EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Create new file fails with "could not find this item"

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#34170
Posted: 07/31/2015 19:04:52
by Tim Sullivan (Standard support level)
Joined: 05/01/2008
Posts: 15

I'm creating a CBFS mounted folder to work with a SharePoint repository.

At present, all three of these features are failing for one reason or another: Create file, Save As, Paste File.
I mention this because the problem may be related to all three test cases.

Focusing on just the Create feature, the test case is to open the mounted folder in Windows Explorer (\\ap\sp\) and right-click for the context menu and choose: New | Text Document. I receive an error dialog that says:
Quote

Item Not Found
Could not find this item
This is no longer located in \\ap. Verify the item's location and try again.
sp


ProcMon shows:
Quote

IRP_MJ_CREATE \\ap\sp\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened
IRP_MJ_QUERY_INFORMATION \\ap\sp\ SUCCESS Type: QueryNameInformationFile, Name: \ap\sp\
IRP_MJ_QUERY_VOLUME_INFORMATION \\ap\sp\ SUCCESS Type: QueryAttributeInformationVolume, FileSystemAttributes: Case Preserved, Unicode, ACLs, Named Streams, Reparse Points, 0x1000000, MaximumComponentNameLength: 260, FileSystemName: FAT32
IRP_MJ_CLEANUP \\ap\sp\ SUCCESS
IRP_MJ_CLOSE \\ap\sp\ SUCCESS
IRP_MJ_CREATE \\ap\sp\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened
IRP_MJ_QUERY_INFORMATION \\ap\sp\ SUCCESS Type: QueryNameInformationFile, Name: \ap\sp\
IRP_MJ_QUERY_VOLUME_INFORMATION \\ap\sp\ SUCCESS Type: QueryAttributeInformationVolume, FileSystemAttributes: Case Preserved, Unicode, ACLs, Named Streams, Reparse Points, 0x1000000, MaximumComponentNameLength: 260, FileSystemName: FAT32
IRP_MJ_CLEANUP \\ap\sp\ SUCCESS
IRP_MJ_CLOSE \\ap\sp\ SUCCESS
FASTIO_NETWORK_QUERY_OPEN \\ap\sp\\New Text Document.txt FAST IO DISALLOWED
IRP_MJ_CREATE \\ap\sp\\New Text Document.txt NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
IRP_MJ_CREATE \\ap\sp\\New Text Document.txt SUCCESS Desired Access: Generic Read/Write, Write DAC, Disposition: Create, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Created
IRP_MJ_QUERY_VOLUME_INFORMATION \\ap\sp\\New Text Document.txt SUCCESS Type: QueryDeviceInformationVolume, DeviceType: Disk, Characteristics: Remote
IRP_MJ_QUERY_INFORMATION \\ap\sp\\New Text Document.txt NAME NOT FOUND Type: QueryNetworkOpenInformationFile
FASTIO_QUERY_INFORMATION \\ap\sp\\New Text Document.txt FAST IO DISALLOWED Type: QueryBasicInformationFile
IRP_MJ_QUERY_INFORMATION \\ap\sp\\New Text Document.txt NAME NOT FOUND Type: QueryBasicInformationFile
IRP_MJ_CLEANUP \\ap\sp\ SUCCESS
IRP_MJ_CLOSE \\ap\sp\ SUCCESS
IRP_MJ_CREATE \\ap\sp\ SUCCESS Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened
IRP_MJ_QUERY_INFORMATION \\ap\sp\ SUCCESS Type: QueryNameInformationFile, Name: \ap\sp\
IRP_MJ_QUERY_VOLUME_INFORMATION \\ap\sp\ SUCCESS Type: QueryAttributeInformationVolume, FileSystemAttributes: Case Preserved, Unicode, ACLs, Named Streams, Reparse Points, 0x1000000, MaximumComponentNameLength: 260, FileSystemName: FAT32
IRP_MJ_CLEANUP \\ap\sp\ SUCCESS
IRP_MJ_CLOSE \\ap\sp\ SUCCESS
FASTIO_NETWORK_QUERY_OPEN \\ap\sp\\New Text Document.txt FAST IO DISALLOWED
IRP_MJ_CREATE \\ap\sp\\New Text Document.txt NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
IRP_MJ_CREATE \\ap\sp\\New Text Document.txt NAME NOT FOUND Desired Access: Generic Read/Write, Write DAC, Disposition: Create, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0
IRP_MJ_CREATE \\ap\sp\ SUCCESS Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
IRP_MN_QUERY_INFORMATION \\ap\sp\ INVALID PARAMETER Type: QueryRemoteProtocolInformation
IRP_MJ_DIRECTORY_CONTROL \\ap\sp\New Text Document.txt NO SUCH FILE Type: QueryDirectory, Filter: New Text Document.txt
IRP_MJ_CLEANUP \\ap\sp\ SUCCESS
IRP_MJ_CLOSE \\ap\sp\ SUCCESS
IRP_MJ_CREATE \\ap\sp\\New Text Document.txt NAME NOT FOUND Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a


