Hi,
while implementing ‘shadow device’ feature in my filter driver, i am
having some doubts. While creating shadow device for each volumes , Do
i need to attach the shadow device above the hook device object which
i have created for a specific volume ? ( If yes, can you send some
comment of following steps for creating shadow device for each
volumes? )
Consider the case , we are hooking C:\ volume
1: Getting the Device object of C:\ volume
pDeviceObject = IoGetRelatedDeviceObject(pFileObject);
2: Create a hook device object to attach with C:\ volume
IoCreateDevice(pDriverObject,
sizeof(AV_DEVICE_EXTENSION),
NULL,
pDeviceObject -> DeviceType,
pDeviceObject -> Characteristics,
FALSE,
&pHookDevice);
3: Create a shadow device with name as “ShadowDevice_C”
IoCreateDevice(pDriverObject,
sizeof(AV_DEVICE_EXTENSION),
strShadowDeviceName,
pDeviceObject -> DeviceType,
pDeviceObject -> Characteristics,
FALSE,
&pShadowDevice);
4: Adjust the StackSize of the shadow device
pShadowDevice -> StackSize = pHookDevice -> StackSize + 1;
5: Attach the hook device to the C:'s device object
IoAttachDeviceToDeviceStack(pHookDevice, pDeviceObject);
6: Attach the shadow device above the hook device
IoAttachDeviceToDeviceStack(pShadowdevice,pHookDevice);
Without creating Shadow Device, Is it possible to develop a filter
driver which blocks IRP_MJ_CREATE request for specific file extension
?
Thanks & Regards
SivaRaja