I'm working on intercepting IRPs IRP_MJ_CREATE to filter some file access. I realized that Shadow Copy on Windows does not trigger any IRP when backing up my files. I'm a bit curious; How can Shadow Copy access my files without triggering this IRP ? Is there a way to catch the file interactions of Shadow Copy from a minifilter driver ?
Thanks for your help !
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars||Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||20 Apr 2020||OSR Seminar Space & ONLINE|
|Writing WDF Drivers||11 May 2020||OSR Seminar Space & ONLINE|
|Internals & Software Drivers||28 Sept 2020||Dulles, VA|