I want to give certain files in the hard disk read only access to processes.
Only one process previously identified can access with file with write
permissions (to modify it).
The code goes like…
if(pIrpStack->MajorFunction==IRP_MJ_CREATE){
ULONG ulCreateDisposition = (pIrpStack->Parameters.Create.Options >>
24) & 0xFF;
ULONG ulCreateOptions=pIrpStack->Parameters.Create.Options>>24;
int iIndex=-1; //Set it to an impossible value, for eror checking
// This is for the policy file procetion
if((g_PolicyExeFile)&&(g_PolicyFile)&& PidListNode.pProcName &&
(_wcsnicmp(PidListNode.pProcName
,g_PolicyExeFile,(wcslen(g_PolicyExeFile)>=wcslen(PidListNode.pProcName
)?wcslen(PidListNode.pProcName):wcslen(g_PolicyExeFile)))!=0)&&pFileName&&
(wcslen(pFileName)>=wcslen(g_PolicyFile))&&
(_wcsnicmp(pFileName,g_PolicyFile,wcslen(g_PolicyFile))==0)){
// any Executable other than the Policy EXE should be denied access to the
file if they try to open it fro modification
if((pIrpStack->Parameters.Create.SecurityContext->DesiredAccess&FILE_WRITE_DATA)
||
(pIrpStack->Parameters.Create.SecurityContext-
DesiredAccess&FILE_APPEND_DATA)||
(pIrpStack->Parameters.Create.SecurityContext-
DesiredAccess&FILE_WRITE_ATTRIBUTES)||
(pIrpStack-> Parameters.Create.SecurityContext-
DesiredAccess&FILE_WRITE_EA)||
(pIrpStack->Parameters.Create.SecurityContext->DesiredAccess&DELETE)||
(pIrpStack->Parameters.Create.SecurityContext->DesiredAccess&WRITE_DAC)||
(pIrpStack->Parameters.Create.SecurityContext->DesiredAccess&WRITE_OWNER)){
IoCompleteRequest(Irp,IO_NO_INCREMENT);
return STATUS_ACCESS_DENIED;
}
}
}
//if(pIrpStack->MajorFunction==IRP_MJ_CREATE)
This code works fine in NTFS, and even delete is checked.
But on Windows 2K Pro installed on FAT32 drives, deleting the file through
explorer etc generates Bug Check 0x23: FAT_FILE_SYSTEM crash!!!
Can some one help me with this.
–
- amitr0