Encrypting Filter Driver - Write data problem

OSR_Community_User · November 12, 2002, 3:57am

Hi,

I am writing an FS filter dirver which enforce data decryption and encryption automatically. My problem is: I don’t know which buffer in the IRP should I touch when doing data encryption. I have tried the following code, but the data still can’t be encrypted.

if(Irp->MdlAddress)
{
DbgPrint((“ENCRYPT-Encrypting MDL\n”));

/*
* Encrypt MDL
*/
}
else if(Irp->AssociatedIrp.SystemBuffer)
{
DbgPrint((“ENCRYPT-Encrypting SystemBuffer\n”));

/*
* Encrypt Irp->AssociatedIrp.SystemBuffer
*/
}
else if(Irp->UserBuffer)
{
try
{
ProbeForWrite(Irp->UserBuffer,
pIrpStack->Parameters.Write.Length,
sizeof(UCHAR));
DbgPrint((“ENCRYPT-ProbeForWrite OK\n”));

/*
* Encrypt Irp->UserBuffer
*/

}
except(EXCEPTION_EXECUTE_HANDLER)
{
DbgPrint((“ENCRYPT-ProbeForWrite Failed\n”));

}
}

/*
* …
*/

It seems that all the three pointers are NULL.(I tested this with MS WORD document).

Thanks,

Chen ZM

OSR_Community_User · November 12, 2002, 12:01pm

It isn’t that simple. You need to handle different case based on
IRP_MJ_OPEN, READ, QUERY_INFROMATION…
For MdlAddress, you need to get the address from
MmGetSystemAddressForMdl(Irp->MdlAddress).
BTW, you have to keep your FS filter driver ALWAYS on the top
of driver stack. Other wise, your encryption and decryption
is meaningless because other driver can monitor your driver and
steal your data. So it means no security.
Goog Luck

---------- Original Message ----------------------------------
From: “Chen ZM”
Reply-To: “File Systems Developers”
Date: Tue, 12 Nov 2002 16:49:34 +0800

>Hi,
>
>I am writing an FS filter dirver which enforce data decryption and
>encryption automatically. My problem is: I don’t know which buffer in
>the IRP should I touch when doing data encryption. I have tried the
>following code, but the data still can’t be encrypted.
>
> if(Irp->MdlAddress)
> {
> DbgPrint((“ENCRYPT-Encrypting MDL\n”));
>
> /*
> * Encrypt MDL
> /
> }
> else if(Irp->AssociatedIrp.SystemBuffer)
> {
> DbgPrint((“ENCRYPT-Encrypting SystemBuffer\n”));
>
> /
> * Encrypt Irp->AssociatedIrp.SystemBuffer
> /
> }
> else if(Irp->UserBuffer)
> {
> try
> {
> ProbeForWrite(Irp->UserBuffer,
> pIrpStack->Parameters.Write.Length,
> sizeof(UCHAR));
> DbgPrint((“ENCRYPT-ProbeForWrite OK\n”));
>
> /
> * Encrypt Irp->UserBuffer
> /
>
> }
> except(EXCEPTION_EXECUTE_HANDLER)
> {
> DbgPrint((“ENCRYPT-ProbeForWrite Failed\n”));
>
> }
> }
>
> /
> * …
> */
>
>It seems that all the three pointers are NULL.(I tested this with MS WORD document).
>
>Thanks,
>
>Chen ZM
>
>
>
>
>
>—
>You are currently subscribed to ntfsd as: xxxxx@highstream.net
>To unsubscribe send a blank email to %%email.unsub%%
>