Filter Manager Overview

Slides:



Advertisements
Similar presentations
Using the SQL Access Advisor
Advertisements

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
Variations of the Turing Machine
Process Description and Control
1
Chapter 7 Constructors and Other Tools. Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 7-2 Learning Objectives Constructors Definitions.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.
Processes and Operating Systems
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
1 Hyades Command Routing Message flow and data translation.
David Burdett May 11, 2004 Package Binding for WS CDL.
1 Introducing the Specifications of the Metro Ethernet Forum MEF 19 Abstract Test Suite for UNI Type 1 February 2008.
AQute Eclipse Environment By Peter Kriens CEO aQute OSGi Director of Technology and OSGi Fellow.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Create an Application Title 1A - Adult Chapter 3.
Process a Customer Chapter 2. Process a Customer 2-2 Objectives Understand what defines a Customer Learn how to check for an existing Customer Learn how.
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt BlendsDigraphsShort.
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.
Photo Slideshow Instructions (delete before presenting or this page will show when slideshow loops) 1.Set PowerPoint to work in Outline. View/Normal click.
© Tally Solutions Pvt. Ltd. All Rights Reserved Shoper 9 License Management December 09.
Break Time Remaining 10:00.
Turing Machines.
ETS4 - What's new? - How to start? - Any questions?
PP Test Review Sections 6-1 to 6-6
User Friendly Price Book Maintenance A Family of Enhancements For iSeries 400 DMAS from Copyright I/O International, 2006, 2007, 2008, 2010 Skip Intro.
EIS Bridge Tool and Staging Tables September 1, 2009 Instructor: Way Poteat Slide: 1.
Chapter 10: Virtual Memory
Health Artifact and Image Management Solution (HAIMS)
Bellwork Do the following problem on a ½ sheet of paper and turn in.
© Copyright by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. 1 Outline 24.1 Test-Driving the Ticket Information Application.
INTRODUCTION Lesson 1 – Microsoft Word Word Basics
Exarte Bezoek aan de Mediacampus Bachelor in de grafische en digitale media April 2014.
Filter Manager Rajeev Nagar Lead Program Manager Core File Services
Sample Service Screenshots Enterprise Cloud Service 11.3.
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
 Copyright I/O International, 2013 Visit us at: A Feature Within from Item Class User Friendly Maintenance  Copyright.
1 RA III - Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Buenos Aires, Argentina, 25 – 27 October 2006 Status of observing programmes in RA.
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..
Mobility Tool Fremtidens afrapportering 2013 – Erasmus Mobilitet / IP 2014 – Erasmus+ aktioner.
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
Adding Up In Chunks.
Copyright © 2013 by John Wiley & Sons. All rights reserved. HOW TO CREATE LINKED LISTS FROM SCRATCH CHAPTER Slides by Rick Giles 16 Only Linked List Part.
MaK_Full ahead loaded 1 Alarm Page Directory (F11)
GEtServices Services Training For Suppliers Requests/Proposals.
Subtraction: Adding UP
Speak Up for Safety Dr. Susan Strauss Harassment & Bullying Consultant November 9, 2012.
Essential Cell Biology
Converting a Fraction to %
Clock will move after 1 minute
PSSA Preparation.
Chapter 11 Creating Framed Layouts Principles of Web Design, 4 th Edition.
Immunobiology: The Immune System in Health & Disease Sixth Edition
Physics for Scientists & Engineers, 3rd Edition
Energy Generation in Mitochondria and Chlorplasts
Scientific writing (81-933) Lecture 6: References Dr. Avraham Samson Faculty of Medicine in the Galilee 1.
Import Tracking and Landed Cost Processing An Enhancement For AS/400 DMAS from  Copyright I/O International, 2001, 2005, 2008, 2012 Skip Intro Version.
© Paradigm Publishing, Inc Excel 2013 Level 2 Unit 2Managing and Integrating Data and the Excel Environment Chapter 6Protecting and Sharing Workbooks.
South Dakota Library Network MetaLib User Interface South Dakota Library Network 1200 University, Unit 9672 Spearfish, SD © South Dakota.
1 Decidability continued…. 2 Theorem: For a recursively enumerable language it is undecidable to determine whether is finite Proof: We will reduce the.
Loading and Unloading Minifilters
© 2004 Microsoft Corporation. All rights reserved. 1 Minifilter Generated IO’s.
© 2004 Microsoft Corporation. All rights reserved. 1 Rules for Filters (both Legacy and Mini)
© 2004 Microsoft Corporation. All rights reserved. 1 Processing IO Operations.
Filter Manager Rajeev Nagar Lead Program Manager Core File Services
Presentation transcript:

Filter Manager Overview © 2004 Microsoft Corporation. All rights reserved.

