You wrote on Tue, 29 Apr 2008 22:31:03 -0700 (PDT):
s> To put it simple, I want to distinguish between IRPs generated on
s> behalf of the OS processes and those generated on behalf of user mode
There are cases when the OS issues requests on behalf of the application (or
it's needs). Examples: if the application accesses the file via MMF, or when
cache manager accesses the file (I am not 100% sure about the latter case).
With best regards,