none
File name and Disk LBA in Kernel mode RRS feed

  • Question

  • I have read the doc which use windows API to make connection between File name and Disk Logic Block Address. However is there any ways could do it in the kernel mode driver? I want to use it as a filter driver, not for the user application. So could you give me some help of that?

    Wednesday, April 24, 2013 8:24 PM

Answers

  • FSCTL_QUERY_RETRIEVAL_POINTERS does this in the kernel.


    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr

    Wednesday, April 24, 2013 8:33 PM

All replies

  • FSCTL_QUERY_RETRIEVAL_POINTERS does this in the kernel.


    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr

    Wednesday, April 24, 2013 8:33 PM
  • I know FSCTL_QUERY_RETRIEVAL_POINTERS does this in the kernel. But how to use this function? In the user application layer, we could use DeviceIoControl to call FSCTL_QUERY_RETRIEVAL_POINTERS. But how to use it in kernel, I still dont know, will you tell me or give me some instructions?
    Thursday, April 25, 2013 1:21 AM
  • You can issue it with IoCallDriver with an IRP with major code IRP_MJ_FILE_SYSTEM_CONTROL or use FltFsControlFile in a file system mini-filter.


    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr

    Thursday, April 25, 2013 10:59 AM
  • Could you provide some sample code for how to do this, I know how to build up new IRP and know how to pass it down, and refers to http://www.osronline.com/showThread.cfm?link=115714, could you give me more example code for this?
    Thursday, April 25, 2013 2:56 PM
  • If you cannot figure out how to issue this call can get the results, you need to step back and ask whether you can do the work in the storage stack.  This is a very simple IoCallDriver with completion routine model, that will put the mapping into the output buffer.

    This is not meant to be insulting, but making a mistake in the storage stack has really nasty consequences.  You stated in an earlier post you are doing an upper volume filter and a file system filter, these are some of the trickiest areas of the kernel to do correctly.  The call is pretty basic Windows, if you are having problems here, you need to step back and do some studying.


    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr

    Thursday, April 25, 2013 3:05 PM
  • Although it is kind of insulting to me of course, but I still would like to thank your reply, and how to do it, Thanks!
    Friday, April 26, 2013 6:09 PM
  • it is not insulting. what don is saying is that this is such a fundamental concept that if you don't understand how to send an irp synchronously down the stack, you have to take a step back, learn how to write a driver and the core concepts a driver does before getting yourself into the middle of a very nasty, hard to understand stack (even for seasoned veterans)

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, April 26, 2013 9:05 PM