Encryption filter

OSR_Community_User · January 23, 2006, 3:46am

hi,

Im trying to develop a encryption filter for text files. These are the
following action i need to do:

notepad should display the decrypted data.
wordpad should display the encrypted data.
remaining applications should not have read access.
Only notepad has write access.

Currently im able to identify the process from processid.
Im doing the encryption and decryption in Paging IO
(if(FlagOn(Irp->Flags,IRP_PAGING_IO) && FlagOn(Irp->Flags,IRP_NOCACHE)).

Problem:

When is open the file with notepad i get the decrypted data. But when i open
the file with wordpad i am gettin the same decrypted data instead of
encrypted data. What i understood form previous archives is that notepad and
wordpad uses memory mapped files. so they read the data directly form cache.

Is there a way that i could solve the problem like setting any flags in
create irp so that these applications always send Paging IO when they read
the file??

Thanks in advance.

regards
vishnu

OSR_Community_User · January 23, 2006, 3:58am

I don’t think such things are possible. System cache is only 1 per file,
and shared among notepad and wordpad. So, both will see cleartext data.

If you will keep encrypted data in cache - then sorry, any app using memory
mapped files (which is also notepad ) will see the crypto.

So - architecturally impossible, look for another OS to do this (though I
don’t think that any OS will allow such).

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “vishnu”
Newsgroups: ntfsd
To: “Windows File Systems Devs Interest List”
Sent: Monday, January 23, 2006 11:49 AM
Subject: [ntfsd] Encryption filter

> hi,
>
> Im trying to develop a encryption filter for text files. These are the
> following action i need to do:
>
> 1. notepad should display the decrypted data.
> 2. wordpad should display the encrypted data.
> 3. remaining applications should not have read access.
> 4. Only notepad has write access.
>
>
> Currently im able to identify the process from processid.
> Im doing the encryption and decryption in Paging IO
> (if(FlagOn(Irp->Flags,IRP_PAGING_IO) && FlagOn(Irp->Flags,IRP_NOCACHE)).
>
>
> Problem:
>
> When is open the file with notepad i get the decrypted data. But when i open
> the file with wordpad i am gettin the same decrypted data instead of
> encrypted data. What i understood form previous archives is that notepad and
> wordpad uses memory mapped files. so they read the data directly form cache.
>
>
> Is there a way that i could solve the problem like setting any flags in
> create irp so that these applications always send Paging IO when they read
> the file??
>
> Thanks in advance.
>
> regards
> vishnu
>
>
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

amitr0-2 · January 23, 2006, 3:59am

vishnu,

you are working on a similar project we are working on. well, as many people
have pointed out in this list befoer, the only profer way tp ensure a cache
flush is by rebootin the box.

regards,

amitr0

PS:- If you can elaborate the logical procedure a bit, people might be able
to help you better,.

OSR_Community_User · January 23, 2006, 5:46am

hi,

But i heard of some products already providing such solutions…
May be they are using system hooks to implement that.

regards
vishnu

“Maxim S. Shatskih” wrote in message
news:xxxxx@ntfsd…
> I don’t think such things are possible. System cache is only 1 per
file,
> and shared among notepad and wordpad. So, both will see cleartext data.
>
> If you will keep encrypted data in cache - then sorry, any app using
memory
> mapped files (which is also notepad ) will see the crypto.
>
> So - architecturally impossible, look for another OS to do this
(though I
> don’t think that any OS will allow such).
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> ----- Original Message -----
> From: “vishnu”
> Newsgroups: ntfsd
> To: “Windows File Systems Devs Interest List”
> Sent: Monday, January 23, 2006 11:49 AM
> Subject: [ntfsd] Encryption filter
>
>
> > hi,
> >
> > Im trying to develop a encryption filter for text files. These are the
> > following action i need to do:
> >
> > 1. notepad should display the decrypted data.
> > 2. wordpad should display the encrypted data.
> > 3. remaining applications should not have read access.
> > 4. Only notepad has write access.
> >
> >
> > Currently im able to identify the process from processid.
> > Im doing the encryption and decryption in Paging IO
> > (if(FlagOn(Irp->Flags,IRP_PAGING_IO) && FlagOn(Irp->Flags,IRP_NOCACHE)).
> >
> >
> > Problem:
> >
> > When is open the file with notepad i get the decrypted data. But when i
open
> > the file with wordpad i am gettin the same decrypted data instead of
> > encrypted data. What i understood form previous archives is that notepad
and
> > wordpad uses memory mapped files. so they read the data directly form
cache.
> >
> >
> > Is there a way that i could solve the problem like setting any flags in
> > create irp so that these applications always send Paging IO when they
read
> > the file??
> >
> > Thanks in advance.
> >
> > regards
> > vishnu
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>

