Decrypt Notepad Files

NTFSD
1

Had Posted a message earlier regarding encryption – turned out to be a simple issue. All I am trying to do now is an decryption of my encrypted files via the filter driver – the system crashes. Being a newbie have no idea why this happens - plz advice –

  1. I can see the values in the Irp->UserBuffer getting decrypted in the DbgView but am not able to see the same when I open Notepad.

This is what I do

if (Irp->MdlAddress){

readMdl = Irp->MdlAddress;

}

else

{

readMdl = IoAllocateMdl (Irp->UserBuffer,irpSp->Parameters.Read.Length,FALSE,FALSE,NULL);

if (readMdl){

__try{

MmProbeAndLockPages(readMdl,KernelMode,IoModifyAccess);

}

__except(EXCEPTION_EXECUTE_HANDLER){

IoFreeMdl(readMdl);

readMdl=NULL;

}

}

}

IoCopyCurrentIrpStackLocationToNext(Irp);

IoSetCompletionRoutine(Irp,SpyReadCompletion,readMdl,TRUE,TRUE,TRUE);

return IoCallDriver( ((PFILESPY_DEVICE_EXTENSION)DeviceObject->DeviceExtension)->AttachedToDeviceObject, Irp );

}

ReadCompletion

if ( Irp->PendingReturned )

{

IoMarkIrpPending(Irp);

}

EncWrite = (ENCWRITEDATA *)ExAllocatePoolWithTag(NonPagedPool,sizeof(ENCWRITEDATA),‘1EEA’);

BufferSize = irpSp->Parameters.Read.Length;

EncWrite->OrgMDL = Irp->MdlAddress;

if ( Irp->MdlAddress ) {

UserBuffer = (PUCHAR) MmGetSystemAddressForMdlSafe(Irp->MdlAddress,HighPagePriority);

}

else {

UserBuffer = ((PUCHAR) Irp->UserBuffer);

}

EncWrite->SystemVirtual = (PUCHAR) ExAllocatePoolWithTag(NonPagedPool, BufferSize,‘1EEB’);

EncWrite->TempBuffer = (PUCHAR) ExAllocatePoolWithTag(NonPagedPool, BufferSize,‘1EEC’);

__try {

if ( EncWrite->SystemVirtual !=NULL && UserBuffer !=NULL ) {

RtlMoveMemory(EncWrite->TempBuffer,UserBuffer,BufferSize);

RtlMoveMemory(EncWrite->SystemVirtual,UserBuffer,BufferSize);

for(i=0;iSystemVirtual[i] = (EncWrite->SystemVirtual[i] - 1);

}

}

__except(EXCEPTION_EXECUTE_HANDLER) {

}

Irp->MdlAddress = pMdl;

Irp->UserBuffer = EncWrite->SystemVirtual;

MmUnlockPages(Irp->MdlAddress);

/* Free Enc MDL */

// IoFreeMdl(Irp->MdlAddress);

// Irp->MdlAddress = EncWrite->OrgMDL;

// Irp->Flags |= IRP_NOCACHE;

ExFreePoolWithTag(EncWrite->SystemVirtual,‘1EEA’);

ExFreePoolWithTag(EncWrite->TempBuffer,‘1EEB’);

ExFreePoolWithTag(EncWrite,‘1EEC’);

SHOULD_LOG(DeviceObject);

return (STATUS_SUCCESS);

Thanx,
Prithvi

---------------------------------
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs

2

I can’t see where you initialize Irp->MdlAddress. After you allocated and locked MDL you might want to assign its pointer to Irp->MdlAddress. However, this may or may not be the problem.

–htfv

“Prithvi” wrote in message news:xxxxx@ntfsd…
Had Posted a message earlier regarding encryption – turned out to be a simple issue. All I am trying to do now is an decryption of my encrypted files via the filter driver – the system crashes. Being a newbie have no idea why this happens - plz advice –

1. I can see the values in the Irp->UserBuffer getting decrypted in the DbgView but am not able to see the same when I open Notepad.

This is what I do

if (Irp->MdlAddress){

readMdl = Irp->MdlAddress;

}

else

{

readMdl = IoAllocateMdl (Irp->UserBuffer,irpSp->Parameters.Read.Length,FALSE,FALSE,NULL);

if (readMdl){

__try{

MmProbeAndLockPages(readMdl,KernelMode,IoModifyAccess);

}

__except(EXCEPTION_EXECUTE_HANDLER){

IoFreeMdl(readMdl);

readMdl=NULL;

}

}

}

IoCopyCurrentIrpStackLocationToNext(Irp);

IoSetCompletionRoutine(Irp,SpyReadCompletion,readMdl,TRUE,TRUE,TRUE);

return IoCallDriver( ((PFILESPY_DEVICE_EXTENSION)DeviceObject->DeviceExtension)->AttachedToDeviceObject, Irp );

}

ReadCompletion
if ( Irp->PendingReturned )

{

IoMarkIrpPending(Irp);

}

EncWrite = (ENCWRITEDATA )ExAllocatePoolWithTag(NonPagedPool,sizeof(ENCWRITEDATA),‘1EEA’);

BufferSize = irpSp->Parameters.Read.Length;

EncWrite->OrgMDL = Irp->MdlAddress;

if ( Irp->MdlAddress ) {

UserBuffer = (PUCHAR) MmGetSystemAddressForMdlSafe(Irp->MdlAddress,HighPagePriority);

}

else {

UserBuffer = ((PUCHAR) Irp->UserBuffer);

}

EncWrite->SystemVirtual = (PUCHAR) ExAllocatePoolWithTag(NonPagedPool, BufferSize,‘1EEB’);

EncWrite->TempBuffer = (PUCHAR) ExAllocatePoolWithTag(NonPagedPool, BufferSize,‘1EEC’);

__try {

if ( EncWrite->SystemVirtual !=NULL && UserBuffer !=NULL ) {

RtlMoveMemory(EncWrite->TempBuffer,UserBuffer,BufferSize);

RtlMoveMemory(EncWrite->SystemVirtual,UserBuffer,BufferSize);

for(i=0;iSystemVirtual[i] = (EncWrite->SystemVirtual[i] - 1);

}

}

__except(EXCEPTION_EXECUTE_HANDLER) {

}

Irp->MdlAddress = pMdl;

Irp->UserBuffer = EncWrite->SystemVirtual;

MmUnlockPages(Irp->MdlAddress);

/ Free Enc MDL */

// IoFreeMdl(Irp->MdlAddress);

// Irp->MdlAddress = EncWrite->OrgMDL;

// Irp->Flags |= IRP_NOCACHE;

ExFreePoolWithTag(EncWrite->SystemVirtual,‘1EEA’);

ExFreePoolWithTag(EncWrite->TempBuffer,‘1EEB’);

ExFreePoolWithTag(EncWrite,‘1EEC’);

SHOULD_LOG(DeviceObject);

return (STATUS_SUCCESS);

Thanx,
Prithvi

------------------------------------------------------------------------------
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs