A couple of weeks ago I was teaching our Developing file System Minifilters for Windows seminar here in Manchester, NH. A student asked a question about a behavior they were seeing when calling FltGetFileNameInformation after a rename operation on the network. Much to their surprise, the name returned was the old name for the file […]
PSA: FsRtlIsNameInExpression Can Raise an Exception
Well, THIS one was a surprise…After triggering a memory leak in a driver, the system surprisingly crashed due to a call to FsRtlIsNameInExpression: As best we could tell we were passing valid input to FsRtlIsNameInExpression, so what’s up? The answer lies in the exception code: STATUS_NO_MEMORY (0xC0000017). A quick scan of the disassembly shows that yes […]
NTFS Status Debugging
As a file system filter developer, one of the great pains in life is when a file system operation fails deep in the bowels of the file system. For example, say I’m trying to rename a file with FltSetInformationFile for FileRenameInformation and I get back STATUS_ACCESS_DENIED. How do I track that down? Sure, I could try […]
Meltdown and Spectre: What about drivers?
The week the Meltdown and Spectre vulnerabilities was one of the most fun weeks I’ve had in a while. Not only were the vulnerabilities mind-bendingly clever, that week had just about everything you could possibly want in a story: mystery, intrigue, heroes, villains, and probably the greatest patch ever submitted. After consuming as much information […]
Of Windows, Git, FUSE, and Moral Equivalence
It’s a known fact these days that Microsoft is feeling the Git love. As stated by Microsoft and reported by Ars Technica, the Windows operating system is even moving from its long lived centralized source control system to Git. Strange days indeed! However, in all of this there’s an interesting technical bit related to Windows file systems. As […]
Legacy File System Filters Blocked in Build 1607
Ever since the release of Filter Manager over 10 years ago, there have been rumblings about the fate of the existing legacy File System Filters (i.e. any FS filter that didn’t use Filter Manager)*. It was clear that they were going to be deprecated at some point, but when and how? The first nail in […]
OSR Open Systems Resources, Inc.