Rob_Linegar · January 23, 2006, 5:57am

Either that (eww) or they’re doing it at a higher level… By for example
decrypting in a plugin. Off the top of my head one thing I can think of
I’ve people seen do this with is acrobat reader. This of course means
that the ‘client’ application must support plugins. That’s outside the
scope of discussions here… and hooks? I’m not opening that can of
worms… Plenty has been said about those… search back.

BR,

Rob Linegar
Software Engineer
Data Encryption Systems Limited
www.des.co.uk | www.deslock.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of vishnu
Sent: 23 January 2006 10:49
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Encryption filter

hi,

But i heard of some products already providing such solutions…
May be they are using system hooks to implement that.

regards
vishnu

“Maxim S. Shatskih” wrote in message
news:xxxxx@ntfsd…
> I don’t think such things are possible. System cache is only 1 per
file,
> and shared among notepad and wordpad. So, both will see cleartext
data.
>
> If you will keep encrypted data in cache - then sorry, any app
using
memory
> mapped files (which is also notepad ) will see the crypto.
>
> So - architecturally impossible, look for another OS to do this
(though I
> don’t think that any OS will allow such).
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> ----- Original Message -----
> From: “vishnu”
> Newsgroups: ntfsd
> To: “Windows File Systems Devs Interest List”
> Sent: Monday, January 23, 2006 11:49 AM
> Subject: [ntfsd] Encryption filter
>
>
> > hi,
> >
> > Im trying to develop a encryption filter for text files. These are
the
> > following action i need to do:
> >
> > 1. notepad should display the decrypted data.
> > 2. wordpad should display the encrypted data.
> > 3. remaining applications should not have read access.
> > 4. Only notepad has write access.
> >
> >
> > Currently im able to identify the process from processid.
> > Im doing the encryption and decryption in Paging IO
> > (if(FlagOn(Irp->Flags,IRP_PAGING_IO) &&
FlagOn(Irp->Flags,IRP_NOCACHE)).
> >
> >
> > Problem:
> >
> > When is open the file with notepad i get the decrypted data. But
when i
open
> > the file with wordpad i am gettin the same decrypted data instead of
> > encrypted data. What i understood form previous archives is that
notepad
and
> > wordpad uses memory mapped files. so they read the data directly
form
cache.
> >
> >
> > Is there a way that i could solve the problem like setting any flags
in
> > create irp so that these applications always send Paging IO when
they
read
> > the file??
> >
> > Thanks in advance.
> >
> > regards
> > vishnu
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> > To unsubscribe send a blank email to
xxxxx@lists.osr.com
>
>
>

—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@des.co.uk
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · January 23, 2006, 6:44pm

Architecturally impossible? Come on Max, this IS only software.

I have implemented this through an architecture which supports multiple
sections for a given file. This took many, many months to get working
correctly and is, essentially, a filesystem in itself.

Pete

Kernel Drivers
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Monday, January 23, 2006 2:01 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Encryption filter

I don’t think such things are possible. System cache is only 1 per file,
and shared among notepad and wordpad. So, both will see cleartext data.

If you will keep encrypted data in cache - then sorry, any app using
memory
mapped files (which is also notepad ) will see the crypto.

So - architecturally impossible, look for another OS to do this (though
I
don’t think that any OS will allow such).

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “vishnu”
Newsgroups: ntfsd
To: “Windows File Systems Devs Interest List”
Sent: Monday, January 23, 2006 11:49 AM
Subject: [ntfsd] Encryption filter

