How to block file and folder creation in Legacy filter driver for windows

I am trying to create a legacy filter driver for windows to block the “creation of file and folder” in external storage devices.

I tried with the following code

if(irpSp->MajorFunction==IRP_MJ_CREATE)
{
if((irpSp->Parameters.Create.Options)&FILE_DIRECTORY_FILE)
{
Irp->IoStatus.Status = STATUS_ACCESS_DENIED;//Deny Access
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_ACCESS_DENIED;
}
else if((irpSp->Parameters.Create.Options)&FILE_NON_DIRECTORY_FILE)
{

Irp->IoStatus.Status = STATUS_ACCESS_DENIED;//Deny Access
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_ACCESS_DENIED;

}
}

while working with the code it block’s the file/folder creation. But it also block’s file copying from device and file opening operations.

I need to block the creation of file\folder and allow the copying from the device and opening the files.

you need to understand blocking blindly will do what u did. u need to play with disposition then it will work.

Define what a “copy” and “open” operations are, then you might understand
that a driver that does that will take… about a few years for an
experienced file system programmer to write, and even then, it will fail 1%
of the time.
It is not something that can be done with such simple “if/yes/then/no”
programming even for 1% of the cases.

Kind regards, Dejan.

On Wed, Jul 25, 2018 at 1:21 PM xxxxx@gmail.com
wrote:

> I am trying to create a legacy filter driver for windows to block the
> “creation of file and folder” in external storage devices.
>
> I tried with the following code
>
> if(irpSp->MajorFunction==IRP_MJ_CREATE)
> {
> if((irpSp->Parameters.Create.Options)&FILE_DIRECTORY_FILE)
> {
> Irp->IoStatus.Status = STATUS_ACCESS_DENIED;//Deny Access
> Irp->IoStatus.Information = 0;
> IoCompleteRequest(Irp, IO_NO_INCREMENT);
> return STATUS_ACCESS_DENIED;
> }
> else if((irpSp->Parameters.Create.Options)&FILE_NON_DIRECTORY_FILE)
> {
>
> Irp->IoStatus.Status = STATUS_ACCESS_DENIED;//Deny Access
> Irp->IoStatus.Information = 0;
> IoCompleteRequest(Irp, IO_NO_INCREMENT);
> return STATUS_ACCESS_DENIED;
>
> }
> }
>
> while working with the code it block’s the file/folder creation. But it
> also block’s file copying from device and file opening operations.
>
> I need to block the creation of file\folder and allow the copying from the
> device and opening the files.
>
>
>
> —
> NTFSD is sponsored by OSR
>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:>

@Dejan Maksimovic

my requirement
block the creation of file\folder in external device
allow copying the file from external to internal storage device.
allow opening the files in external storage device

Is there is any possible way to do this

I’m guessing you want to block IRP_MJ_WRITE as well.

That seems quite different. If you don’t need to prevent copying of files
from the external device, simply deny all Create/Overwrite requests during
IRP_MJ_CREATE, or all requests with FILE_WRITE_ACCESS :slight_smile:
You may need to tweak that a bit, but that is the general idea.

Now, if you need to

my requirement

block the creation of file\folder in external device
allow copying the file from external to internal storage device.
allow opening the files in external storage device

Is there is any possible way to do this