Any suggestions on where to focus?
#34175
Posted: 08/03/2015 10:05:24
by Volodymyr Zinin (EldoS Corp.)

Perhaps your OnDirectoryEnumeration and OnOpen callbacks return that "New Text Document.txt" doesn't exist. Check it first.
Also please check the problem with the latest CBFS build. If it doesn't help try to reproduce it with the Mapper or another CBFS sample (modify it if necessary). In the case it works with the sample but not with your application try to compare Process Monitor logs for both cases and find the differences.

Thanks.
#34177
Posted: 08/03/2015 11:24:02
by Eugene Mayevski (EldoS Corp.)

One more thing to check is character case. Let me remind, that windows filesystems are not case-sensitive and it's possible that you get some request related to the file or directory with the name passed in ALL CAPS. We had a complaint or two about such OS behavior here in this forum just recently (a couple of weeks ago).


Sincerely yours
Eugene Mayevski
#34231
Posted: 08/12/2015 17:21:54
by Tim Sullivan (Standard support level)
Joined: 05/01/2008
Posts: 15

Thanks, I discovered that the derived CreateFile was not being called properly but was instead using a base implementation.

I have been able to get the files to create successfully as blank files. I still have a few issues, however.

My current concern is performing a Save As of an existing file. When I do this the save as file name appears correctly for the new file, however, the file contents are always blank. I suspect this has to do with the Buffer Overflow from the ProcMon info below. All suggestions appreciated.