> hi,
>
> Im trying to develop a encryption filter for text files. These are the
> following action i need to do:
>
> 1. notepad should display the decrypted data.
> 2. wordpad should display the encrypted data.
> 3. remaining applications should not have read access.
> 4. Only notepad has write access.
>
>
> Currently im able to identify the process from processid.
> Im doing the encryption and decryption in Paging IO
> (if(FlagOn(Irp->Flags,IRP_PAGING_IO) && FlagOn(Irp->Flags,IRP_NOCACHE)).
>
>
> Problem:
>
> When is open the file with notepad i get the decrypted data. But when i
open
> the file with wordpad i am gettin the same decrypted data instead of
> encrypted data. What i understood form previous archives is that notepad
and
> wordpad uses memory mapped files. so they read the data directly form
cache.
>
>
> Is there a way that i could solve the problem like setting any flags in
> create irp so that these applications always send Paging IO when they read
> the file??
>
> Thanks in advance.
>
> regards
> vishnu
>
>
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

David_J_Craig · January 23, 2006, 7:27pm

Not impossible, but almost impossible except for a very few. The lower file
system where the file really resides has to be almost completely hidden.
Your filter (almost FSD) has to expose different contexts for the same file
and keep the two contexts from interfering with each other. You won’t get
any help from the real file system. You also have to create cache mappings
with the cache manager that are different. If you wanted to use the same
mappings as the lower file system for the encrypted version of the file that
could be possible, but not easy at all. It might be a little easier if you
had source code access to the components of the OS that support file systems
(IoManager, cache manager, memory manager, and NTFS). It might have been
easier to write a file system because you basically had to do so where the
caller became a part of the context. I guess the testing of multiple
processes attempting to write to the same block at the same time would make
life interesting, especially if mixed memory mapped and standard file opens.
Sounds like a nightmare, but it could be fun some of the time.

“Peter Scott” wrote in message
news:xxxxx@ntfsd…
>
> Architecturally impossible? Come on Max, this IS only software.
>
> I have implemented this through an architecture which supports multiple
> sections for a given file. This took many, many months to get working
> correctly and is, essentially, a filesystem in itself.
>
> Pete
>
> Kernel Drivers
> Windows Filesystem and Device Driver Consulting
> www.KernelDrivers.com
> (303)546-0300
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
> Sent: Monday, January 23, 2006 2:01 AM
> To: Windows File Systems Devs Interest List
> Subject: Re: [ntfsd] Encryption filter
>
> I don’t think such things are possible. System cache is only 1 per
> file,
> and shared among notepad and wordpad. So, both will see cleartext data.
>
> If you will keep encrypted data in cache - then sorry, any app using
> memory
> mapped files (which is also notepad ) will see the crypto.
>
> So - architecturally impossible, look for another OS to do this (though
> I
> don’t think that any OS will allow such).
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> ----- Original Message -----
> From: “vishnu”
> Newsgroups: ntfsd
> To: “Windows File Systems Devs Interest List”
> Sent: Monday, January 23, 2006 11:49 AM
> Subject: [ntfsd] Encryption filter
>
>
>> hi,
>>
>> Im trying to develop a encryption filter for text files. These are the
>> following action i need to do:
>>
>> 1. notepad should display the decrypted data.
>> 2. wordpad should display the encrypted data.
>> 3. remaining applications should not have read access.
>> 4. Only notepad has write access.
>>
>>
>> Currently im able to identify the process from processid.
>> Im doing the encryption and decryption in Paging IO
>> (if(FlagOn(Irp->Flags,IRP_PAGING_IO) && FlagOn(Irp->Flags,IRP_NOCACHE)).
>>
>>
>> Problem:
>>
>> When is open the file with notepad i get the decrypted data. But when i
> open
>> the file with wordpad i am gettin the same decrypted data instead of
>> encrypted data. What i understood form previous archives is that notepad
> and
>> wordpad uses memory mapped files. so they read the data directly form
> cache.
>>
>>
>> Is there a way that i could solve the problem like setting any flags in
>> create irp so that these applications always send Paging IO when they
>> read
>> the file??
>>
>> Thanks in advance.
>>
>> regards
>> vishnu
>>
>>
>>
>> —
>> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>>
>> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>

OSR_Community_User · January 23, 2006, 7:52pm

Like I said, it was not easy to implement but it does work, quite nicely.
And yes, access to the source would have made things a heck of a lot easier
but then again, that would take all the fun out of it!

And yes, I ‘picked’ one section/cache mapping to be maintained by the
underlying filesystem and then I maintained all other sections and cache
mappings within the filter driver, or more precisely, layered filesystem.