Problems with today’s Filter Model Poor control over filter load order Non-deterministic Increases test matrix Causes interop problems No unload support Requires reboot Must process all operations ~5000 lines of code to start © 2004 Microsoft Corporation. All rights reserved.

Problems with today’s Filter Model (cont) Kernel stack overflow Call-through model Filters generate recursive IO Inefficiencies due to redundant work in filters Each filter does its own name lookup, normalization, and name caching Implement their own context support Don’t always get it correct © 2004 Microsoft Corporation. All rights reserved.

Problems with today’s Filter Model (cont) Complex interfaces Difficult to add new file system operations (IRP/FastIO) Existing filters must be modified New IRP and FastIO operations were added to W2K Broke all existing filters TxF (new Longhorn feature) Multiple OS version support Filter must be developed to “least common denominator” API set © 2004 Microsoft Corporation. All rights reserved.

The Filter Manager addresses all of these Issues © 2004 Microsoft Corporation. All rights reserved.

What is the Filter Manager Legacy file system filter Reduces the complexity of IO system through new interfaces and library routines Has kernel and user-mode interfaces © 2004 Microsoft Corporation. All rights reserved.

Filter Manager User Mode IO Operations I/O Manager FAT NTFS RDR Filter Manager Frame 1 (1000-9999) IRP + FastIO + FsFilter Interfaces Legacy Filter Driver Filter Manager Frame 0 (0-1000) Minifilter © 2004 Microsoft Corporation. All rights reserved.

Definition of Terms Legacy Filter Minifilter A file system filter developed to the current Filter model Minifilter A file system filter developed to the Filter Manager model © 2004 Microsoft Corporation. All rights reserved.

Definition of Terms Instance Altitude A filters attachment to a volume at a particular altitude Multiple filter instances per volume is supported See MiniSpy Altitude A unique identifier which defines the relation of this filter to other filters An “infinite precision” string with a decimal point Example: 4501.345 Can always insert a new filter between two existing filters All minifilters must have a unique altitude Altitudes are managed by Microsoft Developing a web site for requesting altitudes. Altitude determines relative stack position © 2004 Microsoft Corporation. All rights reserved.

Instances and Altitudes Instance: A filters attachment to a volume at a particular altitude Support multiple instances of a minifilter on a volume Altitude determines relative stack position Volume c: AntiVirus Filter (Altitude: “300”) Encryption Filter (Altitude: “100”) “LanmanRedirector” Conceptual IO Flow MiniSpy Filter (Altitude: “200”) (Altitude: “400”) © 2004 Microsoft Corporation. All rights reserved.

Definition of Terms Frame Multiple filter manager attachments to a file system stack to support proper interop with legacy filters Each frame defines an altitude range © 2004 Microsoft Corporation. All rights reserved.

Filter Manager with Multiple Frames User Mode IO Operations I/O Manager FAT NTFS RDR Filter Manager Frame 1 (1000-9999) IRP + FastIO + FsFilter Interfaces Legacy Filter Driver Filter Manager Frame 0 (0-1000) Minifilter © 2004 Microsoft Corporation. All rights reserved.

Definition of Terms CallbackData Iopb Filter manager's equivalent of an IRP All operations come to minifilters via this structure Iopb Io Parameter Block Points to current stack location © 2004 Microsoft Corporation. All rights reserved.

Problems with today’s Filter Model (Review) Poor control over filter load order No unload support Must process all operations Kernel stack overflow Inefficiencies due to redundant work in filters Complex interfaces Difficult to add new operations Cross version support © 2004 Microsoft Corporation. All rights reserved.

How these problems are addressed Poor control over filter load order Minifilter can be loaded at any time Minifilters can be inserted into the middle of the attachment chain Altitude determines relative stack position Deterministic load order © 2004 Microsoft Corporation. All rights reserved.

How these problems are addressed (cont) No unload support Minifilters can be unloaded at any time Filter Manager synchronizes the safe removal of all minifilter attachments through notifications Filter Manager handles operations which complete after the minifilter unloads © 2004 Microsoft Corporation. All rights reserved.

How these problems are addressed (cont) Must process all operations Minifilter registers only for operations in which it is interested Can uniquely register for pre- or post-Operation callbacks Can ignore certain classes of Operations Paging IO Cached IO © 2004 Microsoft Corporation. All rights reserved.

