none
File system filter driver using Control device object RRS feed

  • Question

  • Hi Guys,

    I am started exploring file system filter driver development which is different from actual device driver.. For my understanding i took the sample driver

    Windows-driver-samples/filesys/miniFilter/cdo/ available in the MSDN driver samples.  The sample driver code is available at: 

    https://github.com/Microsoft/Windows-driver-samples/tree/master/filesys/miniFilter/cdo

    In that sample driver code i added symbolic link name to the device object in order to call from the application. In my application i am invoking the CreateFile() API, 
    this call is succeeded but the driver "IRP_MJ_CREATE" code which is handled in "CdoMajorFunction" is not getting invoked?

    Driver code creating symbolic link:

        RtlInitUnicodeString( &nameString, CONTROL_DEVICE_OBJECT_NAME );
        status = IoCreateDevice( DriverObject,
                                 0,
                                 &nameString,
                                 FILE_DEVICE_DISK_FILE_SYSTEM,
                                 FILE_DEVICE_SECURE_OPEN,
                                 FALSE,
                                 &Globals.FilterControlDeviceObject);

    RtlInitUnicodeString(&linkString, L"\\DosDevices\\FilterCDO");
    status = IoCreateSymbolicLink(&linkString, &nameString);

           DriverObject->MajorFunction[i] = CdoMajorFunction;

    App code creating handle

    hDevice = CreateFile(
    (LPCWSTR)"\\\\.\\FilterCDO",                                 // lpFileName
    GENERIC_READ | GENERIC_WRITE,                     // dwDesiredAccess
    FILE_SHARE_READ | FILE_SHARE_WRITE,          // dwShareMode
    NULL,                                                                 // lpSecurityAttributes
    OPEN_EXISTING,                       
    0,                                                                   // dwFlagsAndAttributes
    NULL);                                                              // hTemplateFile

    Anything I am missing or wrong understanding?

    Friday, February 24, 2017 9:14 PM

All replies

  • Ok, I am able to access the control device object from user mode application by using the name 

    #define DRIVER_NAME L"\\\\?\\GLOBALROOT\\FileSystem\\Filters\\CdoSample"

    hDevice = CreateFile(
    DRIVER_NAME,
    GENERIC_READ | GENERIC_WRITE,       // dwDesiredAccess
    FILE_SHARE_READ | FILE_SHARE_WRITE,
    NULL,
    OPEN_EXISTING,
    FILE_ATTRIBUTE_NORMAL,                                // dwFlagsAndAttributes
    NULL);                   

    When using this method, i have not created any symbolic link to the device object name.. So how without creating symbolic name it is able to access the device object?

    -- Thanks..

    Wednesday, March 8, 2017 7:01 AM
  • When using this method, i have not created any symbolic link to the device object name.. So how without creating symbolic name it is able to access the device object?

    The "\\\\?\\GLOBALROOT\\FileSystem\\Filters\\CdoSample" is a symbolic name . It has been created by something else. It is not under DosDevices, but it does not have to be there. You are correct, without a name it is not possible to open a device from usermode. So everything is normal. You can read more about session- local and global namespaces here.

    --pa

    Wednesday, March 8, 2017 5:24 PM
  • Thanks Pa.. 

    One more question.. 

    From OSR - http://www.osronline.com/article.cfm?article=381

    "One of the decisions a driver writer makes is to whom he wants to make his driver's services available. To that end, a driver may create a Device Object with a name in the "Device" part of the Object Manager's namespace. We will refer to this name as the "native" device name, because it is only directly accessible (easily) from "native" Windows entities, but not from user-mode applications".

    So as per the above statement my application can't access the device object directly using this name "\\\\.\\Device\MyDevObjecName", but it can be accesse through "\\\\?\\GLOBALROOT\\Device\\MyDevObjecName" , is that correct?

    Wednesday, March 8, 2017 5:57 PM