Pete

Kernel Drivers
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of David J. Craig
Sent: Monday, January 23, 2006 5:27 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Encryption filter

Not impossible, but almost impossible except for a very few. The lower file

system where the file really resides has to be almost completely hidden.
Your filter (almost FSD) has to expose different contexts for the same file
and keep the two contexts from interfering with each other. You won’t get
any help from the real file system. You also have to create cache mappings
with the cache manager that are different. If you wanted to use the same
mappings as the lower file system for the encrypted version of the file that

could be possible, but not easy at all. It might be a little easier if you
had source code access to the components of the OS that support file systems

(IoManager, cache manager, memory manager, and NTFS). It might have been
easier to write a file system because you basically had to do so where the
caller became a part of the context. I guess the testing of multiple
processes attempting to write to the same block at the same time would make
life interesting, especially if mixed memory mapped and standard file opens.

Sounds like a nightmare, but it could be fun some of the time.

“Peter Scott” wrote in message
news:xxxxx@ntfsd…
>
> Architecturally impossible? Come on Max, this IS only software.
>
> I have implemented this through an architecture which supports multiple
> sections for a given file. This took many, many months to get working
> correctly and is, essentially, a filesystem in itself.
>
> Pete
>
> Kernel Drivers
> Windows Filesystem and Device Driver Consulting
> www.KernelDrivers.com
> (303)546-0300
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
> Sent: Monday, January 23, 2006 2:01 AM
> To: Windows File Systems Devs Interest List
> Subject: Re: [ntfsd] Encryption filter
>
> I don’t think such things are possible. System cache is only 1 per
> file,
> and shared among notepad and wordpad. So, both will see cleartext data.
>
> If you will keep encrypted data in cache - then sorry, any app using
> memory
> mapped files (which is also notepad ) will see the crypto.
>
> So - architecturally impossible, look for another OS to do this (though
> I
> don’t think that any OS will allow such).
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> ----- Original Message -----
> From: “vishnu”
> Newsgroups: ntfsd
> To: “Windows File Systems Devs Interest List”
> Sent: Monday, January 23, 2006 11:49 AM
> Subject: [ntfsd] Encryption filter
>
>
>> hi,
>>
>> Im trying to develop a encryption filter for text files. These are the
>> following action i need to do:
>>
>> 1. notepad should display the decrypted data.
>> 2. wordpad should display the encrypted data.
>> 3. remaining applications should not have read access.
>> 4. Only notepad has write access.
>>
>>
>> Currently im able to identify the process from processid.
>> Im doing the encryption and decryption in Paging IO
>> (if(FlagOn(Irp->Flags,IRP_PAGING_IO) && FlagOn(Irp->Flags,IRP_NOCACHE)).
>>
>>
>> Problem:
>>
>> When is open the file with notepad i get the decrypted data. But when i
> open
>> the file with wordpad i am gettin the same decrypted data instead of
>> encrypted data. What i understood form previous archives is that notepad
> and
>> wordpad uses memory mapped files. so they read the data directly form
> cache.
>>
>>
>> Is there a way that i could solve the problem like setting any flags in
>> create irp so that these applications always send Paging IO when they
>> read
>> the file??
>>
>> Thanks in advance.
>>
>> regards
>> vishnu
>>
>>
>>
>> —
>> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>>
>> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>

—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

David_J_Craig · January 23, 2006, 9:07pm

It is easy to create a high level design like this, but the implementation
is much harder than most would think. I am sure glad I never had to do it.
I was part of a project at one time that only allowed one type of access at
a time (either plaintext or encrypted data) depending upon the program
accessing the file. When the file was closed by the last process, it was
flushed and the cache map destroyed when the next process of a different
type tried to open the file. Your method is much better but much harder.

