none
Is there a way to programatically set a bit in the volume $bitmap in kernel mode RRS feed

  • Question

  • Hello, 

    In kernel mode I would like to set some bits in the partition $bitmap, Is there any way to do it? I have googled it but havent found any leads yet.

    Thank you

    Tuesday, May 31, 2016 8:51 AM

Answers

  • How are you going to reserve the clusters?  This is your original question how to modify the $bitmap, and the answer is you cannot safely do this.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Tuesday, May 31, 2016 2:58 PM

All replies

  • What are you really trying to achieve?  The data is owned by the system and is not something you normally play with directly?


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Tuesday, May 31, 2016 1:02 PM
  • I am trying to perform file and directory exclusion on a volume filter driver. The volume filter driver just redirects to free space so that on reboot all change seem to have been reverted. If you remember, in one of my previous posts you were 

    advising me to associate a mini filter driver to track 

    file in an exclusion list and perform diverse actions. Using a Master File Table parser I was able to track file records of those file in my exclusion list and consequently able to handle exclusion of resident files and also file attributes. My problems arise when the file allocation clusters are extended for those files in my exclusion list that have been modified. 

    Here's what I do is: 

    when parsing the $DATA attribute of the file record: 

    I add the clusters that i get from the data runs and in fact I verified that the Bitmap tracking excluded file is the same on reboot , but I still cant figure out why some times, partial parts of the file are corrupted and some times the process just work fine on other files. 


    • Edited by Weg's Tuesday, May 31, 2016 1:22 PM
    Tuesday, May 31, 2016 1:21 PM
  • Instead of trying to manipulate the volume directly consider creating a file you use as the scratch space in the minifilter.  Mark it as delete on close, and put the data in there.   This is equivalent of reserving clusters without having to muck in the low level which you have no control over, since you cannot get at the locking structures.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Tuesday, May 31, 2016 1:53 PM
  • Thank you for you reply but I don't understand why I would need to reserve space that way and what data I should put in. Could you clarify please?

    The way I get it is I reserve a set of clusters and I set them myself in the file data run? 

    Thank you.

    Tuesday, May 31, 2016 2:46 PM
  • How are you going to reserve the clusters?  This is your original question how to modify the $bitmap, and the answer is you cannot safely do this.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Tuesday, May 31, 2016 2:58 PM
  • I now see what you mean Thank you.

    Looks like I will have to set the data runs myself.

    One more thing that I wish to know is: with this approach how do I know how many new clusters need to be allocated?

    I know I can detect new cluster allocations operation in SET_INFORMATION IRP but is there a way to know the number of clusters that need to be allocated as the file gets modified? 

    Thank you.

    Tuesday, May 31, 2016 3:14 PM
  • I know of no way to predict the growth of a file.  You may be able to get some heuristics by collecting data on specific programs once things are working, but in general there is no good way of knowing.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Tuesday, May 31, 2016 3:41 PM
  • Thank you for the clarification.
    Tuesday, May 31, 2016 4:04 PM