Regarding File System Filter - Calling DeviceIOControl

Tutorials Win: Microsoft Windows Forum

Hello All,
I need to intercept any Read/Write operations with RAM, Storage Card
and HardDisk(If there is one in PocketPC, i don't really know). So I am
trying to use FSDSPY Example code using Visual Studio 2005(Not Platform
Builder).

Registry Settings Done:
===============
HKEY_LOCAL_MACHINE\System\StorageManager\FATFS\Filters\FSDSPY

Name Type Value
Dll String FSDSPY.dll
Order DWORD 0

I have added Log messages to the file under \\Temp Directory while any
directory is created in RAM, Storage Card. But Messages gets logged only when
there is operation with Storage Card. This is the way I made sure FSDSPY.dll
is working fine.

Questions:
=======
1. Is there a way to intercept RAM read/Write file operations?
2. By doing the above registry settings, the File System Filter is
applicable for all the storage. Is this understanding correct?

Now i tried to write an UI Application to Call DeviceIOControl() of FSDSPY
example.

void GetItWorked()
{
HANDLE hCommDevice = INVALID_HANDLE_VALUE;
HANDLE hCommEvent = INVALID_HANDLE_VALUE;
DWORD dwReturn;

TCHAR Buf[128];
BOOL DevIORes = FALSE;
int error;

hCommDevice = CreateFile(_T("DSK1:"), // drive to open
GENERIC_READ | GENERIC_WRITE, // no access to the drive
FILE_SHARE_READ | FILE_SHARE_WRITE, // share mode
NULL, // default security attributes
CREATE_ALWAYS, // disposition
FILE_ATTRIBUTE_NORMAL, // file attributes
NULL); // do not copy file attributes

if(hCommDevice == INVALID_HANDLE_VALUE)
{
error = GetLastError();
wsprintf(Buf , L"Error [%d]",error);
MessageBox(NULL , Buf , L"Error" , MB_OK);
}
else
{
MessageBox(NULL , L"Success in getting the DSK1 handle!!" , L"Info" ,
MB_OK);
}

hCommEvent = CreateEvent(NULL, false, false, NULL);

if( hCommEvent )
{
//download event object to device driver
DevIORes = DeviceIoControl( hCommDevice,
0 ,
(LPVOID) hCommEvent,
0,
NULL,
0,
&dwReturn,
NULL);
if( DevIORes == TRUE )
{
MessageBox(NULL , L"Success in Calling DevIOCtrl!!" , L"Info" , MB_OK);
}
}
else
{
error = GetLastError();
wsprintf(Buf , L"Error [%d]",error);
MessageBox(NULL , Buf , L"hCommEvent Error" , MB_OK);
}
}

Questions:
=======
3. To get the Driver handle so as to call DeviceIOControl(), i used L"DSK1",
was this right, since DeviceIOControl of FSDSPY is NOT called?

Thanks in advance
-Srini
Top

Re: Regarding File System Filter - Calling DeviceIOControl by Steve

Steve
Mon Nov 27 13:21:03 CST 2006

> 1. Is there a way to intercept RAM read/Write file operations?
Not with a file system filter, no.
We are creating a generalized solution based on what we learned on a project
of this nature a few years ago. Contact me privately for more information.


--
Steve Maillet
EmbeddedFusion
www.EmbeddedFusion.com
smaillet at EmbeddedFusion dot com


Top

Re: Regarding File System Filter - Calling DeviceIOControl by Srini

Srini
Tue Nov 28 12:54:15 CST 2006

Thanks Steve for your input.

Waiting for timly inputs on other two questions still.

Could anyone please tell me what am i doing wrong with calling
DeviceIOControl().

Even now I tried passing CTL_CODE by defining as given below,

#define IOCTL_FILTER_DEV_CTL CTL_CODE ( FILE_DEVICE_FILE_SYSTEM ,
4090 , METHOD_NEITHER, FILE_ANY_ACCESS )

but I am wondering where can i use this #define macro in building the Filter
Driver.

Thanks in advance
-Srini

"Steve Maillet (eMVP)" wrote:

> > 1. Is there a way to intercept RAM read/Write file operations?
> Not with a file system filter, no.
> We are creating a generalized solution based on what we learned on a project
> of this nature a few years ago. Contact me privately for more information.
>
>
> --
> Steve Maillet
> EmbeddedFusion
> www.EmbeddedFusion.com
> smaillet at EmbeddedFusion dot com
>
>
>
Top