Quote

2:14:34.7028217 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:34.7029160 PM NOTEPAD.EXE 128 QueryRemoteProtocolInformation \\ap\sp\ INVALID PARAMETER
2:14:34.7029361 PM NOTEPAD.EXE 128 QueryDirectory \\ap\sp\newy2.txt NO SUCH FILE Filter: newy2.txt
2:14:34.7937299 PM NOTEPAD.EXE 128 CloseFile \\ap\sp\ SUCCESS
2:14:34.8858963 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\\newy2.txt SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:34.9738646 PM NOTEPAD.EXE 128 QueryInformationVolume \\ap\sp\newy2.txt BUFFER OVERFLOW VolumeCreationTime: 0, VolumeSerialNumber: FC00-0004, SupportsObjects: False, VolumeLabel: APCඦ
2:14:34.9738980 PM NOTEPAD.EXE 128 QueryAllInformationFile \\ap\sp\newy2.txt BUFFER OVERFLOW CreationTime: 8/12/2015 1:46:43 PM, LastAccessTime: 8/12/2015 1:46:43 PM, LastWriteTime: 8/12/2015 1:46:43 PM, ChangeTime: 0, FileAttributes: N, AllocationSize: 512, EndOfFile: 5, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xfb7, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Byte
2:14:34.9739361 PM NOTEPAD.EXE 128 CloseFile \\ap\sp\newy2.txt SUCCESS
2:14:35.3711906 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\\desktop.ini NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
2:14:35.3719325 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:35.3720600 PM NOTEPAD.EXE 128 QueryRemoteProtocolInformation \\ap\sp\ INVALID PARAMETER
2:14:35.3721068 PM NOTEPAD.EXE 128 QueryDirectory \\ap\sp\ SUCCESS 0: create.txt, 1: billsave.txt, 2: fordelete.txt, 3: billsaveAS.txt, 4: New Rich Text Document.rtf, 5: new.txt, 6: newy2.txt, 7: file.txt, 8: newtdsaveas.txt
2:14:35.4616924 PM NOTEPAD.EXE 128 QueryDirectory \\ap\sp\ NO MORE FILES
2:14:35.4617634 PM NOTEPAD.EXE 128 CloseFile \\ap\sp\ SUCCESS
2:14:41.7378963 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:41.7380637 PM NOTEPAD.EXE 128 QueryRemoteProtocolInformation \\ap\sp\ INVALID PARAMETER
2:14:41.7381165 PM NOTEPAD.EXE 128 QueryDirectory \\ap\sp\ SUCCESS 0: create.txt, 1: billsave.txt, 2: fordelete.txt, 3: billsaveAS.txt, 4: New Rich Text Document.rtf, 5: new.txt, 6: newy2.txt, 7: file.txt, 8: newtdsaveas.txt
2:14:41.8246346 PM NOTEPAD.EXE 128 QueryDirectory \\ap\sp\ NO MORE FILES
2:14:44.4388673 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:44.4389520 PM NOTEPAD.EXE 128 QueryRemoteProtocolInformation \\ap\sp\ INVALID PARAMETER
2:14:44.4389686 PM NOTEPAD.EXE 128 QueryDirectory \\ap\sp\newy2sa.txt NO SUCH FILE Filter: newy2sa.txt
2:14:44.5267057 PM NOTEPAD.EXE 128 CloseFile \\ap\sp\ SUCCESS
2:14:44.6173505 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\\newy2sa.txt NAME NOT FOUND Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a
2:14:44.7207908 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:44.7208731 PM NOTEPAD.EXE 128 QueryRemoteProtocolInformation \\ap\sp\ INVALID PARAMETER
2:14:44.7208922 PM NOTEPAD.EXE 128 QueryDirectory \\ap\sp\newy2sa.txt NO SUCH FILE Filter: newy2sa.txt
2:14:44.8435422 PM NOTEPAD.EXE 128 CloseFile \\ap\sp\ SUCCESS
2:14:44.9352769 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\\newy2sa.txt NAME NOT FOUND Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a
2:14:45.0201765 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:45.0202934 PM NOTEPAD.EXE 128 QueryRemoteProtocolInformation \\ap\sp\ INVALID PARAMETER
2:14:45.0203179 PM NOTEPAD.EXE 128 QueryDirectory \\ap\sp\newy2sa.txt NO SUCH FILE Filter: newy2sa.txt
