2

i am implementing custom windows disk driver, and need FAT32 windows driver reloads it FAT tables, 1 and 2, that is below data sectors. How this can be done?

I need faster method without unmounting the drive. Why i am doing this is because the disk is memory virtual disk and the data is taken from the network in process of accessing sectors. I am writing directory data on-the-fly, it works, but not for the files - because at time driver fetches the FAT - the clusters are free, so files not work. I dissasembled fastfat.sys and found some points... At least i found device ioctl codes that maybe will reload fat table, i will post here if i got success.

Sergey
  • 685
  • 2
  • 8
  • 30
  • Did disassembling reveal information that isn't included in the source code? (I haven't tried compiling any of the versions that are included in the WDK so I don't know the answer to this.) – Windows programmer Jul 07 '11 at 07:26
  • There is no official source code for FAT, but the linux has their implementations with source code avaible. For the time yet i only interested in ioctl codes, because there is no other possible way to send driver a signal. – Sergey Jul 07 '11 at 10:31
  • Here's a declaration published in official source code, though it isn't an ioctl: #define FatAcquireExclusiveVolume(IRPCONTEXT,VCB) { \ PFCB Fcb = NULL; \ ASSERT(FlagOn((IRPCONTEXT)->Flags, IRP_CONTEXT_FLAG_WAIT)); \ (VOID)FatAcquireExclusiveVcb( (IRPCONTEXT), (VCB) ); \ while ( (Fcb = FatGetNextFcbBottomUp((IRPCONTEXT), Fcb, (VCB)->RootDcb)) != NULL) { \ (VOID)FatAcquireExclusiveFcb((IRPCONTEXT), Fcb ); \ } \ } – Windows programmer Jul 08 '11 at 00:25
  • Hey where do u found that? please can u give the link – Sergey Jul 08 '11 at 12:06
  • http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=11800 – Windows programmer Jul 12 '11 at 02:27

3 Answers3

2

Force the volume to be unmounted and remount it, or fake a device removal.

Also, why would you want to do this? This is almost certainly not something safe if you're trying to write to the filesystem at the same time as the OS is.

Ana Betts
  • 73,868
  • 16
  • 141
  • 209
  • yes i know about mounting/removal, this will work, but i need faster method without unmounting the drive. Why i am doing this is because the disk is memory virtual disk and the data is taken from the network in process of accessing sectors. I am writing directory data on-the-fly, it works, but not for the files - because at time driver fetches the FAT - the clusters are free, so files not work. I dissasembled fastfat.sys and found some points... At least i found device ioctl codes that *maybe* will reload fat table, i will post here if i got success. – Sergey Jul 07 '11 at 07:09
  • This is a seriously terrible idea. Please don't actually ship this method to anyone. What if in the next service pack, that device IOCTL changes from "reload FAT table" to "clear sectors" or causes a BSOD? I think you need to go up a level of abstraction - most people create a remote file system to do the kinds of things you're doing (like SMB or WebDAV) – Ana Betts Jul 07 '11 at 16:25
  • this can't be true in future, all ioctl codes like standard functions are backward-compatible. The networked file system that is what i am doing, but the storage source is not publicly available service. – Sergey Jul 07 '11 at 17:56
  • *Documented* IOCTL/FSCTL codes are backwards compatible, but if you're digging undocumented ones out via disassembly, there's absolutely zero guarantee that it'll work, even between hotfixes. What kind of driver are you writing? I'm saying that you should be writing a RFS driver, which would respond like a filesystem and talk over the network, no block-level devices involved – Ana Betts Jul 07 '11 at 19:51
  • The other thing you could do is write a custom iSCSI Target in user-mode, then use the iSCSI initiator API to mount the disk. You could probably do an unmount/remount cycle faster this way, and your code would be far easier to debug since your target is just talking over TCP in user-space. – Ana Betts Jul 07 '11 at 19:53
2

You should (well, must, really) unmount the drive before making any direct changes to the FAT, and then mount again to load those changes. Otherwise, you risk the possiblity of the OS overwriting the offline changes you've made using its (old) in-memory copy of the table, possibly corrupting your filesystem beyond repair.

tylerl
  • 30,197
  • 13
  • 80
  • 113
  • There is also no sane way to do this even if you can convince the upper level to "reload itself", because the disk cache could have a stale sector in memory that happens to have a FAT table on it, and it has no way to tell that you changed things behind its back. – Ana Betts Jul 06 '11 at 15:58
  • @tylerl, i know about mounting/removal, this will work, but i need faster method without unmounting the drive. Why i am doing this is because the disk is memory virtual disk and the data is taken from the network in process of accessing sectors. I am writing directory data on-the-fly, it works, but not for the files - because at time driver fetches the FAT - the clusters are free, so files not work. I dissasembled fastfat.sys and found some points... At least i found device ioctl codes that *maybe* will reload fat table, i will post here if i got success. – Sergey Jul 07 '11 at 07:12
0

You can start by calling DeviceIoControl with parameter FSCTL_LOCK_VOLUME. If it fails then you can be sure that you had better not modify the FAT yourself because other handles are open somewhere on the partition.

The next question is what to do when FSCTL_LOCK_VOLUME succeeds. Two people say to unmount the volume, but that is not enough. You have to take the volume offline, IOCTL_VOLUME_OFFLINE. But when I experimented, it still wasn't enough. Windows still had something buffered somewhere.

Windows programmer
  • 7,871
  • 1
  • 22
  • 23
  • I dissasembled fastfat.sys and found some points... At least i found device ioctl codes that *maybe* will reload fat table, i will post here if i got success. – Sergey Jul 07 '11 at 07:13