The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I have some code that does the following (pseudo code to try and be brief)
PreOp(PFLT_CALLBACK_DATA Data, ...) case IRP_MJ_SET_SECURITY: //defer because we will call FltQuerySecurityObject which needs to be at IRQL PASSIVE FltQueueDeferredIoWorkItem(Data, LookupFunc, CriticalWorkQueue) return FLT_PREOP_PENDING; LookupFunc(PFLT_CALLBACK_DATA Data, ...) FltQuerySecurityObject(Data) //at IRQL PASSIVE now FltCompletePendedPreOperation(FLT_PREOP_SUCCESS_WITH_CALLBACK)
With this code in place I find I can successfully change the security settings, file ownership settings, etc using Windows Explorer with no problem.
However, when Windows Update runs (and apparently Veeam's restore app) they fail when trying to set file security with 0x8007051B - This security ID may not be assigned as the owner of this object
As far as I understand, the code above would pass all requests through to the lower level without any changes, albeit with a temporary pause to do the lookup.
Apparently there is hole in my understanding. Can anyone help me see what is wrong?
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!||Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||15 Jun 2020||LIVE ONLINE|
|Writing WDF Drivers||22 June 2020||LIVE ONLINE|
|Internals & Software Drivers||28 Sept 2020||Dulles, VA|