检测 Windows 文件系统中的仅元数据读取请求

发布于 2024-08-09 22:16:36 字数 325 浏览 8 评论 0原文

我正在开发一种文件系统驱动程序。 Windows 对我的文件系统发出的所有读取请求均由驱动程序实现执行。

我想区分“正常”读取请求和那些只想从文件中获取元数据的请求。 (Windows 读取文件的前 4K,然后停止读取)。

Windows 是否以某种方式标记此元数据读取?以不同的方式处理这两种操作将非常有用。

在典型的 CreateFile 调用中,我们有 AccessMode、ShareMode、CreationDisposition 和 FlagsAndAttributes 参数(为 DWORD ),我不确定是否可以提取所请求操作的一些线索。

感谢您的阅读:)

I'm developing a kind of filesystem driver. All of read requests that windows makes to my filesystem goes by the driver implementation.

I would like to distinguish between "normal" read requests and those who want to get only the metadata from the file. ( Windows reads first 4K of the file and then stop reading ).

Does Windows mark this metadata reads in some way? It would be very useful in order to treat that two kind of operations in a different way.

In a typical CreateFile call, we have AccessMode, ShareMode, CreationDisposition and FlagsAndAttributes parameters ( being DWORD ), i'm not sure if it's possible to extract some clue of the operation requested.

Thanks for reading :)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

沦落红尘 2024-08-16 22:16:37

我建议您使用 SysInternals 文件监控工具。它捕获每个调用的堆栈跟踪,并且由于它理解 PDB,甚至可以向您显示函数名称。这应该可以让您弄清楚这个特定通话的许多细节。

I'd advise you to get the SysInternals file monitoring tool. It captures stacktraces for each call, and since it understands PDBs can even show you function names. That should allow you to figure out many details of this particular call.

输什么也不输骨气 2024-08-16 22:16:37

重读后发现,问题似乎是在错误的地方进行优化。为什么不将前 4KB 的每个请求都视为元数据请求呢?这种假设几乎没有什么坏处。

如果您在实际只需要 4KB 时执行 100 MB 的实际 I/O,则相反的假设将是有害的。但如果您需要 100 MB,则对前 4KB 进行小幅优化至多会导致本来就很长的操作出现一次性的小问题。

On rereading, it appears that the question is looking at the wrong place for an optimization. Why not treat every request for the first 4KB as a request for metadata? There is very little harm in that assumption.

An assumption the other way around would be harmful, if you're doing 100 MB of real I/O when you really only needed 4KB. But if you need 100 MB, a small optimization for the first 4KB causes at most a one-time small hickup for an inherently lengthy operation.

避讳 2024-08-16 22:16:37

执行文件扫描以提取元数据的不是 Windows,而是 Windows 资源管理器。此外,您还将面对阅读以创建缩略图。

将驱动器作为远程/网络报告给Windows将使资源管理器读取更少的信息并减少文件系统的负载,但不幸的是似乎没有办法完全阻止这种读取。

It's not Windows, but Windows Explorer that performs scanning of files to extract metadata. Moreover, you will also face the reads to create thumbnails.

Reporting the drive as a remote / network to Windows will make Explorer read less information and reduce load on the file system, but unfortunately there seems to be no way to block such reading completely.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文