Re: FileSystem Filter Driver

joe briggs (jbriggs@briggsmedia.com)
Wed, 23 Apr 2003 12:11:22 -0400


I once wrote a Windows 95/98 VXD that used the Microsoft mechanism -
frequently called a 'hooker'. In that case, you took a VXD template and made
a system call that 'hooked' onto either a device or a filename. In windows,
each file I/O action generated an event. You could listen for the event and
then check to see if it was for your file or device, and if so, choose to
selectively service (i.e, do the right thing), or pass it on to the normal
driver, or a combination of both. While at the time I thought "wow, what a
cool way wreak havoc", it was the only way at the time to get around some
other MS multimedia limitations. If someone wants it, I'll be glad to dig
it out.

On Wednesday 23 April 2003 08:11 am, Abhishek Agrawal wrote:
> On Wed, 2003-04-23 at 17:17, Michael Knigge wrote:
> > Under Windows a pretty well-known filter driver is FileMon at
> > www.sysinternals.com. Thex also have a Linux version but (ahhh)
> > without Source (the source for the Windows-Version is available). The
> > Linux-Version can be found at
> > http://www.sysinternals.com/linux/utilities/filemon.shtml
> >
> > I guess what they are doing is similar to the way strace works - but
> > I'm not sure. Hmmm, let us strace this thing ;-))))
>
> Filemon look like it will not work with kernel 2.5 up.
> From the link...
> "it replaces entries in the system call table with pointers to its own
> hook functions."
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

-- 
Joe Briggs
Briggs Media Systems
105 Burnsen Ave.
Manchester NH 01304 USA
TEL/FAX 603-232-3115 MOBILE 603-493-2386
www.briggsmedia.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/