How these problems are addressed (cont) Kernel stack overflows Filter Manager uses a “callback” model instead of a “call-through” model Supports non re-entrant filter initiated i/o IO will only be seen by filters below your filter Filter Manager is optimized to reduce the amount of stack it consumes © 2004 Microsoft Corporation. All rights reserved.

Filter Manager’s Callback model User Mode IO Operations I/O Manager FAT NTFS RDR Filter Manager Frame 1 IRP + FastIO + FsFilter Interfaces Legacy Filter Driver Filter Manager Frame 0 Minifilter © 2004 Microsoft Corporation. All rights reserved.

How these problems are addressed (cont) Inefficiencies due to redundant work in filters Filter Manager provided infrastructure Name generation is time consuming Filter Manager caches file names for use by multiple filters Filter Manager is optimized to support multi-processor systems © 2004 Microsoft Corporation. All rights reserved.

How these problems are addressed (cont) Complex interfaces Filter Manager simplifies complexity by providing support routines for common functionality Naming Support Context Support User/Kernel mode communication Masking differences between file systems Filter Manager eliminates complexity by automatically handling certain functionality Enumerating and attaching to file system stacks IoMarkIrpPending() © 2004 Microsoft Corporation. All rights reserved.

How these problems are addressed (cont) Difficult to add new operations Only filter manager needs to be updated to support new operations Minifilters only register for those operations they are interested in © 2004 Microsoft Corporation. All rights reserved.

How these problems are addressed (cont) Multiple OS version support Filter Manager supports running of minifilters on down level OS’s Can register for operations that don’t exist Can programmatically determine which APIs exist FltGetRoutineAddress() Structures are designed to be extensible Registration structure has a version number Structures contain a size field © 2004 Microsoft Corporation. All rights reserved.

Additional Filter Manager Features © 2004 Microsoft Corporation. All rights reserved.

Context Management Allows minifilters to attach private information to a system object Volume Context Instance Context File Context (not implemented yet) Associated with all opens across all data streams for a given file Stream Context Associated with all opens for a given data stream of a file Stream Handle Context Associated with a single open of a single data stream © 2004 Microsoft Corporation. All rights reserved.

Name Management Copy-free retrieval of file names Retrieves names in one of three formats: Normalized, opened, short When possible, name is cached Filter manager manages name lifetime Handles renames, hardlinks, etc. © 2004 Microsoft Corporation. All rights reserved.

Filter Initiated IO IO is targeted to lower filters Io is not recursive Properly integrated with minifilter unload © 2004 Microsoft Corporation. All rights reserved.

User/Kernel Communication Minifilter creates a named port Minifilter controls who can access the port via ACLs Bi-directional communication channel © 2004 Microsoft Corporation. All rights reserved.

fltmc.exe Command line utility for common filter management operations Load and unload minifilters Attach/detach minifilters to/from volumes Enumerate minifilters, instances, volumes “fltmc help” Displays help information © 2004 Microsoft Corporation. All rights reserved.

Debugging Help fltkd debugger extension Part of debugger package .load fltkd !fltkd.help List all available commands For more specific help on a single command, issue that command with no parameters Important commands !cbd Filter Manager equivalent to !irp !frames List all Frames and their filters © 2004 Microsoft Corporation. All rights reserved.

Debugging Help fltkd debugger extension (cont) !filters List all Frames and their filters !volumes List all volumes and their instances !volume, !filter, !instance Give detailed information on the specific object Run with debug version of fltmgr.sys Lots of ASSERT to catch common errors © 2004 Microsoft Corporation. All rights reserved.

Filter Verifier Enable via Driver Verifier (verifier.exe) Select minifilter driver name Enable “I/O Verification“ option Recommend verifier value: 0x7b Verification starts when a filter registers with the Filter Manager Validates all Filter Manager APIs Validates parameters and calling context Verifies return values from minifilter’s pre/post callback routines Ensures minifilter changed the parameters in the callback data in a coherent/consistent manner Lots more to come Always develop minifilters with driver verifier and filter verifier enabled! © 2004 Microsoft Corporation. All rights reserved.

Thoughts about the Filter Manager It is much simpler to start developing a filter. Eliminates ~5000 lines of infrastructure code It is still just as hard to complete a production quality filter due to the complexity of the IO system © 2004 Microsoft Corporation. All rights reserved.

Filter Manager Changes/Enhancements © 2004 Microsoft Corporation. All rights reserved.

