/*
* pagefile vs mappedfile & mm vs cc & IRP_PAGING_IO vs IRP_NOCACHE
* sunwang<sunwangme@hotmail.com>
* 2005-10-20
*/
//osr1
IRP_PAGING_IO means that the IRP is paging i/o, for example if the IRP is IRP_MJ_WRITE, then it is a paging write and since paging writes are not cached (are not wriites to file cache), IRP_PAGING_IO implies IRP_NOCACHE_IO, so to speak.
[是pageing的就不是cache的.不是cache的就是paging的麼?不是! 見osr3.但這種情況==FILE_NO_INTERMEDIATE_BUFFERING,並且是以扇區為單位做io的.對於做stream encrypt不用管如rc4,但是如果是block encrypt如des還是要區別一下.FILE_NO_INTERMEDIATE_BUFFERING是自己對齊的.]
IRP_NOCACHE_IO, and not IRP_PAGING_IO so to speak, means that the IRP is not paging i/o, but it is not cached. For example if the IRP is IRP_MJ_WRITE, then it is not a paging write, and it is non cached (is not a write to file cache). By way of example the user has opened the handle with CreateFile and FILE_FLAG_NO_BUFFERING.
There some important differences between these two cases. For example: in the case of paging i/o certain resources have been pre-acquired, whereas in the case of non paging i/o these resources have not been pre-acquired; paging i/o cannot extend the end of file, whereas non paging i/o can extend the end of file.
[paging的標記是mm使用的,如果使用者訪問了invalid page來讀檔案,如mapped file/section等,將導致page fault,mm負責調入記憶體;寫入相同]
//osr2
IRP_NOCACHE means "do not use the data cache"
IRP_PAGING_IO means "this I/O is on behalf of the VM system"
You will always see IRP_NOCACHE set if IRP_PAGING_IO is set in the IRP_MJ_READ or IRP_MJ_WRITE operation. You can see IRP_NOCACHE for a user level I/O operation that should bypass the data cache.
For example, open a file and specify FILE_NO_INTERMEDIATE_BUFFERING and the I/O operations will be IRP_NOCACHE.
[也就是說,預設檔案讀寫是cache的,所以也沒有一個標記是IRP_CACHE,但可以通過FILE_NO_INTERMEDIATE_BUFFERING禁止]
//osr3
IRP_PAGING_IO is always IRP_NOCACHE. The reverse is not true.
IRP_NOCACHE without IRP_PAGING_IO is:
- allowed to grow the file
- delivered to the FSD without any FCB locks already held
This is the difference between it and IRP_PAGING_IO.
Such a request is delivered due to WriteFile to a noncached file.
//osr4
IFS FAQ:
https://www.osronline.com/article.cfm?id=17
IRP->Flags (from Installable File System Kit)
======
There are several different possible IRP flags which control how underlying drivers (notably file systems) will interpret the contents of the I/O request itself.
IRP_NOCACHE – data for this I/O request should be read from the actual backing media and not from cache.
IRP_PAGING_IO – the I/O operation in question is performing paging I/O. This bit is used by the Memory Manager.
IRP_MOUNT_COMPLETION – the I/O operation in question is performing a mount operation.
IRP_SYNCHRONOUS_API – the API in question expects synchronous behavior. While synchronous behavior is advised when this bit is set, it is not required.
IRP_ASSOCIATED_IRP – the IRP in question is associated with some larger I/O operation.
IRP_BUFFERED_IO – the AssociatedIrp.SystemBuffer field is valid.
IRP_DEALLOCATE_BUFFER – the system buffer was allocated from pool and should be deallocated by the I/O Manager.
IRP_INPUT_OPERATION – the I/O operation is for input. This is used by the Memory Manager to indicate a page in operation.
IRP_SYNCHRONOUS_PAGING_IO – the paging operation should complete synchronously. This bit is used by the Memory Manager.
IRP_CREATE_OPERATION – the IRP represents a file system create operation.
IRP_READ_OPERATION – the IRP represents a read operation.
IRP_WRITE_OPERATION – the IRP represents a write operation.
IRP_CLOSE_OPERATION – the IRP represents a close operation.
IRP_DEFER_IO_COMPLETION – the IRP should be processed asynchronously. While asynchronous behavior is advised when this bit is set, it is not required.
IRP_MJ_CREATE::IrpSp->Parameters.Create.Options (from Installable File System Kit)
======
Specifies the options to be applied when creating or opening the file. These options are specified as a compatible combination of the following flags.
FILE_DIRECTORY_FILE - The file being created or opened is a directory file. If this flag is set, the Disposition parameter must be set to one of FILE_CREATE, FILE_OPEN, or FILE_OPEN_IF. This flag is compatible with the following CreateOptions flags: FILE_SYNCHRONOUS_IO_ALERT, FILE_SYNCHRONOUS_IO_NONALERT, FILE_WRITE_THROUGH, FILE_OPEN_FOR_BACKUP_INTENT, and FILE_OPEN_BY_FILE_ID.
FILE_NON_DIRECTORY_FILE - The file being opened must not be a directory file or this call will fail. The file object being opened must represent a data file.
FILE_WRITE_THROUGH - System services, FSDs, and drivers that write data to the file must actually transfer the data into the file before any requested write operation is considered complete.
FILE_SEQUENTIAL_ONLY - All accesses to the file will be sequential.
