The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I want to know how to prevent directory creation in minifilter.
I searched for a lot of topics I was curious about on this website, but I couldn't see exactly what I wanted (maybe because I don't understand them), so I wrote it again.
In scanner samples, IRP_MJ_CREATE, IRP_MJ_WRITE post callback function
FltCancelFileOpen( FltObjects->Instance, FltObjects->FileObject ); Data->IoStatus.Status = STATUS_ACCESS_DENIED; Data->IoStatus.Information = 0; returnStatus = FLT_POSTOP_FINISHED_PROCESSING;
It is written as above.
That code can block file creation and modification.
I think that code also not perfect.
In the scanner example, if there is a certain word in the txt file, it says that access is denied and the notepad opens, but I don't think the notepad itself should open.
I also want to know how to make the notepad itself not open.
Well anyway, I want to know how to prevent directory creation.
I need to help.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Writing WDF Drivers||12 September 2022||Live, Online|
|Internals & Software Drivers||23 October 2022||Live, Online|
|Kernel Debugging||14 November 2022||Live, Online|
|Developing Minifilters||5 December 2022||Live, Online|