Bypassing share access control

Hi,

I have a filter driver that need to get read access to a file that is
potentially opened exclusively from another process.
Moreover, I would like to be as stealthy as possible, i.e. let subsequent
exclusive open succeed. So , roughly, I would like the filesystem
to “forget” about the filter’s fileobject as far as sharing access control
is concerned.

So far, I tried:

  • Setting FILE_OPEN_FOR_BACKUP_INTENT to get the handle: this one does
    not do any good (but the doc was promising…)
  • Forcing FILE_SHARE_READ for all CREATE irps in the filter driver ,
    and
    “emulating” share access control in the filter …
    This solution seems to work, but is pretty complex and needs to keep a
    lot of context in the filter.

Anybody knows a better way ?
Regards,
Pascal.


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are leaving an opened whole in your driver if you do that. IMO, unless
REALLY required don’t do it.
The FILE_SHARE_READ/WRITE will certainly work, and I think all you need to
keep along with the file object, is the original share mode and access mode.

Regards, Dejan.

xxxxx@evidian.com wrote:

Hi,

I have a filter driver that need to get read access to a file that is
potentially opened exclusively from another process.
Moreover, I would like to be as stealthy as possible, i.e. let subsequent
exclusive open succeed. So , roughly, I would like the filesystem
to “forget” about the filter’s fileobject as far as sharing access control
is concerned.

So far, I tried:

  • Setting FILE_OPEN_FOR_BACKUP_INTENT to get the handle: this one does
    not do any good (but the doc was promising…)
  • Forcing FILE_SHARE_READ for all CREATE irps in the filter driver ,
    and
    “emulating” share access control in the filter …
    This solution seems to work, but is pretty complex and needs to keep a
    lot of context in the filter.

Anybody knows a better way ?
Regards,
Pascal.


You are currently subscribed to ntfsd as: xxxxx@ptt.yu
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


Kind regards, Dejan M. CEO Alfa Co. www.alfaunits.co.yu and www.register.co.yu

E-mail : xxxxx@ptt.yu, xxxxx@register.co.yu and xxxxx@alfaunits.co.yu
ICQ# : 56570367
Professional file&system related components and libraries for Win32
developers.
Alfa File Monitor - #1 file monitoring system for Win32 developers.
Alfa File Protector - #1 file protection and hiding system for Win32
developers.
Alfa Units - #1 file and system handling units for Delphi.


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com