2:14:45.1084661 PM NOTEPAD.EXE 128 CloseFile \\ap\sp\ SUCCESS
2:14:45.2006707 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\\newy2sa.txt NAME NOT FOUND Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a
2:14:45.3654380 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\\newy2sa.txt SUCCESS Desired Access: Generic Write, Read Attributes, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created
2:14:45.6261161 PM Explorer.EXE 5872 NotifyChangeDirectory \\ap\sp\ NOTIFY ENUM DIR Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME
2:14:45.7345296 PM NOTEPAD.EXE 128 CloseFile \\ap\sp\newy2sa.txt SUCCESS
2:14:45.8198692 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\\newy2sa.txt SUCCESS Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:46.0803850 PM NOTEPAD.EXE 128 QueryAttributeTagFile \\ap\sp\newy2sa.txt SUCCESS Attributes: N, ReparseTag: 0x0
2:14:46.0804193 PM NOTEPAD.EXE 128 SetDispositionInformationFile \\ap\sp\newy2sa.txt SUCCESS Delete: True
2:14:46.0804878 PM NOTEPAD.EXE 128 CloseFile \\ap\sp\newy2sa.txt SUCCESS
2:14:46.2524762 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:46.2525497 PM NOTEPAD.EXE 128 QueryBasicInformationFile \\ap\sp\ SUCCESS CreationTime: 0, LastAccessTime: 0, LastWriteTime: 0, ChangeTime: 0, FileAttributes: D
2:14:46.2525763 PM NOTEPAD.EXE 128 CloseFile \\ap\sp\ SUCCESS
2:14:46.2528697 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:46.2529281 PM NOTEPAD.EXE 128 QueryBasicInformationFile \\ap\sp\ SUCCESS CreationTime: 0, LastAccessTime: 0, LastWriteTime: 0, ChangeTime: 0, FileAttributes: D
2:14:46.2529478 PM NOTEPAD.EXE 128 CloseFile \\ap\sp\ SUCCESS
2:14:46.3540915 PM NOTEPAD.EXE 128 CloseFile \\ap\sp\ SUCCESS
2:14:46.4579063 PM Explorer.EXE 5872 CreateFile \\ap\sp\\newy2sa.txt NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
2:14:46.6215466 PM Explorer.EXE 5872 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:46.6216334 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\\newy2sa.txt SUCCESS Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created
2:14:46.6216416 PM Explorer.EXE 5872 QueryRemoteProtocolInformation \\ap\sp\ INVALID PARAMETER
2:14:46.6216637 PM Explorer.EXE 5872 QueryDirectory \\ap\sp\newy2sa.txt NO SUCH FILE Filter: newy2sa.txt
2:14:46.8274148 PM Explorer.EXE 5872 CloseFile \\ap\sp\ SUCCESS
2:14:47.0149236 PM Explorer.EXE 5872 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:47.1109684 PM NOTEPAD.EXE 128 WriteFile \\ap\sp\newy2sa.txt SUCCESS Offset: 0, Length: 10, Priority: Normal
2:14:47.1110682 PM Explorer.EXE 5872 QueryRemoteProtocolInformation \\ap\sp\ INVALID PARAMETER
2:14:47.1110904 PM NOTEPAD.EXE 128 SetEndOfFileInformationFile \\ap\sp\newy2sa.txt SUCCESS EndOfFile: 10
2:14:47.1111027 PM Explorer.EXE 5872 QueryDirectory \\ap\sp\ SUCCESS 0: create.txt, 1: billsave.txt, 2: fordelete.txt, 3: billsaveAS.txt, 4: New Rich Text Document.rtf, 5: new.txt, 6: newy2.txt, 7: file.txt, 8: newtdsaveas.txt, 9: newy2sa.txt
2:14:47.1111110 PM Explorer.EXE 5872 CreateFile \\ap\sp\\newy2sa.txt SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:47.1111137 PM NOTEPAD.EXE 128 SetAllocationInformationFile \\ap\sp\newy2sa.txt SUCCESS AllocationSize: 10
2:14:47.2759877 PM Explorer.EXE 5872 QueryInformationVolume \\ap\sp\newy2sa.txt BUFFER OVERFLOW VolumeCreationTime: 0, VolumeSerialNumber: FC00-0004, SupportsObjects: False, VolumeLabel: APCൟ