“Peter Scott” wrote in message
news:xxxxx@ntfsd…
>
> Like I said, it was not easy to implement but it does work, quite nicely.
> And yes, access to the source would have made things a heck of a lot
> easier
> but then again, that would take all the fun out of it!
>
> And yes, I ‘picked’ one section/cache mapping to be maintained by the
> underlying filesystem and then I maintained all other sections and cache
> mappings within the filter driver, or more precisely, layered filesystem.
>
> Pete
>
> Kernel Drivers
> Windows Filesystem and Device Driver Consulting
> www.KernelDrivers.com
> (303)546-0300
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of David J. Craig
> Sent: Monday, January 23, 2006 5:27 PM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] Encryption filter
>
> Not impossible, but almost impossible except for a very few. The lower
> file
>
> system where the file really resides has to be almost completely hidden.
> Your filter (almost FSD) has to expose different contexts for the same
> file
> and keep the two contexts from interfering with each other. You won’t get
> any help from the real file system. You also have to create cache
> mappings
> with the cache manager that are different. If you wanted to use the same
> mappings as the lower file system for the encrypted version of the file
> that
>
> could be possible, but not easy at all. It might be a little easier if
> you
> had source code access to the components of the OS that support file
> systems
>
> (IoManager, cache manager, memory manager, and NTFS). It might have been
> easier to write a file system because you basically had to do so where the
> caller became a part of the context. I guess the testing of multiple
> processes attempting to write to the same block at the same time would
> make
> life interesting, especially if mixed memory mapped and standard file
> opens.
>
> Sounds like a nightmare, but it could be fun some of the time.
>
> “Peter Scott” wrote in message
> news:xxxxx@ntfsd…
>>
>> Architecturally impossible? Come on Max, this IS only software.
>>
>> I have implemented this through an architecture which supports multiple
>> sections for a given file. This took many, many months to get working
>> correctly and is, essentially, a filesystem in itself.
>>
>> Pete
>>
>> Kernel Drivers
>> Windows Filesystem and Device Driver Consulting
>> www.KernelDrivers.com
>> (303)546-0300
>>
>>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
>> Sent: Monday, January 23, 2006 2:01 AM
>> To: Windows File Systems Devs Interest List
>> Subject: Re: [ntfsd] Encryption filter
>>
>> I don’t think such things are possible. System cache is only 1 per
>> file,
>> and shared among notepad and wordpad. So, both will see cleartext data.
>>
>> If you will keep encrypted data in cache - then sorry, any app using
>> memory
>> mapped files (which is also notepad ) will see the crypto.
>>
>> So - architecturally impossible, look for another OS to do this
>> (though
>> I
>> don’t think that any OS will allow such).
>>
>> Maxim Shatskih, Windows DDK MVP
>> StorageCraft Corporation
>> xxxxx@storagecraft.com
>> http://www.storagecraft.com
>>
>> ----- Original Message -----
>> From: “vishnu”
>> Newsgroups: ntfsd
>> To: “Windows File Systems Devs Interest List”
>> Sent: Monday, January 23, 2006 11:49 AM
>> Subject: [ntfsd] Encryption filter
>>
>>
>>> hi,
>>>
>>> Im trying to develop a encryption filter for text files. These are the
>>> following action i need to do:
>>>
>>> 1. notepad should display the decrypted data.
>>> 2. wordpad should display the encrypted data.
>>> 3. remaining applications should not have read access.
>>> 4. Only notepad has write access.
>>>
>>>
>>> Currently im able to identify the process from processid.
>>> Im doing the encryption and decryption in Paging IO
>>> (if(FlagOn(Irp->Flags,IRP_PAGING_IO) && FlagOn(Irp->Flags,IRP_NOCACHE)).
>>>
>>>
>>> Problem:
>>>
>>> When is open the file with notepad i get the decrypted data. But when i
>> open
>>> the file with wordpad i am gettin the same decrypted data instead of
>>> encrypted data. What i understood form previous archives is that notepad
>> and
>>> wordpad uses memory mapped files. so they read the data directly form
>> cache.
>>>
>>>
>>> Is there a way that i could solve the problem like setting any flags in
>>> create irp so that these applications always send Paging IO when they
>>> read
>>> the file??
>>>
>>> Thanks in advance.
>>>
>>> regards
>>> vishnu
>>>
>>>
>>>
>>> —
>>> Questions? First check the IFS FAQ at
>> https://www.osronline.com/article.cfm?id=17
>>>
>>> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>>
>> —
>> Questions? First check the IFS FAQ at
>> https://www.osronline.com/article.cfm?id=17
>>
>> You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>>
>>
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>

OSR_Community_User · January 24, 2006, 12:15am

Thanks pete for the advice. Concept looks interesting.
Can i get any documentations or resources on muliple sections anywhere??

