Forum Discussion
How to check the file is fslogix redirection file?
hi,I am a developer。I write a minifilter,which altitude is 138200。 I want to check a fileobject is a FSLogix’s redirection file。I foud four ECP GUID in the fslogix driver。
I want to check in minifilter precreate callback function,but it is not effect。
Could you tell me the problem?thanks!
DEFINE_GUID(GUID_1, 0x5AE07381, 0xAA1E, 0x4571, 0xB4, 0x3B, 0x37, 0x2C, 0x2C, 0xDD, 0x96, 0x0A);
DEFINE_GUID(GUID_2, 0xE40898B8, 0x1D08, 0x4434, 0xB2, 0xC9, 0x78, 0xD6, 0xB8, 0x83, 0xBF, 0xEB);
DEFINE_GUID(GUID_3, 0xFD7F2404, 0x788C, 0x48D3, 0xA7, 0x1B, 0x35, 0x60, 0xD5, 0x70, 0x8F, 0x45);
DEFINE_GUID(GUID_4, 0x9414EEF8, 0xE320, 0x43F8, 0xA5, 0x1A, 0x32, 0x58, 0x48, 0x24, 0x10, 0xCF);
BOOLEAN
xxxIsKernelModeEcpPresent(
_In_ PFLT_FILTER Filter,
_In_ PFLT_CALLBACK_DATA Data,
_In_ LPCGUID EcpType,
_Outptr_opt_result_buffer_(*EcpContextSize) PVOID *EcpContext,
_Out_opt_ ULONG *EcpContextSize
)
{
NTSTATUS status;
PECP_LIST ecpList;
PVOID ecpContext;
ULONG ecpContextSize;
PAGED_CODE();
if (EcpContext) {
*EcpContext = NULL;
}
if (EcpContextSize) {
*EcpContextSize = 0;
}
status = FltGetEcpListFromCallbackData(Filter,
Data,
&ecpList);
if (NT_SUCCESS(status) && (ecpList != NULL)) {
status = FltFindExtraCreateParameter(Filter,
ecpList,
EcpType,
&ecpContext,
&ecpContextSize);
if (NT_SUCCESS(status)) {
if (!FltIsEcpFromUserMode(Filter, ecpContext)) {
if (EcpContext) {
*EcpContext = ecpContext;
}
if (EcpContextSize) {
*EcpContextSize = ecpContextSize;
}
return TRUE;
}
}
}
return FALSE;
}
FLT_PREOP_CALLBACK_STATUS
xxxPreCreate (
_Inout_ PFLT_CALLBACK_DATA Data,
_In_ PCFLT_RELATED_OBJECTS FltObjects,
_Flt_CompletionContext_Outptr_ PVOID* CompletionContext
)
{
FLT_PREOP_CALLBACK_STATUS returnStatus = FLT_PREOP_SUCCESS_NO_CALLBACK;
NTSTATUS status;
PFILE_OBJECT fileObject = Data->Iopb->TargetFileObject;
PAGED_CODE();
createContext.Flags = 0;
if (!fileObject) {
return FLT_PREOP_SUCCESS_NO_CALLBACK;
}
//
// Skip pre-rename operations which always open a directory.
//
if (FlagOn(Data->Iopb->OperationFlags, SL_OPEN_TARGET_DIRECTORY)) {
return FLT_PREOP_SUCCESS_NO_CALLBACK;
}
//
// Skip paging files.
//
if (FlagOn(Data->Iopb->OperationFlags, SL_OPEN_PAGING_FILE)) {
return FLT_PREOP_SUCCESS_NO_CALLBACK;
}
//
// Skip DASD opens
//
if (FlagOn(FltObjects->FileObject->Flags, FO_VOLUME_OPEN)) {
return FLT_PREOP_SUCCESS_NO_CALLBACK;
}
if (UpmIsKernelModeEcpPresent(UpmData->FilterHandle,
Data, &GUID_1, NULL, NULL)) {
UPM_ASSERT(FALSE);
}
if (UpmIsKernelModeEcpPresent(UpmData->FilterHandle,
Data, &GUID_2, NULL, NULL)) {
UPM_ASSERT(FALSE);
}
if (UpmIsKernelModeEcpPresent(UpmData->FilterHandle,
Data, &GUID_3, NULL, NULL)) {
UPM_ASSERT(FALSE);
}
if (UpmIsKernelModeEcpPresent(UpmData->FilterHandle,
Data, &GUID_4, NULL, NULL)) {
UPM_ASSERT(FALSE);
}
2 Replies
FSLogix redirection files are typically stored in a specific directory, often within the user's profile or a designated redirection folder.
ECP GUIDs are often stored in extended attributes or as part of the file's context. They are not necessarily stored directly in the file system's standard metadata.