2:14:47.2762082 PM Explorer.EXE 5872 QueryDirectory \\ap\sp\ NO MORE FILES
2:14:47.2763048 PM Explorer.EXE 5872 QueryAllInformationFile \\ap\sp\newy2sa.txt BUFFER OVERFLOW CreationTime: 8/12/2015 2:14:47 PM, LastAccessTime: 8/12/2015 2:14:47 PM, LastWriteTime: 8/12/2015 2:14:47 PM, ChangeTime: 0, FileAttributes: N, AllocationSize: 512, EndOfFile: 10, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xfd7, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Byte
2:14:47.2763396 PM Explorer.EXE 5872 CloseFile \\ap\sp\newy2sa.txt SUCCESS
2:14:47.2770154 PM Explorer.EXE 5872 CloseFile \\ap\sp\ SUCCESS
2:14:47.2781706 PM NOTEPAD.EXE 128 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:47.2783009 PM NOTEPAD.EXE 128 QueryDirectory \\ap\sp\newy2sa.txt NO SUCH FILE Filter: newy2sa.txt
2:14:47.4183035 PM NOTEPAD.EXE 128 CloseFile \\ap\sp\ SUCCESS
2:14:47.4183627 PM Explorer.EXE 5872 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:47.4184640 PM Explorer.EXE 5872 QueryRemoteProtocolInformation \\ap\sp\ INVALID PARAMETER
2:14:47.4184960 PM Explorer.EXE 5872 QueryDirectory \\ap\sp\newy2sa.txt NO SUCH FILE Filter: newy2sa.txt
2:14:47.4188159 PM NOTEPAD.EXE 128 CloseFile \\ap\sp\newy2sa.txt SUCCESS
2:14:47.5158289 PM Explorer.EXE 5872 CloseFile \\ap\sp\ SUCCESS
2:14:47.6164661 PM Explorer.EXE 5872 CreateFile \\ap\sp\\newy2sa.txt SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:47.6267561 PM Explorer.EXE 5872 NotifyChangeDirectory \\ap\sp\ NOTIFY ENUM DIR Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME
2:14:47.7116292 PM Explorer.EXE 5872 QueryInformationVolume \\ap\sp\newy2sa.txt BUFFER OVERFLOW VolumeCreationTime: 0, VolumeSerialNumber: FC00-0004, SupportsObjects: False, VolumeLabel: APCൟ
2:14:47.7116558 PM Explorer.EXE 5872 QueryAllInformationFile \\ap\sp\newy2sa.txt BUFFER OVERFLOW CreationTime: 8/12/2015 2:14:47 PM, LastAccessTime: 8/12/2015 2:14:47 PM, LastWriteTime: 8/12/2015 2:14:47 PM, ChangeTime: 0, FileAttributes: N, AllocationSize: 512, EndOfFile: 10, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xfd8, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Byte
2:14:47.7116812 PM Explorer.EXE 5872 CloseFile \\ap\sp\newy2sa.txt SUCCESS
2:14:47.7998686 PM Explorer.EXE 5872 CreateFile \\ap\sp\\newy2sa.txt SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:47.8892881 PM Explorer.EXE 5872 QueryInformationVolume \\ap\sp\newy2sa.txt BUFFER OVERFLOW VolumeCreationTime: 0, VolumeSerialNumber: FC00-0004, SupportsObjects: False, VolumeLabel: APCൟ
2:14:47.8893118 PM Explorer.EXE 5872 QueryAllInformationFile \\ap\sp\newy2sa.txt BUFFER OVERFLOW CreationTime: 8/12/2015 2:14:47 PM, LastAccessTime: 8/12/2015 2:14:47 PM, LastWriteTime: 8/12/2015 2:14:47 PM, ChangeTime: 0, FileAttributes: N, AllocationSize: 512, EndOfFile: 10, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xfd9, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Byte
2:14:47.8893367 PM Explorer.EXE 5872 FileSystemControl \\ap\sp\newy2sa.txt INVALID DEVICE REQUEST Control: FSCTL_CREATE_OR_GET_OBJECT_ID
2:14:47.8893565 PM Explorer.EXE 5872 CloseFile \\ap\sp\newy2sa.txt SUCCESS
2:14:47.9193130 PM Explorer.EXE 5872 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:47.9193864 PM Explorer.EXE 5872 QueryRemoteProtocolInformation \\ap\sp\ INVALID PARAMETER
