
|
Similar Threads
- File System simulation (Java)
- File System Error 1026???? (Windows 95 / 98 / Me)
- understanding file system (C++)
- Checking file system on C: ?? (Windows NT / 2000 / XP)
- extending windows "file system" attributes (C#)
- Cannot detect the drive names and their file system (Windows NT / 2000 / XP)
- a device file in system.ini file damaged (Windows 95 / 98 / Me)
- Errors with Linux file system (*nix Hardware Configuration)
- Error occured during the file system check. (*nix Software)
- Checking file on System C (Windows NT / 2000 / XP)
Other Threads in the C Forum
- Previous Thread: How to return an array from a function?
- Next Thread: Reversing a Algorithm
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest C Posts
- Today's Posts
- Unanswered Threads
#include * adobe ansi api array asterisks binarysearch centimeter changingto char character cm copyimagefile cprogramme creafecopyofanytypeoffileinc csyntax database directory dynamic execv feet fgets file fork function getlasterror getlogicaldrivestrin givemetehcodez global grade gtkgcurlcompiling gtkwinlinux hacking hardware highest histogram ide include incrementoperators infiniteloop input interest kernel keyboard kilometer license linked linkedlist linux linuxsegmentationfault list locate logical_drives looping loopinsideloop. lowest match matrix meter microsoft motherboard mqqueue number odf opendocumentformat opensource owf pattern pdf performance pointer posix probleminc process program programming radix recursion recv repetition research reversing segmentationfault sequential single socket socketprograming standard string systemcall threads turboc unix user voidmain() wab whythiscodecausesegmentationfault windows.h windowsapi
