Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


The length of the ciphertext file obtained by the non-whitelist process is incorrect

WrenchonlineWrenchonline Member Posts: 2
edited February 2019 in NTFSD

Hello, I am developing an encryption software based on isolation filtering.During the learning process, I implemented isolation filtering.However, when the whitelist process opens the file, the non-whitelist process gets the original ciphertext content differently.The obtained length is also very large, once the whitelist process closes the document, the non-whitelist process can correctly identify the ciphertext length and ciphertext content.The most scenarios generally nothing much, but if white list process is notepad. Exe, according to the notepad. Exe, speaking, reading and writing rules, the process closure will not close the file, it will only close the files in the folder, thus causing a situation, notepad, once opened, other than white list process read cipher text file and the length of the cipher is wrong.
According to my understanding, if it is a white list process open the document, then its FCB should be shadow file object FCB, is sent to the FCB, for the bottom of the file system created by definition FCB for the bottom of the file system creation record, I don't know the situation, try to ask myself to create what is the matter of FCB has the file system error creating FCB access to content.

Comments

  • WrenchonlineWrenchonline Member Posts: 2

    @Wrenchonline said:
    Hello, I am developing an encryption software based on isolation filtering.During the learning process, I implemented isolation filtering.However, when the whitelist process opens the file, the non-whitelist process gets the original ciphertext content differently.The obtained length is also very large, once the whitelist process closes the document, the non-whitelist process can correctly identify the ciphertext length and ciphertext content.The most scenarios generally nothing much, but if white list process is notepad. Exe, according to the notepad. Exe, speaking, reading and writing rules, the process closure will not close the file, it will only close the files in the folder, thus causing a situation, notepad, once opened, other than white list process read cipher text file and the length of the cipher is wrong.
    According to my understanding, if it is a white list process open the document, then its FCB should be shadow file object FCB, is sent to the FCB, for the bottom of the file system created by definition FCB for the bottom of the file system creation record, I don't know the situation, try to ask myself to create what is the matter of FCB has the file system error creating FCB access to content.

    According to my understanding, if it is a white list process (It's the wrong writing,......If not white list process)

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 30 Nov 2020 LIVE ONLINE
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Developing Minifilters Early 2021 LIVE ONLINE