2:14:47.9194124 PM Explorer.EXE 5872 QueryDirectory \\ap\sp\newy2sa.txt NO SUCH FILE Filter: newy2sa.txt
2:14:48.0057254 PM Explorer.EXE 5872 CloseFile \\ap\sp\ SUCCESS
2:14:48.0906642 PM Explorer.EXE 5872 CreateFile \\ap\sp\\newy2sa.txt SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:48.1704046 PM Explorer.EXE 5872 QueryInformationVolume \\ap\sp\newy2sa.txt BUFFER OVERFLOW VolumeCreationTime: 0, VolumeSerialNumber: FC00-0004, SupportsObjects: False, VolumeLabel: APCൟ
2:14:48.1704301 PM Explorer.EXE 5872 QueryAllInformationFile \\ap\sp\newy2sa.txt BUFFER OVERFLOW CreationTime: 8/12/2015 2:14:47 PM, LastAccessTime: 8/12/2015 2:14:47 PM, LastWriteTime: 8/12/2015 2:14:47 PM, ChangeTime: 0, FileAttributes: N, AllocationSize: 512, EndOfFile: 10, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xfda, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Byte
2:14:48.1704601 PM Explorer.EXE 5872 CloseFile \\ap\sp\newy2sa.txt SUCCESS
2:14:48.2592105 PM Explorer.EXE 5872 CreateFile \\ap\sp\\newy2sa.txt SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:48.3561984 PM Explorer.EXE 5872 QueryInformationVolume \\ap\sp\newy2sa.txt BUFFER OVERFLOW VolumeCreationTime: 0, VolumeSerialNumber: FC00-0004, SupportsObjects: False, VolumeLabel: APCൟ
2:14:48.3562244 PM Explorer.EXE 5872 QueryAllInformationFile \\ap\sp\newy2sa.txt BUFFER OVERFLOW CreationTime: 8/12/2015 2:14:47 PM, LastAccessTime: 8/12/2015 2:14:47 PM, LastWriteTime: 8/12/2015 2:14:47 PM, ChangeTime: 0, FileAttributes: N, AllocationSize: 512, EndOfFile: 10, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xfdb, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Byte
2:14:48.3562504 PM Explorer.EXE 5872 FileSystemControl \\ap\sp\newy2sa.txt INVALID DEVICE REQUEST Control: FSCTL_CREATE_OR_GET_OBJECT_ID
2:14:48.3562712 PM Explorer.EXE 5872 CloseFile \\ap\sp\newy2sa.txt SUCCESS
2:14:48.3795596 PM Explorer.EXE 5872 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:48.3796610 PM Explorer.EXE 5872 QueryInformationVolume \\ap\sp\ BUFFER OVERFLOW VolumeCreationTime: 0, VolumeSerialNumber: FC00-0004, SupportsObjects: False, VolumeLabel: APCൟ
2:14:48.3796907 PM Explorer.EXE 5872 QueryAllInformationFile \\ap\sp\ BUFFER OVERFLOW CreationTime: 1/1/1980 12:00:00 AM, LastAccessTime: 1/1/1980 12:00:00 AM, LastWriteTime: 1/1/1980 12:00:00 AM, ChangeTime: 0, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x7fffffffffffffff, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Byte
2:14:48.3797216 PM Explorer.EXE 5872 FileSystemControl \\ap\sp\ INVALID DEVICE REQUEST Control: FSCTL_CREATE_OR_GET_OBJECT_ID
2:14:48.3797426 PM Explorer.EXE 5872 CloseFile \\ap\sp\ SUCCESS
2:14:48.3800347 PM Explorer.EXE 5872 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:48.3801567 PM Explorer.EXE 5872 QueryInformationVolume \\ap\sp\ BUFFER OVERFLOW VolumeCreationTime: 0, VolumeSerialNumber: FC00-0004, SupportsObjects: False, VolumeLabel: APCൟ
2:14:48.3801821 PM Explorer.EXE 5872 QueryAllInformationFile \\ap\sp\ BUFFER OVERFLOW CreationTime: 1/1/1980 12:00:00 AM, LastAccessTime: 1/1/1980 12:00:00 AM, LastWriteTime: 1/1/1980 12:00:00 AM, ChangeTime: 0, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x7fffffffffffffff, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Byte
2:14:48.3802044 PM Explorer.EXE 5872 FileSystemControl \\ap\sp\ INVALID DEVICE REQUEST Control: FSCTL_CREATE_OR_GET_OBJECT_ID
2:14:48.3802226 PM Explorer.EXE 5872 CloseFile \\ap\sp\ SUCCESS
