Geek Answers Handbook

Is there a way to directly request a file system device driver to specify files in a directory?

I am currently using FindFirstFile, the FindNextFile API for recursively iterating over directories to search for files based on specific criteria. I noticed that the dir / s command gives better performance than my program. I am trying to check for events on a process monitor, and it looks like the cmd.exe / dir command is directly requesting a disk device driver. Is there a way I can achieve something similar with DeviceIOControl () ?. I am very new to device drivers, but not new to programming. Attaching procmon output for reference:

alt text

Hi,

+4
source share
5 answers

You can directly call ZwQueryDirectoryFile . Moving to a higher level to the driver level will require sending several IRPs and will probably be redundant.

+1
source

Use FindFirstFile and FindNextFile . That API using DeviceIOControl directly or mess is either impossible (I don’t know for sure).

Have you tried FindFirstFileEx and the FIND_FIRST_EX_LARGE_FETCH and FindExInfoBasic information level flag?

+3
source

"dir / s" uses FindFirst / Next. No special magic is required to list files.

QueryDirectory looks like Procmon provides what FindFirst / Next does to get its data from the file system.

+2
source

http://ntfs-search.sourceforge.net/

It works well. And faster.
It opens the volume and analyzes directly.

But it only works with NTFS.

+1
source

Profile your application, your bottleneck is likely to be anywhere. Some of these options are similar to taking out a shotgun to shoot a fly ...

-Scott

+1
source

More articles:


All Articles