regards
Vishnu

“Peter Scott” wrote in message
news:xxxxx@ntfsd…
>
> Architecturally impossible? Come on Max, this IS only software.
>
> I have implemented this through an architecture which supports multiple
> sections for a given file. This took many, many months to get working
> correctly and is, essentially, a filesystem in itself.
>
> Pete
>
> Kernel Drivers
> Windows Filesystem and Device Driver Consulting
> www.KernelDrivers.com
> (303)546-0300
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
> Sent: Monday, January 23, 2006 2:01 AM
> To: Windows File Systems Devs Interest List
> Subject: Re: [ntfsd] Encryption filter
>
> I don’t think such things are possible. System cache is only 1 per
file,
> and shared among notepad and wordpad. So, both will see cleartext data.
>
> If you will keep encrypted data in cache - then sorry, any app using
> memory
> mapped files (which is also notepad ) will see the crypto.
>
> So - architecturally impossible, look for another OS to do this
(though
> I
> don’t think that any OS will allow such).
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> ----- Original Message -----
> From: “vishnu”
> Newsgroups: ntfsd
> To: “Windows File Systems Devs Interest List”
> Sent: Monday, January 23, 2006 11:49 AM
> Subject: [ntfsd] Encryption filter
>
>
> > hi,
> >
> > Im trying to develop a encryption filter for text files. These are the
> > following action i need to do:
> >
> > 1. notepad should display the decrypted data.
> > 2. wordpad should display the encrypted data.
> > 3. remaining applications should not have read access.
> > 4. Only notepad has write access.
> >
> >
> > Currently im able to identify the process from processid.
> > Im doing the encryption and decryption in Paging IO
> > (if(FlagOn(Irp->Flags,IRP_PAGING_IO) && FlagOn(Irp->Flags,IRP_NOCACHE)).
> >
> >
> > Problem:
> >
> > When is open the file with notepad i get the decrypted data. But when i
> open
> > the file with wordpad i am gettin the same decrypted data instead of
> > encrypted data. What i understood form previous archives is that notepad
> and
> > wordpad uses memory mapped files. so they read the data directly form
> cache.
> >
> >
> > Is there a way that i could solve the problem like setting any flags in
> > create irp so that these applications always send Paging IO when they
read
> > the file??
> >
> > Thanks in advance.
> >
> > regards
> > vishnu
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>

David_J_Craig · January 24, 2006, 12:46am

I don’t know if he owns the IP associated with that driver, but he could
probably duplicate the logic in a few months of contract work if he is
available. I would recommend you contacting him off list for details about
rates and check his web site.

“vishnu” wrote in message news:xxxxx@ntfsd…
> Thanks pete for the advice. Concept looks interesting.
> Can i get any documentations or resources on muliple sections anywhere??
>
> regards
> Vishnu
>
> “Peter Scott” wrote in message
> news:xxxxx@ntfsd…
>>
>> Architecturally impossible? Come on Max, this IS only software.
>>
>> I have implemented this through an architecture which supports multiple
>> sections for a given file. This took many, many months to get working
>> correctly and is, essentially, a filesystem in itself.
>>
>> Pete
>>
>> Kernel Drivers
>> Windows Filesystem and Device Driver Consulting
>> www.KernelDrivers.com
>> (303)546-0300
>>
>>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
>> Sent: Monday, January 23, 2006 2:01 AM
>> To: Windows File Systems Devs Interest List
>> Subject: Re: [ntfsd] Encryption filter
>>
>> I don’t think such things are possible. System cache is only 1 per
> file,
>> and shared among notepad and wordpad. So, both will see cleartext data.
>>
>> If you will keep encrypted data in cache - then sorry, any app using
>> memory
>> mapped files (which is also notepad ) will see the crypto.
>>
>> So - architecturally impossible, look for another OS to do this
> (though
>> I
>> don’t think that any OS will allow such).
>>
>> Maxim Shatskih, Windows DDK MVP
>> StorageCraft Corporation
>> xxxxx@storagecraft.com
>> http://www.storagecraft.com
>>
>> ----- Original Message -----
>> From: “vishnu”
>> Newsgroups: ntfsd
>> To: “Windows File Systems Devs Interest List”
>> Sent: Monday, January 23, 2006 11:49 AM
>> Subject: [ntfsd] Encryption filter
>>
>>
>> > hi,
>> >
>> > Im trying to develop a encryption filter for text files. These are the
>> > following action i need to do:
>> >
>> > 1. notepad should display the decrypted data.
>> > 2. wordpad should display the encrypted data.
>> > 3. remaining applications should not have read access.
>> > 4. Only notepad has write access.
>> >
>> >
>> > Currently im able to identify the process from processid.
>> > Im doing the encryption and decryption in Paging IO
>> > (if(FlagOn(Irp->Flags,IRP_PAGING_IO) &&
>> > FlagOn(Irp->Flags,IRP_NOCACHE)).
>> >
>> >
>> > Problem:
>> >
>> > When is open the file with notepad i get the decrypted data. But when i
>> open
>> > the file with wordpad i am gettin the same decrypted data instead of
>> > encrypted data. What i understood form previous archives is that
>> > notepad
>> and
>> > wordpad uses memory mapped files. so they read the data directly form
>> cache.
>> >
>> >
>> > Is there a way that i could solve the problem like setting any flags in
>> > create irp so that these applications always send Paging IO when they
> read
>> > the file??
>> >
>> > Thanks in advance.
>> >
>> > regards
>> > vishnu
>> >
>> >
>> >
>> > —
>> > Questions? First check the IFS FAQ at
>> https://www.osronline.com/article.cfm?id=17
>> >
>> > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
>> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>>
>> —
>> Questions? First check the IFS FAQ at
>> https://www.osronline.com/article.cfm?id=17
>>
>> You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>>
>>
>
>
>

