Peter
Wed Oct 11 12:54:12 CDT 2006
Your initial focus should be on IRP_MJ_CREATE since that's how you'll know
(in your file system filter) the path of the file being opened. Presumably
you would check the access rights requested and then fail the CreateFile
call if the caller asked for read access.
-p
"SoxFan44" <soxfan@44.net> wrote in message
news:uMzaWdH7GHA.4404@TK2MSFTNGP04.phx.gbl...
> Hi,
> Thanks for the response. I'd rather use a driver so it's more difficult
> for it to be disabled, I'd like it to function similiar to how an
> anti-virus program scans files before they are even allowed to touch the
> file system. I'm also do ing this as an excersise to learn more about
> driver development :)
>
> Could you point me to any info on how I'd do this? I'm assuming my
> initial focus should be on IRP_MJ_READ and IRP_MJ_WRITE. Once those
> functions get a buffer, how can I tell what the filename is? Isn't it
> just a stream then? Thanks!
>
> "Don Burn" <burn@stopspam.acm.org> wrote in message
> news:uL3c%23CH7GHA.4428@TK2MSFTNGP02.phx.gbl...
>> You can do this but it takes a file system filter and is very complex.
>> You might consider whether it is worth it versus using an access control
>> list (ACL) with a unique security identifier (SID). Have your
>> application use the SID to access files in the directory. This is
>> standard windows and pretty easy.
>>
>>
>> --
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>>
http://www.windrvr.com
>> Remove StopSpam from the email to reply
>>
>>
>>
>> "SoxFan44" <soxfan@44.net> wrote in message
>> news:un0vB3G7GHA.4996@TK2MSFTNGP04.phx.gbl...
>>> Hi,
>>> I'd like to write a driver that blcoks all write access to a certain
>>> directory (unless it comes from a binary that I wrote). I want this to
>>> occur at the driver level, but is this even possible? Thanks for any
>>> advice!
>>>
>>
>>
>
>