FILE_RANDOM_ACCESS - Accesses to the file can be random, so no sequential read-ahead operations should be performed on the file by FSDs or the system.
FILE_NO_INTERMEDIATE_BUFFERING - The file cannot be cached or buffered in a driver’s internal buffers. This flag is incompatible with the DesiredAccess FILE_APPEND_DATA flag.
[Callers of ZwReadFile must have already called ZwCreateFile with the DesiredAccess flag FILE_READ_DATA set, either explicitly or by setting this flag using GENERIC_READ.If the preceding call to ZwCreateFile set the CreateOptions flag FILE_NO_INTERMEDIATE_BUFFERING, the Length and ByteOffset parameters to ZwReadFile must be an integral of the sector size. For more information, see ZwCreateFile.][如果有這個標記,read/write/FileDispositionInformation都是以扇區為單位]
FILE_SYNCHRONOUS_IO_ALERT - All operations on the file are performed synchronously. Any wait on behalf of the caller is subject to premature termination from alerts. This flag also causes the I/O system to maintain the file position context. If this flag is set, the DesiredAccess SYNCHRONIZE flag also must be set.
FILE_SYNCHRONOUS_IO_NONALERT - All operations on the file are performed synchronously. Waits that exist in the system to synchronize I/O queuing and completion are not subject to alerts. This flag also causes the I/O system to maintain the file position context. If this flag is set, the DesiredAccess SYNCHRONIZE flag also must be set.
FILE_CREATE_TREE_CONNECTION - Create a tree connection for this file in order to open it over the network.
FILE_COMPLETE_IF_OPLOCKED - Complete this operation immediately with an alternate success code if the target file is oplocked, rather than blocking the caller's thread. If the file is oplocked, another caller already has access to the file over the network.
FILE_NO_EA_KNOWLEDGE - If the extended attributes on an existing file being opened indicate that the caller must understand EAs to properly interpret the file, fail this request because the caller does not understand how to deal with EAs.
FILE_DELETE_ON_CLOSE - Delete the file when the last handle to it is passed to ZwClose.
FILE_OPEN_BY_FILE_ID - The file name specified in the ObjectAttributes parameter includes the 8-byte file reference number for the file. This number is assigned by the file system and is file-system-specific. If the file is a reparse point, the file name also includes the name of a device. Note: The FAT file system does not support FILE_OPEN_BY_FILE_ID.
FILE_OPEN_FOR_BACKUP_INTENT - The file is being opened for backup intent, hence, the system should check for certain access rights and grant the caller the appropriate accesses to the file before checking the input DesiredAccess against the file's security descriptor.
IRP_MJ_CREATE::IrpSp->Parameters.Create.SecurityContext->DesiredAccess (from Installable File System Kit)
======
Bitmask of flags specifying the type of access that the caller requires to the file or directory. The set of system-defined DesiredAccess flags determines the following specific access rights for file objects. DesiredAccess Flags Meaning
DELETE - The file can be deleted.
FILE_READ_DATA - Data can be read from the file.
FILE_READ_ATTRIBUTES - FileAttributes flags, described later, can be read.
FILE_READ_EA - Extended attributes (EA) associated with the file can be read.
READ_CONTROL - The access control list (ACL) and ownership information associated with the file can be read.
FILE_WRITE_DATA - Data can be written to the file.
FILE_WRITE_ATTRIBUTES - FileAttributes flags can be written.
FILE_WRITE_EA - Extended attributes associated with the file can be written.
FILE_APPEND_DATA - Data can be appended to the file.
WRITE_DAC - The discretionary access control list (DACL) associated with the file can be written.
WRITE_OWNER - Ownership information associated with the file can be written.
SYNCHRONIZE - The caller can wait on the returned FileHandle to synchronize with the completion of an I/O operation. This flag must be set if the CreateOptions FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT flag is set.
FILE_EXECUTE - Data can be read into memory from the file using system paging I/O.
IRP_MJ_CREATE::Irp->IoStatus (from Installable File System Kit)
======
Pointer to an IO_STATUS_BLOCK structure that receives the final completion status and information about the requested operation. The file system sets the Information member of this structure to one of the following values:
FILE_CREATED [用這個標記可以判斷是不是建立了一個新檔案]
FILE_DOES_NOT_EXIST
FILE_EXISTS
FILE_OPENED
FILE_OVERWRITTEN
FILE_SUPERSEDED
NT::FileDispositionInformation (from Installable File System Kit) [可以在這裡禁止刪除檔案]
NT::FileRenameInformation [可以在這裡禁止重新命名]
NT::FileEndOfFileInformation [這個也會影響資料]
======
Specifies a value that determines the action to be taken, depending on whether the file already exists. The value can be any of those described following. Disposition Values Meaning
FILE_SUPERSEDE - If the file already exists, replace it with the given file. If it does not, create the given file.
FILE_CREATE - If the file already exists, fail the request and do not create or open the given file. If it does not, create the given file.
FILE_OPEN - If the file already exists, open it instead of creating a new file. If it does not, fail the request and do not create a new file.
FILE_OPEN_IF - If the file already exists, open it. If it does not, create the given file.
FILE_OVERWRITE If - the file already exists, open it and overwrite it. If it does not, fail the request.
FILE_OVERWRITE_IF - If the file already exists, open it and overwrite it. If it does not, create the given file.