NTFS Driver and API Layers

abhinarulkar

Hi All, I would like to know how the File Handling APIs provided by Windows are passed on to the NTFS driver. What are the various layers through which these API calls are taken before the file system driver actually converts it into low level system calls. Suppose I want to programmatically open a file in C++, then I would make a call to OpenFile() method provided by Win SDK. Then, what are the various stages before the call is actually taken by the file system driver. Do we have any control at the driver stage of the call? Please help, Abhishek. Learning is a never ending process of Life.

Mike Dimmick

Read Inside Windows 2000 by David Solomon and Mark Russinovich (MS Press). For CreateFile (there is no OpenFile), the entry point in kernel32.dll converts the file name into an absolute path suitable for the object manager, converts the other parameters as appropriate, then calls NtCreateFile in ntdll.dll. This is a fairly simple routine which executes software interrupt 0x2e (Windows 2000) or uses the SYSENTER instruction (Windows XP) to change to kernel mode and execute the kernel mode NtCreateFile routine. From there, the object manager (an Executive component) is used to locate the device object corresponding to the file system, whose Parse function is called to process the rest of the path. You probably want to write a file system filter driver: a driver that sits above the file system and gets to see and manipulate I/O Request Packets destined for the file system. I think you need the Installable File System kit[^] for developing file system filter drivers.