OSR_Community_User · February 3, 2006, 1:30am

hi,

In the completion routine do i need to flush the data???
and for destroying the cache map what exactly should we do.

regards
Vishnu

“David J. Craig” wrote in message
news:xxxxx@ntfsd…
> It is easy to create a high level design like this, but the implementation
> is much harder than most would think. I am sure glad I never had to do
it.
> I was part of a project at one time that only allowed one type of access
at
> a time (either plaintext or encrypted data) depending upon the program
> accessing the file. When the file was closed by the last process, it was
> flushed and the cache map destroyed when the next process of a different
> type tried to open the file. Your method is much better but much harder.
>
> “Peter Scott” wrote in message
> news:xxxxx@ntfsd…
> >
> > Like I said, it was not easy to implement but it does work, quite
nicely.
> > And yes, access to the source would have made things a heck of a lot
> > easier
> > but then again, that would take all the fun out of it!
> >
> > And yes, I ‘picked’ one section/cache mapping to be maintained by the
> > underlying filesystem and then I maintained all other sections and cache
> > mappings within the filter driver, or more precisely, layered
filesystem.
> >
> > Pete
> >
> > Kernel Drivers
> > Windows Filesystem and Device Driver Consulting
> > www.KernelDrivers.com
> > (303)546-0300
> >
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of David J. Craig
> > Sent: Monday, January 23, 2006 5:27 PM
> > To: Windows File Systems Devs Interest List
> > Subject: Re:[ntfsd] Encryption filter
> >
> > Not impossible, but almost impossible except for a very few. The lower
> > file
> >
> > system where the file really resides has to be almost completely hidden.
> > Your filter (almost FSD) has to expose different contexts for the same
> > file
> > and keep the two contexts from interfering with each other. You won’t
get
> > any help from the real file system. You also have to create cache
> > mappings
> > with the cache manager that are different. If you wanted to use the
same
> > mappings as the lower file system for the encrypted version of the file
> > that
> >
> > could be possible, but not easy at all. It might be a little easier if
> > you
> > had source code access to the components of the OS that support file
> > systems
> >
> > (IoManager, cache manager, memory manager, and NTFS). It might have
been
> > easier to write a file system because you basically had to do so where
the
> > caller became a part of the context. I guess the testing of multiple
> > processes attempting to write to the same block at the same time would
> > make
> > life interesting, especially if mixed memory mapped and standard file
> > opens.
> >
> > Sounds like a nightmare, but it could be fun some of the time.
> >
> > “Peter Scott” wrote in message
> > news:xxxxx@ntfsd…
> >>
> >> Architecturally impossible? Come on Max, this IS only software.
> >>
> >> I have implemented this through an architecture which supports multiple
> >> sections for a given file. This took many, many months to get working
> >> correctly and is, essentially, a filesystem in itself.
> >>
> >> Pete
> >>
> >> Kernel Drivers
> >> Windows Filesystem and Device Driver Consulting
> >> www.KernelDrivers.com
> >> (303)546-0300
> >>
> >>
> >> -----Original Message-----
> >> From: xxxxx@lists.osr.com
> >> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S.
Shatskih
> >> Sent: Monday, January 23, 2006 2:01 AM
> >> To: Windows File Systems Devs Interest List
> >> Subject: Re: [ntfsd] Encryption filter
> >>
> >> I don’t think such things are possible. System cache is only 1 per
> >> file,
> >> and shared among notepad and wordpad. So, both will see cleartext data.
> >>
> >> If you will keep encrypted data in cache - then sorry, any app using
> >> memory
> >> mapped files (which is also notepad ) will see the crypto.
> >>
> >> So - architecturally impossible, look for another OS to do this
> >> (though
> >> I
> >> don’t think that any OS will allow such).
> >>
> >> Maxim Shatskih, Windows DDK MVP
> >> StorageCraft Corporation
> >> xxxxx@storagecraft.com
> >> http://www.storagecraft.com
> >>
> >> ----- Original Message -----
> >> From: “vishnu”
> >> Newsgroups: ntfsd
> >> To: “Windows File Systems Devs Interest List”
> >> Sent: Monday, January 23, 2006 11:49 AM
> >> Subject: [ntfsd] Encryption filter
> >>
> >>
> >>> hi,
> >>>
> >>> Im trying to develop a encryption filter for text files. These are the
> >>> following action i need to do:
> >>>
> >>> 1. notepad should display the decrypted data.
> >>> 2. wordpad should display the encrypted data.
> >>> 3. remaining applications should not have read access.
> >>> 4. Only notepad has write access.
> >>>
> >>>
> >>> Currently im able to identify the process from processid.
> >>> Im doing the encryption and decryption in Paging IO
> >>> (if(FlagOn(Irp->Flags,IRP_PAGING_IO) &&
FlagOn(Irp->Flags,IRP_NOCACHE)).
> >>>
> >>>
> >>> Problem:
> >>>
> >>> When is open the file with notepad i get the decrypted data. But when
i
> >> open
> >>> the file with wordpad i am gettin the same decrypted data instead of
> >>> encrypted data. What i understood form previous archives is that
notepad
> >> and
> >>> wordpad uses memory mapped files. so they read the data directly form
> >> cache.
> >>>
> >>>
> >>> Is there a way that i could solve the problem like setting any flags
in
> >>> create irp so that these applications always send Paging IO when they
> >>> read
> >>> the file??
> >>>
> >>> Thanks in advance.
> >>>
> >>> regards
> >>> vishnu
> >>>
> >>>
> >>>
> >>> —
> >>> Questions? First check the IFS FAQ at
> >> https://www.osronline.com/article.cfm?id=17
> >>>
> >>> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> >>> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >>
> >>
> >>
> >> —
> >> Questions? First check the IFS FAQ at
> >> https://www.osronline.com/article.cfm?id=17
> >>
> >> You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> >> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >>
> >>
> >>
> >>
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
> >
>
>
>

