|
FsRtlRegisterFileSystemFilterCallbacks
|
bet | 7/9 | Sana | 22.07.2021 | Hajmi | 124 Kb. | | #15612 |
FsRtlRegisterFileSystemFilterCallbacks is documented in the Windows XP IFS Kit Reference.
SetFileValidData
|
NTFS has the concept of valid data length for a file stream. This is a way to preserve the C2 ‘Object Reuse’ requirement but not force file systems to write zeroes into file-tails.
Definitions:
VDL = ‘Valid Data Length.’ Each stream has such a value.
EOF = Allocated file length. Each stream has such a value.
File Tail = the region from VDL to EOF. Clearly, each stream has such a region (but may be 0-length)
By definition, VDL must be >=0 and <= EOF. Any reads from the file tail are implicitly returned as zeroes by NTFS. Any writes into the file tail cause VDL to be increased to equal the end of this write, and any data between the previous VDL and the start of this write is written as zeroes.
In Windows XP, we have added an NTFS-only Win32 function, SetFileValidData, to be used by all administrative users (explicitly, those users with the SeManageVolumePrivilege – see below) to set the Valid Data Length on a file.
Expected users:
A ‘Restore’ application that has the ability to pour the raw clusters directly onto the disk through a hardware channel. They want a method of informing the file system that the range contains valid user data and it can be returned to the user.
Multimedia/database tools that want to create large files, but not pay the zero-filling cost at (a) file extend time (cost here is to make the extend a synchronous operation) or (b) create time (cost here is filling the file with zeroes).
Served-metadata cluster file systems that need to extend the file remotely, then ‘pump in’ the data directly to the disk device.
This function is documented in the Windows XP Platform SDK.
|
SeManageVolumePrivilege
|
A new privilege, SeManageVolumePrivilege, allows non-administrators and remote users to perform administrative disk tasks on a machine. As of Windows XP this privilege is only used to allow non-administrators and remote users to call SetFileValidData.
Note: SeManageVolumePrivilege is the same as SE_MANAGE_VOLUME_NAME (winnt.h) and SE_MANAGE_VOLUME_PRIVILEGE (ntifs.h).
|
SeFilterToken
|
Driver writers can use a new routine, SeFilterToken, to create restricted tokens. This routine is documented in the Windows XP IFS Kit Reference.
|
IoCreateFileSpecifyDeviceObjectHint
|
A new routine, IoCreateFileSpecifyDeviceObjectHint, lets file system filter driver writers direct a Create request to a specific point in the driver stack. This routine is documented in the Windows XP IFS Kit Reference.
|
Filter Context Management Routines and Structures
|
The following new FsRtlXxx routines have been added to help file system filter drivers manage file stream context information using the new FSRTL_PER_STREAM_CONTEXT structure:
|
|
| |