[rkhunter]

Guys I need solve such problem.
I need track filter-context per FileObject in my FSD filter. This is usual filter, not mini. I. e. I need store context for each FileObject that FSD create. I know that there FSD supports feature called ''per-stream file context" through FsRtlXXXContext. But I doubt would it fine for directory, because I want track my context for directory too? Or this feature working only for files.
Any suggestions...

[a_d_13]

Hello,

I think that FS context mentioned will work for directories. I have not tried it, but there are 2 types of context - per-file and per-stream. They are set by the functions FsRtlInsertPerFileContext and FsRtlInsertPerStreamContext. Both of these have a context pointer as a param, which you get through FsRtlGetPerFileContextPointer or FsRtlGetPerStreamContextPointer. These are #define'd as:

Code: Select all

#define FsRtlGetPerStreamContextPointer(_fo) \
    ((PFSRTL_ADVANCED_FCB_HEADER)((_fo)->FsContext))

#define FsRtlGetPerFileContextPointer(_fo) \
    (FsRtlSupportsPerFileContexts(_fo) ? \
        FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer : \
        NULL)

So, I think if you can get FILE_OBJECT for directory, for example using IO_OPEN_TARGET_DIRECTORY flag, you should be able to attach a context to it.

Thanks,
--AD

[rkhunter]

Thx, I would try it.

Edit: I just noticed that it available only from Vista. But in my case it must working and in 2k too. Seems one solution there - is a trees (or generic tables).

[rkhunter]

About tracking FS context in legacy filters http://fsfilters.blogspot.com/2011/01/c ... s-and.html

[holly]

Or you can track the context yourself:record FileObject and your context in one structure when someone open a file object,release the structure when the file object is closed.
Hash the FileObject for quick search or other method you like.