Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Sept/Oct 2019 Issue of The NT Insider available


Download PDF here: http://insider.osr.com/2019/ntinsider_2019_01.pdf

It’s a particularly BIG issue, too: 40 pages of technical goodness, ranging from WDF to Minifilters. Check it out.
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

ACL solution considerations

Ehsan_TaheriEhsan_Taheri Member Posts: 120
I work on an ACL + encryption solution based on minifilter drivers.
the problem is file trasfer options that seem to not fall in the domain of fs minifilters like remote file systems, ... .
for example my minifilter, is configured to attach to all volumes automatically but it can not filter network share files (shared by other PCs in a LAN)

I just found this:
typedef enum _FLT_FILESYSTEM_TYPE {
FLT_FSTYPE_UNKNOWN,
FLT_FSTYPE_RAW,
FLT_FSTYPE_NTFS,
FLT_FSTYPE_FAT,
FLT_FSTYPE_CDFS,
FLT_FSTYPE_UDFS,
FLT_FSTYPE_LANMAN,
FLT_FSTYPE_WEBDAV,
FLT_FSTYPE_RDPDR,
FLT_FSTYPE_NFS,
FLT_FSTYPE_MS_NETWARE,
FLT_FSTYPE_NETWARE,
FLT_FSTYPE_BSUDF,
FLT_FSTYPE_MUP,
FLT_FSTYPE_RSFX,
FLT_FSTYPE_ROXIO_UDF1,
FLT_FSTYPE_ROXIO_UDF2,
FLT_FSTYPE_ROXIO_UDF3,
FLT_FSTYPE_TACIT,
FLT_FSTYPE_FS_REC,
FLT_FSTYPE_INCD,
FLT_FSTYPE_INCD_FAT,
FLT_FSTYPE_EXFAT,
FLT_FSTYPE_PSFS,
FLT_FSTYPE_GPFS,
FLT_FSTYPE_NPFS,
FLT_FSTYPE_MSFS,
FLT_FSTYPE_CSVFS,
FLT_FSTYPE_REFS,
FLT_FSTYPE_OPENAFS
} FLT_FILESYSTEM_TYPE, *PFLT_FILESYSTEM_TYPE;

Is all file systems listed in this enumeration supported (for filtering by a minifilter driver)?
if not where I can find a list of supported ones. It has been a pain to find just this enumeration. I've searched multiple times to find the slightest bit of information about the domain of FSs that minifilters can filter.

Comments

  • Slava_ImameevSlava_Imameev Member Posts: 480
    Remote( SMB, RDP etc) FS access filtering is performed by attaching to \Device\MUP . FltMgr attaches an instance to MUP for network access filtering . MUP redirects requests to corresponding network file system object( e.g. \Device\RdpDr or \FileSystem\mrxsmb's device objects which are unnamed) based on the path prefix. FltMgr doesn't attach to network file system objects starting from Vista ( AFAIK). So there is one point of entry for all network file system filters - MUP. Attaching an instance to MUP allows to filter requests to remote file systems. For more information search for "MUP Changes in Microsoft Windows Vista" article at MSDN.

    The situation is different if you want to filter requests from remote system to local files. In that case they are processed by a service and a kernel module by accessing files as a regular application. In that case you need a filter attached to a volume. The tricky part is filtering out server requests from local requests. Server is just an application like any other process in the system.

    BTW I believe FLT_FSTYPE_* are useless.
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    >that case you need a filter attached to a volume. The tricky part is filtering out server requests from
    >local requests. Server is just an application like any other process in the system.

    ECPs or the security token row about "Network" group can help.

    --
    Maxim S. Shatskih
    Microsoft MVP on File System And Storage
    xxxxx@storagecraft.com
    http://www.storagecraft.com
  • Ehsan_TaheriEhsan_Taheri Member Posts: 120
    thanks for your answers.
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE