Dear NTFSD,
we have an encryption driver, that work fine on clear PC.
If we install it with AVG Pro (resident shield enabled) we can see the following problem for some files (always the same, one file from 1000):
during IRP_MJ_READ files are not in cashe, but flags = 0x60900, means that it’s a cashed read. So we didn’t decrypt this file and user gets a damaged data.
Any ideas how to fix it?
Vitaliy Perepelkin
Forget to mention:
It’s Windows 7 64bit.
Which flags are you talking about? Are they FO flags or IRPFlags. If i
understand it correctly you are checking weather file is cached or not
to perform decryption/encryption.
If you are checking the IRP flags correctly to figure out if its paging
Io or non-paging IO, then you should not see any issue.
Are you checking the following IRP flags to figure out if its PAGING IO?
Because you want to encrypt/decrypt during paging IO and Direct IO.
For Paging IO check the following flags
Cbd->Iopb->IrpFlags & IRP_NOCACHE &&
Cbd->Iopb->IrpFlags & IRP_PAGING_IO &&
Cbd->Iopb->IrpFlags & IRP_SYNCHRONOUS_PAGING_IO
xxxxx@unispy.com wrote:
Dear NTFSD,
we have an encryption driver, that work fine on clear PC.
If we install it with AVG Pro (resident shield enabled) we can see the following problem for some files (always the same, one file from 1000):during IRP_MJ_READ files are not in cashe, but flags = 0x60900, means that it’s a cashed read. So we didn’t decrypt this file and user gets a damaged data.
Any ideas how to fix it?
Vitaliy Perepelkin
Dear Rajesh,
thank you for your answer.
This flags are checked like this:
case IRP_MJ_WRITE:
if (!(Irp->Flags & IRP_NOCACHE) && !(Irp->Flags & (IRP_PAGING_IO | IRP_SYNCHRONOUS_PAGING_IO)))
break;
//ENCRYPTION HERE
…skipped…
case IRP_MJ_READ:
if (!(Irp->Flags & IRP_NOCACHE) && !(Irp->Flags & (IRP_PAGING_IO | IRP_SYNCHRONOUS_PAGING_IO)))
break;
//DECRYPTION HERE