Hi,
I m writing minifilter driver to stop burning into CD, so that I created a thread to monitor if any new device comes then attach it to the filter.
I starts burning into CD, during burning I got successfully attached msg from my thread… but after attachement I didnt get IRP_MJ_CREATE msg for this drive. So, I couldn’t stop burning…
Let me know if anybody knows why this happped.
Thanks.
CD and DVD burners are known for breaking all the rules. It is likely
they are completely bypassing the file system, and may be doing direct
SCSI pass thru commands to the device. Controlling CD burners is like
controlling virus’es a continual battle.
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
-----Original Message-----
From: xxxxx@yahoo.com [mailto:xxxxx@yahoo.com]
Posted At: Monday, April 26, 2010 3:50 AM
Posted To: ntfsd
Conversation: Block to burn in CD
Subject: Block to burn in CDHi,
I m writing minifilter driver to stop burning into CD, so that I
created a
thread to monitor if any new device comes then attach it to the
filter.I starts burning into CD, during burning I got successfully attached
msg from
my thread… but after attachement I didnt get IRP_MJ_CREATE msg for
this
drive. So, I couldn’t stop burning…Let me know if anybody knows why this happped.
Thanks.
__________ Information from ESET Smart Security, version of virus
signature
database 5061 (20100426) __________The message was checked by ESET Smart Security.
Hi Don,
Then is there any possiblities at driver level to block CD-ROM…
Thanks
You need to filter cdrom.sys including SCSI pass thru, and ensure that
all write type actions to the device are blocked.
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
-----Original Message-----
From: xxxxx@yahoo.com [mailto:xxxxx@yahoo.com]
Posted At: Monday, April 26, 2010 8:07 AM
Posted To: ntfsd
Conversation: Block to burn in CD
Subject: RE: Block to burn in CDHi Don,
Then is there any possiblities at driver level to block
CD-ROM…Thanks
__________ Information from ESET Smart Security, version of virus
signature
database 5061 (20100426) __________The message was checked by ESET Smart Security.
“Don Burn” wrote in message news:xxxxx@ntfsd…
> You need to filter cdrom.sys including SCSI pass thru, and ensure that
> all write type actions to the device are blocked.
To the OP, beware that this ends up being a mess of a project. You’ll run
across an application that uses something like SPTD
(http://www.duplexsecure.com/en/downloads) and your filter won’t work. Or
you’ll end up under a CDROM burning filter that bypasses lower filters and
your filter won’t work.
Best thing to do is pick a subset of burning applications that you care
about, profile their behavior, and see what you can do. For certain
applications just applying an appropriate ACL will do the trick, which will
save you a lot of pain.
Further questions on this are probably better directed to NTDEV.
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
“Don Burn” wrote in message news:xxxxx@ntfsd…
> You need to filter cdrom.sys including SCSI pass thru, and ensure that
> all write type actions to the device are blocked.
>
>
> Don Burn (MVP, Windows DKD)
> Windows Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
>
>
>
>
>> -----Original Message-----
>> From: xxxxx@yahoo.com [mailto:xxxxx@yahoo.com]
>> Posted At: Monday, April 26, 2010 8:07 AM
>> Posted To: ntfsd
>> Conversation: Block to burn in CD
>> Subject: RE: Block to burn in CD
>>
>> Hi Don,
>>
>> Then is there any possiblities at driver level to block
> CD-ROM…
>>
>>
>> Thanks
>>
>>
>> Information from ESET Smart Security, version of virus
> signature
>> database 5061 (20100426)
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>
>
>
On 4/26/2010 6:31 AM, Don Burn wrote:
You need to filter cdrom.sys including SCSI pass thru, and ensure that
all write type actions to the device are blocked.
One additional point here. Some burning tools implement a private IOCtl
interface that the user mode component sends the image for burning to
their associated filter above the class driver. Then their filter talks
directly to the underlying storage driver such as cdrom.sys or the like.
Thus they end up skipping filters or other drivers in the stack which
lie between their filter and the storage driver. I have run into this
with some of the big name burning products on the market and it ends up
being quite the problem to overcome.
Pete
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr> -----Original Message-----
> From: xxxxx@yahoo.com [mailto:xxxxx@yahoo.com]
> Posted At: Monday, April 26, 2010 8:07 AM
> Posted To: ntfsd
> Conversation: Block to burn in CD
> Subject: RE: Block to burn in CD
>
> Hi Don,
>
> Then is there any possiblities at driver level to block
CD-ROM…
>
>
> Thanks
>
>
> __________ Information from ESET Smart Security, version of virus
signature
> database 5061 (20100426) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295
Once I involved developing a product which directly attaches to SCSI Port objects. The filter driver gets file or CD-ROM source to copy from user mode application and then it skips all the paths. It directly reads (IRP SRB) and sends to target device. No ReadFile or WriteFile involved in this process but SCSI READ & SCSI WRITE.
So you better of filtering SCSI requests.
Filter the CDBs and IOCTL_SCSI_PASS_THROUGH_(DIRECT) below the CdRom.sys driver, intercept the MMC request which reads the disc information, and fake the “this is not a writable media” response.
Note that some products like Alcohol 120% do hooking. So, to block even them, you will also need to hook the storage port’s DRIVER_DISPATCH table.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntfsd…
> Hi,
>
> I m writing minifilter driver to stop burning into CD, so that I created a thread to monitor if any new device comes then attach it to the filter.
>
> I starts burning into CD, during burning I got successfully attached msg from my thread… but after attachement I didnt get IRP_MJ_CREATE msg for this drive. So, I couldn’t stop burning…
>
> Let me know if anybody knows why this happped.
>
> Thanks.
>
> CD and DVD burners are known for breaking all the rules.
They do follow either MMC or Mt Fuji (the a-bit-patched MMC) spec.
The only drive across 10 vendors I have around which violates these specs is the old Panasonic Blu-Ray burner, which requires the output buffer size for some MMC command as 32 (the others and the spec want 16).
It is likely they are completely bypassing the file system
Yes, though with Vista+ live UDF - probably no.
DVD-RAM can be written directly by “format” to FAT32 and then the usual FSD calls.
BD-RE is usually the same, but some vendors sell unformatted BD-RE blanks, and thus MMC FORMAT UNIT is needed before “format /fs:fat32”.
DVD+RW is the same as unformatted BD-RE - you first do MMC FORMAT, then create an empty filesystem on it.
, and may be doing direct SCSI pass thru commands to the device.
Exactly. This is now Nero and Vista+ IMAPI work.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
“Scott Noone” wrote in message news:xxxxx@ntfsd…
> To the OP, beware that this ends up being a mess of a project.
Maybe the best solution for “serious” (a.k.a. “managed”) customers is to
patch the drive firmware to make it non-writable, and prevent installing
other/external drives.
Such customers never need a writable CD/DVD drive anyway:
they won’t use the drive for backups, and obviously not to burn a music
disk for their car 
The downside of this solution - no software development cost to charge the
customer for 
> Further questions on this are probably better directed to NTDEV.
+1
Regards,
–pa