FltGetFileNameInformation+VISTA+IRP_MJ_NETWORK_QUERY_OPEN+BSOD

 I'm assuming you're using a minifilter. The most interesting feature of this operation is that one of the parametersis an Irp. This is pretty much the only place in a minifilter where you willactually touch an IRP. That IRP is a fully initialized CREATE IRP and youcan use it for all your context needs (getting the PID and the user like youwould for any normal create). I don't remember about FltGetFileNameInformation, could be a bug or it couldbe something that simply doesn't make sense in this context. Regardless, I would suggest that you disallow this request (returnFLT_PREOP_DISALLOW_FASTIO in the preOp) and expect it will come on theregular create path, which is much easier to handle. As Rod pointed out,LUAFV (which is an inbox minifilter enabled by default on all Vista+ systemsas far as I remember) does it anyway so you're not gaining anything from aperformance perspective. And then there are other gotchas about thisoperation which IMO do not justify the extra effort.
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值