1

Topic: ZwCreateFile - how to be in time at BSOD?

How to make, that performance did not proceed, while he really does not create a file? LARGE_INTEGER AllocationSize; UNICODE_STRING LogFileName; IO_STATUS_BLOCK IoStatusBlock; OBJECT_ATTRIBUTES ObjectAttributes; HANDLE LogFileHandle; NTSTATUS Status;////Open the Log File for writing.//RtlInitUnicodeString (L "\\?? \\C: \\FP_1.log", fullPath); InitializeObjectAttributes (&ObjectAttributes, &LogFileName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL); Status = ZwCreateFile (&LogFileHandle, GENERIC_WRITE, &ObjectAttributes, &IoStatusBlock, NULL, FILE_ATTRIBUTE_NORMAL, 0, FILE_OVERWRITE_IF, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); ZwClose (LogFileHandle); If to launch as usual the file forms. But if AFTER these lines there will be something provoking BSOD - that is then found out that the file is not present. It turns out, at first the code continues performance, and then the file forms actually. How to correct?

2

Re: ZwCreateFile - how to be in time at BSOD?

Hello, sergey77666, you wrote: S> It turns out, at first the code continues performance, and then the file forms actually. I do not see here analogs createfile file_flag_no_buffering file_flag_write_through Though can for Zw these options are called differently. PS: the program worrying BSOD, is called .

3

Re: ZwCreateFile - how to be in time at BSOD?

Hello, sergey77666, you wrote: S> How to correct? Caching. It is possible  ZwFlushBuffersFile. It is possible to open without buffering (and to write then pieces on the size of sector). If.log - the transaction log, it is simple  insufficiently to guarantee  at BSOD. For such cases CLFS made.

4

Re: ZwCreateFile - how to be in time at BSOD?

Hello, Glory, you wrote: FILE_NO_INTERMEDIATE_BUFFERING tried (and also GENERIC_WRITE replaced with something not GENERIC, but with SYNCHRONIZE), in any way.

5

Re: ZwCreateFile - how to be in time at BSOD?

Hello, Alexander G, you wrote: AG> Hello, sergey77666, you wrote: S>> How to correct? AG> caching. It is possible  ZwFlushBuffersFile. AG> It is possible to open without buffering (and to write then pieces on the size of sector). AG> If.log - the transaction log, it is simple  insufficiently to guarantee  at BSOD. For such cases CLFS made. What means transactions? Simply broad gull as a broad gull At CLFS  API... To Master it... And I already have functions-utily for creation and record of lines in a file...

6

Re: ZwCreateFile - how to be in time at BSOD?

Hello, sergey77666, you wrote: S> That means transactions? S> simply broad gull as broad gull S> At CLFS  API... To Master it... And I already have functions-utily for creation and record of lines in a file... Passed. CLFS not for record of lines in file ZwFlushBuffersFile. Well or FltFlushBuffers if from the filter.

7

Re: ZwCreateFile - how to be in time at BSOD?

Hello, Alexander G, you wrote: AG> Well or Flt As it got the Same function - what prefix I want, such and I use! Also it is desirable Zw or Nt, it everywhere optimally looks.

8

Re: ZwCreateFile - how to be in time at BSOD?

S> FILE_NO_INTERMEDIATE_BUFFERING tried (and also GENERIC_WRITE replaced with something not GENERIC, but with SYNCHRONIZE), in any way. SYNCHRONIZE it is necessary. It is simply necessary, without thinking about saving at BSOD. If you are going to use it  for the synchronous operations. Otherwise can there will be a polar fox.

9

Re: ZwCreateFile - how to be in time at BSOD?

I think the most correct decision will make in advance a file with the reserved size and simply to write to it with FILE_WRITE_THROUGH. FILE_NO_INTERMEDIATE_BUFFERING even it is better, but it has restrictions to which, you most likely, did not read up.

10

Re: ZwCreateFile - how to be in time at BSOD?

Hello, ononim, you wrote: S>> FILE_NO_INTERMEDIATE_BUFFERING tried (and also GENERIC_WRITE replaced with something not GENERIC, but with SYNCHRONIZE), in any way. O> SYNCHRONIZE it is necessary. It is simply necessary, without thinking about saving at BSOD. If you are going to use it  for the synchronous operations. Otherwise can there will be a polar fox. And anybody also does not remove it, be more attentive.

11

Re: ZwCreateFile - how to be in time at BSOD?

Hello, sergey77666, you wrote: AG>> Well or Flt S> As it got S> the Same function - what prefix I want, such and I use! Also it is desirable Zw or Nt, it everywhere optimally looks. Well as, Zw functions go from the top, through all filters - this and others. It is possible to receive a dedloki/recursion a cycle. Other filters are expected, for example, from anti-malware, which sorts as dogs . Debug then BSOD at the customer on . It is better to play at once by rules.

12

Re: ZwCreateFile - how to be in time at BSOD?

Hello, Alexander G, you wrote: AG> Hello, sergey77666, you wrote: AG>>> Well or Flt S>> As it got S>> the Same function - what prefix I want, such and I use! Also it is desirable Zw or Nt, it everywhere optimally looks. AG> well as, Zw functions go from the top, through all filters - this and others. It is possible to receive a dedloki/recursion a cycle. AG> other filters are expected, for example, from anti-malware, which sorts as dogs . Debug then BSOD at the customer on . AG> it is better to play at once by rules. It would be desirable library to write. Which it is possible both in the minifilter, and in the normal driver , and even in application  (if it what for is necessary). And here specific complication quits.