none
How to map File Descriptor(FD) to Blocks (Physical Disk) RRS feed

  • Question

  • Hello,

     For our backup solution, we need to have the mapping information of  File descriptor(FD) to Blocks. Based on this, the block's already backed will be filtered and will not be return to backup location. When there any block write operation with respect to new file creation, deletion of file etc, the corresponding blocks need to be backed to the backup location. Can we able to achieve this with file system filter driver ? If not please guide us the better way to achieve this requirement. our backup solution  is placed at the block level of disk.

    Thanks 

    Lokeshraj S

    Tuesday, December 29, 2015 5:04 PM

Answers

  • You need to start reading... and reading... and reading. Yes, you're going to be doing a lot of reading over the next several months. Start with the Windows Internals book. Read it cover to cover. That will give you the background information that you will need to start asking informed and meaningful questions. Pay particular attention to the Storage stack. Your backup solution may want to make use of the Volume Shadow Service (that's what restore points use). You might want to consider the existing solutions that work pretty well, such as restore points, the File History service, and of course, cloud backup using OneDrive. Just getting the file retrieval pointers is a very primitive "solution".

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, December 29, 2015 6:40 PM
    Moderator

All replies

  • First file descriptor is a Unix term, start looking at FILE_OBJECT's.  You will need a file system filter but depending on what you are really trying to do you may need a disk filter also.  This is a very significant project.  I would recommend you start asking questions on the NTFSD mailing list at http://www.osronline,com


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Tuesday, December 29, 2015 5:11 PM
  • You need to start reading... and reading... and reading. Yes, you're going to be doing a lot of reading over the next several months. Start with the Windows Internals book. Read it cover to cover. That will give you the background information that you will need to start asking informed and meaningful questions. Pay particular attention to the Storage stack. Your backup solution may want to make use of the Volume Shadow Service (that's what restore points use). You might want to consider the existing solutions that work pretty well, such as restore points, the File History service, and of course, cloud backup using OneDrive. Just getting the file retrieval pointers is a very primitive "solution".

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, December 29, 2015 6:40 PM
    Moderator