Hello there guys
I was wondering is ther any method by using wdk function calls to insert custom file attributes to a file. For example add a CLASSIFIED tag or attribute.
The idea came by looking at the custom tab of a .doc file properties. I would like to do something similar for .pdf files
Thank you
This would normally be a user mode sort of thing.
Is there some reason why you don’t want to perform it there?
mm
Hello,
you can do this in entirely in Usermode. I would suggest an alternative NTFS Stream (so that your custom Data can be copied with standard CopyFile). For the additional Property Sheet you’d need an Shell-Extension.
[How To Use NTFS Alternate Data Streams]
http://support.microsoft.com/kb/105763
[Property System Overview (Windows)]
http://msdn.microsoft.com/en-us/library/bb776909(VS.85).aspx
[Property Sheet Handlers (Windows)]
http://msdn.microsoft.com/en-us/library/cc144106(VS.85).aspx
GP
xxxxx@gmail.com wrote:
Hello there guys
I was wondering is ther any method by using wdk function calls to
insert custom file attributes to a file. For example add a CLASSIFIED
tag or attribute.The idea came by looking at the custom tab of a .doc file properties.
I would like to do something similar for .pdf filesThank you
Thanks for the answers
What I would like to do is to mark the files by adding custom properties in user mode as you proposed. A user would mark the files via a userspace program. BUT I would like to be able to read these properties from my filter driver in order to act based on them. Is that possible?
Why not?
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntfsd…
> Thanks for the answers
>
> What I would like to do is to mark the files by adding custom properties in user mode as you proposed. A user would mark the files via a userspace program. BUT I would like to be able to read these properties from my filter driver in order to act based on them. Is that possible?
>
On Mon, May 31, 2010 at 6:39 PM, Maxim S. Shatskih
wrote:
> Why not?
Didn’t you mean, “why would you”?
I think the OP is thinking at a wrong layer. He is on the right track
about doing what he does in userspace, but I think he is on a wrong
track while still trying to treat those files as being `special’ in
kernel mode.
What are you trying to do exactly? Why do you think you need to handle
some files in a special way?
–
Aram Hăvărneanu
Ok the problem is simple I have some files that need to be marked with an attribute. For example classified. This will be done in userspace. Right now I do the “marking” my adding the word classified in the end of the file (trailing 00s)
Now I have a minifilter driver that monitors those “classified files” in kernel and writes to a log and take some actions by some rules, like cancel the file operation if the file is processed by an unlisted .exe
I know that probably the monitor thing could be done in userspace but I am doing this in kernel, no special reason just started there.
So as I can understand there are functions in the API in order to add custom properties in userspace
the question is can I process those custom properties in kernel. Is there any straight forward way to do that?
Maybe Reparse Points[FltTagFile] will help you…
http://msdn.microsoft.com/en-us/library/aa365503(VS.85).aspx
That would be a good idea, so does Alternate data streams (its the easiest way) but those solutions are working only on NTFS , it wont work on FAT volumes like USB, so I am looking for something universal
Well… as others have said, there are a number of ways to do this: EAs, alternate data streams, a separate file that contains the attributes and that’s keyed by the file ID, or prefixing the file with your own “file header” block via your minifilter (I suppose that’s similar to what you’re doing today?? But you’re POST-fixing the attribute data)??
The overall design needs to focus on how secure you want this information to be, and how/where/when/if you want it to be exposed. If the tags you create are verifiably secure and unique to each file instance, I suppose it doesn’t much matter WHERE you store them or how right?
Peter
OSR
>are working only on NTFS , it wont work on FAT volumes like USB, so I am looking for something
Then I would suggest putting a Jet database (accessed via functions in esent.h) with the keys on the same disk, and decrypting the files using these keys.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com