Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


How to block file and folder creation in Legacy filter driver for windows

Nikhil_V_SNikhil_V_S Member - All Emails Posts: 58
I am trying to create a legacy filter driver for windows to block the "creation of file and folder" in external storage devices.

I tried with the following code

if(irpSp->MajorFunction==IRP_MJ_CREATE)
{
if((irpSp->Parameters.Create.Options)&FILE_DIRECTORY_FILE)
{
Irp->IoStatus.Status = STATUS_ACCESS_DENIED;//Deny Access
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_ACCESS_DENIED;
}
else if((irpSp->Parameters.Create.Options)&FILE_NON_DIRECTORY_FILE)
{

Irp->IoStatus.Status = STATUS_ACCESS_DENIED;//Deny Access
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_ACCESS_DENIED;

}
}

while working with the code it block's the file/folder creation. But it also block's file copying from device and file opening operations.

I need to block the creation of file\folder and allow the copying from the device and opening the files.

Comments

  • NtDev_GeekNtDev_Geek Member - All Emails Posts: 111
    you need to understand blocking blindly will do what u did. u need to play with disposition then it will work.
  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 334
    Define what a "copy" and "open" operations are, then you might understand
    that a driver that does that will take... about a few years for an
    experienced file system programmer to write, and even then, it will fail 1%
    of the time.
    It is not something that can be done with such simple "if/yes/then/no"
    programming even for 1% of the cases.

    Kind regards, Dejan.


    On Wed, Jul 25, 2018 at 1:21 PM [email protected]
    wrote:

    > I am trying to create a legacy filter driver for windows to block the
    > "creation of file and folder" in external storage devices.
    >
    > I tried with the following code
    >
    > if(irpSp->MajorFunction==IRP_MJ_CREATE)
    > {
    > if((irpSp->Parameters.Create.Options)&FILE_DIRECTORY_FILE)
    > {
    > Irp->IoStatus.Status = STATUS_ACCESS_DENIED;//Deny Access
    > Irp->IoStatus.Information = 0;
    > IoCompleteRequest(Irp, IO_NO_INCREMENT);
    > return STATUS_ACCESS_DENIED;
    > }
    > else if((irpSp->Parameters.Create.Options)&FILE_NON_DIRECTORY_FILE)
    > {
    >
    > Irp->IoStatus.Status = STATUS_ACCESS_DENIED;//Deny Access
    > Irp->IoStatus.Information = 0;
    > IoCompleteRequest(Irp, IO_NO_INCREMENT);
    > return STATUS_ACCESS_DENIED;
    >
    > }
    > }
    >
    > while working with the code it block's the file/folder creation. But it
    > also block's file copying from device and file opening operations.
    >
    > I need to block the creation of file\folder and allow the copying from the
    > device and opening the files.
    >
    >
    >
    > ---
    > NTFSD is sponsored by OSR
    >
    >
    > MONTHLY seminars on crash dump analysis, WDF, Windows internals and
    > software drivers!
    > Details at
    >
    > To unsubscribe, visit the List Server section of OSR Online at <
    > http://www.osronline.com/page.cfm?name=ListServer&gt;
    >
  • Nikhil_V_SNikhil_V_S Member - All Emails Posts: 58
    @Dejan Maksimovic


    my requirement
    block the creation of file\folder in external device
    allow copying the file from external to internal storage device.
    allow opening the files in external storage device

    Is there is any possible way to do this
  • qwnqwn Member - All Emails Posts: 18
    I'm guessing you want to block IRP_MJ_WRITE as well.
  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 334
    That seems quite different. If you don't need to prevent copying of files
    from the external device, simply deny all Create/Overwrite requests during
    IRP_MJ_CREATE, or all requests with FILE_WRITE_ACCESS :)
    You may need to tweak that a bit, but that is the general idea.

    Now, if you need to


    my requirement
    > block the creation of file\folder in external device
    > allow copying the file from external to internal storage device.
    > allow opening the files in external storage device
    >
    > Is there is any possible way to do this
    >
    >
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA