Hi,
I’m writing a basic kmdf-based upper disk filter that will encrypt vhds. (This is my first attempt at writing non-fs minifilter driver, so please bear with me).
I’ve reached to a point where I can attach to a test vhd and can see all the READs, WRITEs and IOCTLs happening on it. So far so good. Now I want to introduce encryption (during WRITE) and decryption piece (during POST READ) to this. For this I need to obviously first access data buffers for these IO requests which I do using WdfRequestRetrieveInputMemory / WdfRequestRetrieveOutputMemory functions. Couple of issues I’ve come across are:
-
Keeping the encryption part aside, I seem to be getting STATUS_ACCESS_VOILATION while copying data back from my local buffer to InputMemory. So in the write event callback,
- WdfRequestRetrieveInputMemory(Request, &InputMemory);
WdfMemoryGetBuffer(InputMemory, &BufferSize);
LocalBuffer = ExAllocatePoolWithTag(NonPagedPoolNx, BufferSize, POOL_TAG);
WdfMemoryCopyToBuffer(InputMemory, 0, LocalBuffer, BufferSize);
//
// This is where I would add encryption part, could be as simple as LocalBuffer[i]++ to begin with
//
WdfMemoryCopyFromBuffer(InputMemory, 0, (PVOID)LocalBuffer, BufferSize); → I get STATUS_ACCESS_VOILATION at this call. Any idea why ?
WdfRequestSend(Request, Target, &options);
- WdfRequestRetrieveInputMemory(Request, &InputMemory);
-
Also, I understand that even for full-disk encryption, certain parts of the disk should not be subject to encryption/decryption process. E.g.
(https://community.osr.com/discussion/64507/problems-with-a-disk-encryption-filter-driver) IoReadPartitionTable is not subject to filtering. It ignores the disk upper filters.
So what are the sectors (I know about sector 0) I should watch out for and refrain from encrypting?
For testing, I create and attach a vhd manually using disk management. At this point my filter gets attached and receives all the READ, WRITE notifications.
The goal is to have encryption / decryption working transparently during vhd’s lifetime and have operations such as creating and formatting volume with NTFS, and using it for fs operations succeed.
Thanks