I have created a legacy file system driver for controlling the storage device connected to the pc.
Now it’s working on the pc based policies (example: if I set block USB storage device then the driver will block all the USB storage device for all the user log on to the pc ).
Now I am planning to set user-based policies (example: I need to allow USB for administrator and block for other users). Is legacy filter driver capable to do this? better switch to mini filter?
I am totally confused about KMODE UMODE drivers. How they are different in working.
what are the major differences between them?
what is the main difference between the legacy file system driver and a mini-filter driver?
I need to create a driver that will work in windows 7 and all above os.
KMODE and UMODE drivers are working on windows 7 os?
Is there any tutorial available on the user-mode driver development?
Please help.
I have created a legacy file system driver
Big mistake. Full stop.
better switch to mini filter?
Yes. In every and all ways.
what is the main difference between the legacy file system driver and a mini-filter driver?
Minifilters run under File Manager, which provides a pleasant and reasonably consistent infrastructure for file system filtering. You can set relative altitudes, for one thing.
I am totally confused about KMODE UMODE drivers
You cannot write ANY file system filter… Minifilter or otherwise… in user-mode. The User Mode drivers you CAN write are using UMDF, and this is not the Minifilter model.
Peter
You can start from here https://docs.microsoft.com/en-us/windows-hardware/drivers/ifs/file-system-minifilter-drivers
but wait if u don’t know about kmode or usermode driver don’t worry explorer them at MSDN you will get to know. it a long journey so be patient.
@Peter_Viscarola_(OSR)
thank you
Can I set user-based policies to the storage devices using a mini-filter? is it work on terminal server ?
Thank you @Peter_Viscarola_(OSR)
How can I find the username from an IRP request? can you please explain with an example then it will be a great help for me
What do you mean by username? Security Principal (or Subject)? You’ll only see that during the create (it’s available somewhere in the Security Context
Create.SecurityContext->AccessState Pointer to an ACCESS_STATE structure containing the object’s subject context, granted access types, and remaining desired access types.
@rod_widdowson
My requirement is to differentiate IRP Request from different user .how it is possible
You cannot. As I said about, you can establish the Security information (which could be construed as “different user”, although that term has no real meaning) when the file is opened or created. After that it’ss pure inference (“This handle was opened by someone with these credentials and this impersonation token, so I’ll assume (sometimes wrongly) that operations on this handle come from the same source”) and lossy (cached data give cause to multiple IRPs with no process associated).
I think you are trying to glue wings onto your pig