Filter Manager Changes (May 2004) Modified APIs User/Kernel Communication Removed: FltClosePort() Added: PFLT_PORT for port handles Added: FltCloseClientPort() Added: FltCloseCommuniciationPort() FltCancelFileOpen() IoCancelFileOpen() bug has been fixed FltPerformAsynchronousIo() Can now be used on FSCTL operations © 2004 Microsoft Corporation. All rights reserved.

Filter Manager Changes (May 2004) Following fields were modified to be a CONST FLT_CALLBACK_DATA.Thread FLT_CALLBACK_DATA.Iopb FLT_RELATED_OBJECTS.* © 2004 Microsoft Corporation. All rights reserved.

New APIs (May 2004) Added lock APIs for EResources FltAcquireResourceExclusive() FltAcquireResourceShared() FltReleaseResource() Use existing Ex routines to init and delete Acquire/release wrapped by KeEnter/LeaveCriticalRegion Added lock APIs for PushLocks FltInitializePushLock() FltDeletePushLock() FltAcquirePushLockExclusive() FltAcquirePushLockShared() FltReleasePushLock() © 2004 Microsoft Corporation. All rights reserved.

New APIs (May 2004) FsRtl Byte Range Lock package support Added new routines FltAllocateFileLock() FltCheckLockForReadAccess() FltCheckLockForWriteAccess() FltFreeFileLock() FltInitializeFileLock() FltProcessFileLock() FltUninitializeFileLock() Use in conjunction with existing routines Allows minifilter to process byte range lock operations © 2004 Microsoft Corporation. All rights reserved.

New APIs (May 2004) New APIs FltIsOperationSynchronous() FltRequestOperationStatusCallback() Used to request a callback which receives the return value from IoCallDriver() Necessary if you need to know if an oplock was granted or not FltIsOperationSynchronous() FltSetSecurityObject() © 2004 Microsoft Corporation. All rights reserved.

New APIs (May 2004) New APIs FltIs32bitProcess() Always returns TRUE on 32bit processors FltCreateSystemVolumeInformationFolder() Will create the “System Volume Information” folder if it does not already exist. Created with correct ACLs © 2004 Microsoft Corporation. All rights reserved.

New APIs (Nov 2003) FltReferenceContext() Add reference to context object Call FltReleaseContext() to remove reference FltReferenceFileNameInformation() Add reference to name information object Call FltReleaseFileNameInformation() to remove reference © 2004 Microsoft Corporation. All rights reserved.

New APIs (Nov 2003) FltGetRoutineAddress() FltIsIoCanceled() Retrieves address of filter manager routines by name Used for dynamic detection of new filter manager APIs FltIsIoCanceled() Returns if the given operation has been canceled or not FltNotifyFilterChangeDirectory() See FsRtlNotifyFilterChangeDirectory() Allows minifilter to process directory change notification operations © 2004 Microsoft Corporation. All rights reserved.

New APIs (Nov 2003) Additional APIs which support non-recursive operations: FltQueryInformationFile() FltSetInformationFile() FltQueryVolumeInformationFile() FltQuerySecurityObject() FltFlushBuffers() FltFsControlFile() FltDeviceIoControlFile() See ZW equivalents © 2004 Microsoft Corporation. All rights reserved.

New APIs (Apr 2003) FltCancelFileOpen() FltGetFileNameInformationUnsafe() Allows you to retrieve a file name given a file object and an instance Should only use when you know query is safe from deadlocking system FltCancelFileOpen() No longer return special status from post-Create callback Equivalent of IoCancelFileOpen() IoCancelFileOpen() bug has been fixed © 2004 Microsoft Corporation. All rights reserved.

New APIs (Apr 2003) FltIsVolumeWritable() FltEnumerateVolumeInformation() FltGetRequestorProcess() and FltGetRequestorProcessId() Work the same as their Io equivalents, but take a FLT_CALLBACK_DATA structure © 2004 Microsoft Corporation. All rights reserved.

Three New Minifilter Samples (May 2004) MetadataManager Shows what a minifilter needs to do to manage a private metadata file Handles volume lock/unlock Handles volume mount/dismount including surprise removal Ctx Shows how to use Instance, Stream, and StreamHandle contexts CDO Shows how to write a minifilter which needs to have a control device object Shows how to handle filter load/unload requests © 2004 Microsoft Corporation. All rights reserved.

Release Plan Already in XP SP2 Already in Srv03 SP1 Already in Longhorn Running prototype for W2K Working on final approval for a QFE which runs on W2K SP4 © 2004 Microsoft Corporation. All rights reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Условия использования

© 2024 SlidePlayer.com. Inc. All rights reserved.