Hi, all!
I am writing a file encrypt filter driver, and success in crypting the
Txt file opened by Notepad, but when I cannot encrypt the DOC files.
Here is my method:
For example, when saving a file a.doc, the WINWORD temp file will rename
to a.doc through IRP_MJ_SET_INFORMATION, I catch this moment and later
when a IRP_MJ_CLOSE sent to a.doc, I began static encrypt a.doc.(create a
new file a.doc.temp, and encrypt a.doc to a.doc.temp, delete a.doc, rename
a.doc.temp to a.doc)
My problem is that when I static encrypt the a.doc, the forward three
steps have no problem, but I cannot do the last step, I cannot rename
a.doc.temp to a.doc, even I cannot create a file named a.doc. Syetem said
I have no permission.
I assume you are NOT doing this while delaying the IRP_MJ_CLOSE request
(either before or after sending it down). If so, then don’t do it that
way. If not, then how are you performing the delete? The rename? Are
you doing this in kernel-mode or user-mode?
Nicholas Ryan
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ice Fu
Sent: Friday, March 28, 2003 5:55 PM
To: File Systems Developers
Subject: [ntfsd] encrypt the DOC files (file filter driver)
Hi, all!
I am writing a file encrypt filter driver, and success in
crypting the Txt file opened by Notepad, but when I cannot
encrypt the DOC files.
Here is my method:
For example, when saving a file a.doc, the WINWORD temp file
will rename to a.doc through IRP_MJ_SET_INFORMATION, I catch
this moment and later when a IRP_MJ_CLOSE sent to a.doc, I
began static encrypt a.doc.(create a new file a.doc.temp, and
encrypt a.doc to a.doc.temp, delete a.doc, rename a.doc.temp to a.doc)
My problem is that when I static encrypt the a.doc, the
forward three steps have no problem, but I cannot do the last
step, I cannot rename a.doc.temp to a.doc, even I cannot
create a file named a.doc. Syetem said I have no permission.
Since the IRP_MJ_CLOSE dispatch routine can run at APC_LEVEL, and all
completion routines can run at DISPATCH_LEVEL, there’s lots of things
that are unsafe for you to do at that time. I suggest you create a
worker thread and have it perform your post-close operations.
Nicholas Ryan
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ice Fu
Sent: Tuesday, April 01, 2003 5:42 AM
To: File Systems Developers
Subject: [ntfsd] RE: encrypt the DOC files (file filter driver)
Thanks, Nicholas!
I just do the Delete in the Completion Routine of the
IRP_MJ_CLOSE! I do this in the Kernel Mode.
In another filter driver I just do the same operation after close the DOC
file in WINWORD,(not just a IRP_MJ_CLOSE, but exit WINWORD). I do the
delete operation in the completion routine of one IRP_MJ_CLOSE of lots of
IRPS that generated after CLOSE the DOC file in WINWORD. It has no
problem.
So I guest if I can not do my DELETE operation when the DOC file still
opening in the WINWORD?or I must do DELETE operation after CLOSE the DOC
file in WINWORD?
Thanks!
Ice Fu
Since the IRP_MJ_CLOSE dispatch routine can run at APC_LEVEL, and all
completion routines can run at DISPATCH_LEVEL, there’s lots of things
that are unsafe for you to do at that time. I suggest you create a
worker thread and have it perform your post-close operations.
Nicholas Ryan
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Ice Fu
> Sent: Tuesday, April 01, 2003 5:42 AM
> To: File Systems Developers
> Subject: [ntfsd] RE: encrypt the DOC files (file filter driver)
>
>
> Thanks, Nicholas!
> I just do the Delete in the Completion Routine of the
> IRP_MJ_CLOSE! I do this in the Kernel Mode.
>
> So how and when can I delete the file?
>
> Thanks a lot!
>
> Ice Fu
>
> —
> You are currently subscribed to ntfsd as: xxxxx@nryan.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Just because something works 99% of the time doesn’t mean it’s safe.
It’s unsafe to do what you’re describing in any completion routine of
any IRP, because you may not be at PASSIVE_LEVEL. Do it in a worker
thread and you’re safe.
Nicholas Ryan
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ice Fu
Sent: Wednesday, April 02, 2003 5:33 PM
To: File Systems Developers
Subject: [ntfsd] RE: encrypt the DOC files (file filter driver)
In another filter driver I just do the same operation after
close the DOC file in WINWORD,(not just a IRP_MJ_CLOSE, but
exit WINWORD). I do the delete operation in the completion
routine of one IRP_MJ_CLOSE of lots of IRPS that generated
after CLOSE the DOC file in WINWORD. It has no problem. So I
guest if I can not do my DELETE operation when the DOC file
still opening in the WINWORD?or I must do DELETE operation
after CLOSE the DOC file in WINWORD?
Thanks!
Ice Fu
> Since the IRP_MJ_CLOSE dispatch routine can run at
APC_LEVEL, and all
> completion routines can run at DISPATCH_LEVEL, there’s lots
of things
> that are unsafe for you to do at that time. I suggest you create a
> worker thread and have it perform your post-close operations.
>
> - Nicholas Ryan
>
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of Ice Fu
> > Sent: Tuesday, April 01, 2003 5:42 AM
> > To: File Systems Developers
> > Subject: [ntfsd] RE: encrypt the DOC files (file filter driver)
> >
> >
> > Thanks, Nicholas!
> > I just do the Delete in the Completion Routine of the
> > IRP_MJ_CLOSE! I do this in the Kernel Mode.
> >
> > So how and when can I delete the file?
> >
> > Thanks a lot!
> >
> > Ice Fu
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@nryan.com To
> > unsubscribe send a blank email to xxxxx@lists.osr.com
> >
If not, then how are you performing the delete? The rename? Are