I am developing a file encryption filter driver. Hard disk file must be in
encrypted format.
And the filter driver reads those and decrypts those before general use.
I want to get control every time user touch our controlled files.
My filter driver gets control if user first reads the file. But if user
reads the file again, the driver is not noitified.
so, the driver cannot have chance to get control over the file.
I think this problem come from cache.
Shall I flush cache every time?
I am modifying filemon program to develop the driver. And the program
doesn’t always give me the chance to get control over the file.
How can I manage the situation? If I should flush cache, how can I do it.
Thanks and regards,
The filter should be a file system filter driver. If it is not, then you
have a problem.
You need to understand how the system works:
- DISK.SYS & CLASSPNP.SYS that support all mass storage compliant drives.
- FASTFAT.SYS which is the FAT file system driver. Ignore NTFS because
you can’t get the source to it. FASTFAT is available in the IFS Kits.
- CacheManager.
- MemoryManager.
- The various of CreateFile(), ReadFile(), WriteFile(), and other requests
that can be issued from applications. Pay special attention to memory
mapped and direct access to the CacheManager’s buffers for a file. Use
Notepad and Microsoft Word to begin your testing and analysis. You can use
the sysinternals filemon program to see how the files are opened, read,
written, and other requests being generated. I would also suggest that you
add sufficient debugging displays in your filter so you can see what is
going on. You can’t do it all with filemon.
----- Original Message -----
From: “Dongmin Park”
To: “File Systems Developers”
Sent: Thursday, November 28, 2002 9:53 AM
Subject: [ntfsd] Driver doesn’t get control every time user reads the file.
> I am developing a file encryption filter driver. Hard disk file must be in
> encrypted format.
> And the filter driver reads those and decrypts those before general use.
> I want to get control every time user touch our controlled files.
> My filter driver gets control if user first reads the file. But if user
> reads the file again, the driver is not noitified.
> so, the driver cannot have chance to get control over the file.
>
> I think this problem come from cache.
> Shall I flush cache every time?
>
> I am modifying filemon program to develop the driver. And the program
> doesn’t always give me the chance to get control over the file.
>
> How can I manage the situation? If I should flush cache, how can I do it.
>
> Thanks and regards,
>
> —
> You are currently subscribed to ntfsd as: xxxxx@yoshimuni.com
> To unsubscribe send a blank email to %%email.unsub%%
>
If your encryption changes the file size - it is a very, very complex
task.
If not so - write a filesystem filter (based on SFILTER sample),
intercept all noncached IO paths and do the crypto there.
Max
----- Original Message -----
From: “Dongmin Park”
To: “File Systems Developers”
Sent: Thursday, November 28, 2002 5:53 PM
Subject: [ntfsd] Driver doesn’t get control every time user reads the
file.
> I am developing a file encryption filter driver. Hard disk file must
be in
> encrypted format.
> And the filter driver reads those and decrypts those before general
use.
> I want to get control every time user touch our controlled files.
> My filter driver gets control if user first reads the file. But if
user
> reads the file again, the driver is not noitified.
> so, the driver cannot have chance to get control over the file.
>
> I think this problem come from cache.
> Shall I flush cache every time?
>
> I am modifying filemon program to develop the driver. And the
program
> doesn’t always give me the chance to get control over the file.
>
> How can I manage the situation? If I should flush cache, how can I
do it.
>
> Thanks and regards,
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>
Can you elaborate on what you mean by intercept all “noncached” IO paths?
If your encryption changes the file size - it is a very, very complex
task.
If not so - write a filesystem filter (based on SFILTER sample),
intercept all noncached IO paths and do the crypto there.
Max
All read/write IRPs with IRP_NOCACHE set.
Max
----- Original Message -----
From: “Bill”
To: “File Systems Developers”
Sent: Saturday, November 30, 2002 3:44 AM
Subject: [ntfsd] Re: Driver doesn’t get control every time user reads
the file.
> Can you elaborate on what you mean by intercept all “noncached” IO
paths?
>
> > If your encryption changes the file size - it is a very, very
complex
> > task.
> > If not so - write a filesystem filter (based on SFILTER sample),
> > intercept all noncached IO paths and do the crypto there.
> >
> > Max
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>
Thanks, Max. Sometimes the answer is every bit as simple as one might
think…
All read/write IRPs with IRP_NOCACHE set.
Max
----- Original Message -----
From: “Bill”
> To: “File Systems Developers”
> Sent: Saturday, November 30, 2002 3:44 AM
> Subject: [ntfsd] Re: Driver doesn’t get control every time user reads
> the file.
>
>
> > Can you elaborate on what you mean by intercept all “noncached” IO
> paths?