Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Hi All,
I have mini file system filter driver that intercepts and blocks access to a few protected folders.
This works fine when the folder is accessed directly.
But the folder can be shared and accessed through the network location.
The mini filter is not able to detect or block such network operations.
Does mini filter support UNC location?
If so, how this can be achieved using mini filter?
Upcoming OSR Seminars | ||
---|---|---|
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
Kernel Debugging | 9-13 Sept 2024 | Live, Online |
Developing Minifilters | 15-19 July 2024 | Live, Online |
Internals & Software Drivers | 11-15 Mar 2024 | Live, Online |
Writing WDF Drivers | 20-24 May 2024 | Live, Online |
Comments
You'll see these accesses come from the System process context. Check for the magic SRV/NFS ECPs to identify opens from remote clients:
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/ns-ntifs-_srv_open_ecp_context
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/ns-ntifs-_nfs_open_ecp_context
-scott
OSR
For filtering and control network path you should use the Windows Filtering Platform Callout Drivers model:
https://docs.microsoft.com/en-us/windows-hardware/drivers/network/introduction-to-windows-filtering-platform-callout-drivers
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/_netvista/#windows-filtering-platform-callout-drivers