2:14:48.4640741 PM Explorer.EXE 5872 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:48.4642733 PM Explorer.EXE 5872 QueryRemoteProtocolInformation \\ap\sp\ INVALID PARAMETER
2:14:48.4643039 PM Explorer.EXE 5872 QueryDirectory \\ap\sp\ SUCCESS 0: create.txt, 1: billsave.txt, 2: fordelete.txt, 3: billsaveAS.txt, 4: New Rich Text Document.rtf, 5: new.txt, 6: newy2.txt, 7: file.txt, 8: newtdsaveas.txt, 9: newy2sa.txt
2:14:48.5595890 PM Explorer.EXE 5872 QueryDirectory \\ap\sp\ NO MORE FILES
2:14:48.6477251 PM Explorer.EXE 5872 CreateFile \\ap\sp\\newy2sa.txt SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:48.6477899 PM Explorer.EXE 5872 CloseFile \\ap\sp\ SUCCESS
2:14:48.9220826 PM Explorer.EXE 5872 QueryInformationVolume \\ap\sp\newy2sa.txt BUFFER OVERFLOW VolumeCreationTime: 0, VolumeSerialNumber: FC00-0004, SupportsObjects: False, VolumeLabel: APCൟ
2:14:48.9221146 PM Explorer.EXE 5872 QueryAllInformationFile \\ap\sp\newy2sa.txt BUFFER OVERFLOW CreationTime: 8/12/2015 2:14:47 PM, LastAccessTime: 8/12/2015 2:14:47 PM, LastWriteTime: 8/12/2015 2:14:47 PM, ChangeTime: 0, FileAttributes: N, AllocationSize: 512, EndOfFile: 1, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xfe6, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Byte
2:14:48.9221404 PM Explorer.EXE 5872 FileSystemControl \\ap\sp\newy2sa.txt INVALID DEVICE REQUEST Control: FSCTL_CREATE_OR_GET_OBJECT_ID
2:14:48.9221598 PM Explorer.EXE 5872 CloseFile \\ap\sp\newy2sa.txt SUCCESS
2:14:48.9313738 PM Explorer.EXE 5872 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:48.9314895 PM Explorer.EXE 5872 QueryInformationVolume \\ap\sp\ BUFFER OVERFLOW VolumeCreationTime: 0, VolumeSerialNumber: FC00-0004, SupportsObjects: False, VolumeLabel: APCൟ
2:14:48.9315136 PM Explorer.EXE 5872 QueryAllInformationFile \\ap\sp\ BUFFER OVERFLOW CreationTime: 1/1/1980 12:00:00 AM, LastAccessTime: 1/1/1980 12:00:00 AM, LastWriteTime: 1/1/1980 12:00:00 AM, ChangeTime: 0, FileAttributes: D, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: True, IndexNumber: 0x7fffffffffffffff, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Byte
2:14:48.9315362 PM Explorer.EXE 5872 FileSystemControl \\ap\sp\ INVALID DEVICE REQUEST Control: FSCTL_CREATE_OR_GET_OBJECT_ID
2:14:48.9315535 PM Explorer.EXE 5872 CloseFile \\ap\sp\ SUCCESS
2:14:49.6268845 PM Explorer.EXE 5872 NotifyChangeDirectory \\ap\sp\ Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME
2:14:49.9363644 PM Explorer.EXE 5872 CreateFile \\ap\sp\ SUCCESS Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
2:14:49.9365693 PM Explorer.EXE 5872 QueryRemoteProtocolInformation \\ap\sp\ INVALID PARAMETER
2:14:49.9366076 PM Explorer.EXE 5872 QueryDirectory \\ap\sp\ SUCCESS 0: create.txt, 1: billsave.txt, 2: fordelete.txt, 3: billsaveAS.txt, 4: New Rich Text Document.rtf, 5: new.txt, 6: newy2.txt, 7: file.txt, 8: newtdsaveas.txt, 9: newy2sa.txt
2:14:50.0284200 PM Explorer.EXE 5872 QueryDirectory \\ap\sp\ NO MORE FILES
2:14:50.0285612 PM Explorer.EXE 5872 CloseFile \\ap\sp\ SUCCESS
#34238
Posted: 08/13/2015 04:43:03
by Volodymyr Zinin (EldoS Corp.)

Could you please save the log in the Process Monitor native format and give it to me? Also specify the file name which is failed to save.

Thanks.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 6140 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!