2 replies to this topic

[stonesonnow]

Hey again

After playing with the source for quite a while (and now finally being able to compile it as well, thanks Olof).
I got several questions I've been asking myself.
1. Can I manualy deploy/install the driver without the INF file?
i.e Copy the sys files to the driver folder. Copy exe&cpl file to the system32 folder. Using sc to create a service to imdisk.sys (similar to filedisk).
2. Is there a way (from inside the driver) to see which files are being accessed? (read/write).
I tried to look into ImDiskReadWrite, but cant figure out where it is.
I tried looking inside the MdlBuffer (Irp->MdlAddress) and inside the Irp read/write buffers passed (io_stack->Parameters) but all I came accross is random data I couldnt make sense of.

Is there something I'm over looking?

Thanks in advance for any help/suggestion

[Olof Lagerkvist]

Hey again

After playing with the source for quite a while (and now finally being able to compile it as well, thanks Olof).
I got several questions I've been asking myself.
1. Can I manualy deploy/install the driver without the INF file?
i.e Copy the sys files to the driver folder. Copy exe&cpl file to the system32 folder. Using sc to create a service to imdisk.sys (similar to filedisk).

Yes. Should be no problem.

2. Is there a way (from inside the driver) to see which files are being accessed? (read/write).
I tried to look into ImDiskReadWrite, but cant figure out where it is.
I tried looking inside the MdlBuffer (Irp->MdlAddress) and inside the Irp read/write buffers passed (io_stack->Parameters) but all I came accross is random data I couldnt make sense of.

Is there something I'm over looking?

Are you talking about which file applications are accessing on the virtual disk? That is not practically possible in a disk driver like ImDisk. The filesystem driver on top of it manages files and directories and just passes down byte offsets where data should be read or written. The blocks requested can contain parts of different files in one single request depending on how the filesystem driver works.

I would say that you would need a filesystem filter driver to do what you are looking for in this case.

Thanks in advance for any help/suggestion

Thank you for your interest in ImDisk!

[stonesonnow]

Are you talking about which file applications are accessing on the virtual disk? That is not practically possible in a disk driver like ImDisk. The filesystem driver on top of it manages files and directories and just passes down byte offsets where data should be read or written. The blocks requested can contain parts of different files in one single request depending on how the filesystem driver works.

I would say that you would need a filesystem filter driver to do what you are looking for in this case.

Yes, that is exactly what I am talking about.
I have tried using the minifilter provided with the WDK for that purpose, it works great, but I have a small problem with it.
I can only attach the minifilter after the drive is loaded, meaning there is a *small amount of time* where my drive could be
accessed without my knowing. (I can extract PID and TID from the ImDisk driver, which is nice, but not enough for what I am
trying to achive).

I couldnt figure out a way to eliminate this small delay between the driver and minifilter loading, so I thought I could get a
better results from the driver itself.
Guess I would have to find another way

Thanks again for your response and for sharing your knowledge with me