tags:

views:

74

answers:

2
Q: 

Detecting metadata-only read requests in windows filesystem

Hello,

I'm developing a kind of filesystem driver. All of read requests that windows makes to my filesystem goes by the driver implementation.

I would like to distinguish between "normal" read requests and those who want to get only the metadata from the file. ( Windows reads first 4K of the file and then stop reading ).

Does Windows mark this metadata reads in some way? It would be very useful in order to treat that two kind of operations in a different way.

In a typical CreateFile call, we have AccessMode, ShareMode, CreationDisposition and FlagsAndAttributes parameters ( being DWORD ), i'm not sure if it's possible to extract some clue of the operation requested.

Thanks for reading :)

A: 

I'd advise you to get the SysInternals file monitoring tool. It captures stacktraces for each call, and since it understands PDBs can even show you function names. That should allow you to figure out many details of this particular call.

MSalters  2009-10-30 10:40:04
I have checked Procmon ( now filemon is inside procmon ), and there are very little differences between that two kind of requests.i don't find any clear evidence that can help me to distinguish the requests. :(
HyLian  2009-11-02 15:10:14
It then appears that the answer to your first question is "no"
MSalters  2009-11-02 15:30:49
A: 

On rereading, it appears that the question is looking at the wrong place for an optimization. Why not treat every request for the first 4KB as a request for metadata? There is very little harm in that assumption.

An assumption the other way around would be harmful, if you're doing 100 MB of real I/O when you really only needed 4KB. But if you need 100 MB, a small optimization for the first 4KB causes at most a one-time small hickup for an inherently lengthy operation.

MSalters  2009-11-02 15:35:17
Actually that's is what i'm doing now. It's working but i'm not sure if it could have some more consecuencies.
HyLian  2009-11-03 10:45:12

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS