Memory Mapped Files Reading and Cache Problem

TheMSsForum.com: The Microsoft Software Forum

Hello Gurus

I am writing a File System filter driver having Encrypt/Decrypt. I am using
filemon as an example code.

In order to solve the memory mapped file issue i have created a new
structure of FCB.
In that FCB i had specified the structure of FSRTL_COMMON_FCB_HEADER ,
SECTION_OBJECT_POINTERS and ERESOURCE for
MainResource and PagingResource.

After creating this I initialize the FSRTL_COMMON_FCB_HEADER to my
fileobject->FsContext and fileobject->SectionObjectPointer to my new
SectionObjectPointer. My new SectionObjectPOinter has all the 2 members
namely the Data,Image set to NULL. I also initialize the MainResource and
PagingResource using ExInitializeResourceLite.


I do this in my IRP_MJ_CREATE and when i recv a IRP_MJ_CLEANUP i traverse my
list for my SectionObjectPOinter and then delete the corresponding
FSRTL_COMMON_FCB_HEADER that i had allocated. Actually i keep both the
sectionobjectpointer and COmmonFCBHeader in a Link list from which i
traverse and delete it.

I actually got this by referring some of the posts in this forum. But i know
i am missing something because it does not work yet. If i create a rich text
document and then edit it and type in some new contents and then open it
again i get the garbled text i mean the encyrpted text. the same thing
happens for bmp files as well. When i click it again i get the IRP_MJ_READ
with CACHE set.Hence my ReadWrite Handler does not decyrpt it as its from
the Cache. But still it displays as Encrypted.

Any Hints on where i can be going wrong is greatly appreciated.

Thanks and Best Regards
Shal.
Top

Re: Memory Mapped Files Reading and Cache Problem by David

David
Tue Apr 19 13:35:24 CDT 2005

That is nice. Stealing someone's code and announcing it in public.
Sysinternals.com license says the code is not to be used without getting a
license from them. It is very old code that was designed to work in a test
environment and does not promote system stability, especially after a
passive filter is changed to an active filter. That explains why it is not
working. Trying to use a VW bug to pull an eighteen wheeler out of the
median just isn't going to work.

"Shalini" <kandukondein@NOSPAMYahoo.com> wrote in message
news:O6vtVbQRFHA.3156@TK2MSFTNGP15.phx.gbl...
> Hello Gurus
>
> I am writing a File System filter driver having Encrypt/Decrypt. I am
> using
> filemon as an example code.
>
> In order to solve the memory mapped file issue i have created a new
> structure of FCB.
> In that FCB i had specified the structure of FSRTL_COMMON_FCB_HEADER ,
> SECTION_OBJECT_POINTERS and ERESOURCE for
> MainResource and PagingResource.
>
> After creating this I initialize the FSRTL_COMMON_FCB_HEADER to my
> fileobject->FsContext and fileobject->SectionObjectPointer to my new
> SectionObjectPointer. My new SectionObjectPOinter has all the 2 members
> namely the Data,Image set to NULL. I also initialize the MainResource and
> PagingResource using ExInitializeResourceLite.
>
>
> I do this in my IRP_MJ_CREATE and when i recv a IRP_MJ_CLEANUP i traverse
> my
> list for my SectionObjectPOinter and then delete the corresponding
> FSRTL_COMMON_FCB_HEADER that i had allocated. Actually i keep both the
> sectionobjectpointer and COmmonFCBHeader in a Link list from which i
> traverse and delete it.
>
> I actually got this by referring some of the posts in this forum. But i
> know
> i am missing something because it does not work yet. If i create a rich
> text
> document and then edit it and type in some new contents and then open it
> again i get the garbled text i mean the encyrpted text. the same thing
> happens for bmp files as well. When i click it again i get the IRP_MJ_READ
> with CACHE set.Hence my ReadWrite Handler does not decyrpt it as its from
> the Cache. But still it displays as Encrypted.
>
> Any Hints on where i can be going wrong is greatly appreciated.
>
> Thanks and Best Regards
> Shal.
>
>
>
>
>


Top

Re: Memory Mapped Files Reading and Cache Problem by Maxim

Maxim
Tue Apr 19 20:50:43 CDT 2005

> I am writing a File System filter driver having Encrypt/Decrypt. I am using
> filemon as an example code.

Bad not 100% safe example. SFILTER from the IFS kit or the minifilters are
better.

> In order to solve the memory mapped file issue i have created a new
> structure of FCB.

No need in this (unless you're changing the file size during crypto). Just
filter all noncached IO and run crypto over it. This would be fine.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com


Top

Re: Memory Mapped Files Reading and Cache Problem by Shalini

Shalini
Wed Apr 20 07:41:27 CDT 2005

Thanks Max.

Actually i used SFilter from the IFS Kit.
I use a +1 -1 encryption right now..
I first checked it in Win 2000. Works like a charm...
If i unload the filter i am able to view the contents as mangled..
If i load it then perfect..all files are okay...i am able to read them..

But in windows XP it works sometime sometimes it throws from cache or
something i guess...I get the encrypted files displayed etc., But i am sure
i am not encrypting the cache because i intend to keep it unencrypted
Always in the Cache.
I do this by handling IRP_MJ_READ and IRP_MJ_WRITE
and adding a condition for both like this...

currentIrpStack->MajorFunction == IRP_MJ_WRITE(same for IRP_MJ_READ) &&
(Irp->Flags & IRP_NOCACHE) || (Irp->Flags & IRP_PAGING_IO) || (Irp->Flags &
IRP_SYNCHRONOUS_PAGING_IO)) (and same for Read as well). I have a completion
routine where i decrypt the buffer.

I use a separate buffer for encrypting and not doing a write on the same
buffer in IRP_MJ_WRITE.

As i tested with BMP notepad and RTF files this did not work....in Windows
XP..
so i was wondering if it could be a problem with memory mapped files and
hten i introduced those structures as was in some of the discussion forums.
That didnt work as well..

So finally i got this filemon from some website. and tried using that.. that
did not work as well..but i did not know what the last poster meant abt....
So i just dropped the idea...

So where cud i be going wrong in that??

Regards
Shal.








"Maxim S. Shatskih" <maxim@storagecraft.com> wrote in message
news:%23JZ7JtURFHA.248@TK2MSFTNGP15.phx.gbl...
>> I am writing a File System filter driver having Encrypt/Decrypt. I am
>> using
>> filemon as an example code.
>
> Bad not 100% safe example. SFILTER from the IFS kit or the minifilters are
> better.
>
>> In order to solve the memory mapped file issue i have created a new
>> structure of FCB.
>
> No need in this (unless you're changing the file size during crypto). Just
> filter all noncached IO and run crypto over it. This would be fine.
>
> --
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> maxim@storagecraft.com
> http://www.storagecraft.com
>
>


Top