faras_namus · February 5, 2006, 11:41pm

At a high level you will need to maintain multiple SOP’s per FCB and then
juggle with them in the context of relevant programs. I bet you, it is
really hard to get right. We took quite some time to do this correctly.

On 2/3/06, vishnu wrote:
>
> hi,
>
> In the completion routine do i need to flush the data???
> and for destroying the cache map what exactly should we do.
>
> regards
> Vishnu
>
> “David J. Craig” wrote in message
> news:xxxxx@ntfsd…
> > It is easy to create a high level design like this, but the
> implementation
> > is much harder than most would think. I am sure glad I never had to do
> it.
> > I was part of a project at one time that only allowed one type of access
> at
> > a time (either plaintext or encrypted data) depending upon the program
> > accessing the file. When the file was closed by the last process, it
> was
> > flushed and the cache map destroyed when the next process of a different
> > type tried to open the file. Your method is much better but much
> harder.
> >
> > “Peter Scott” wrote in message
> > news:xxxxx@ntfsd…
> > >
> > > Like I said, it was not easy to implement but it does work, quite
> nicely.
> > > And yes, access to the source would have made things a heck of a lot
> > > easier
> > > but then again, that would take all the fun out of it!
> > >
> > > And yes, I ‘picked’ one section/cache mapping to be maintained by the
> > > underlying filesystem and then I maintained all other sections and
> cache
> > > mappings within the filter driver, or more precisely, layered
> filesystem.
> > >
> > > Pete
> > >
> > > Kernel Drivers
> > > Windows Filesystem and Device Driver Consulting
> > > www.KernelDrivers.com
> > > (303)546-0300
> > >
> > >
> > > -----Original Message-----
> > > From: xxxxx@lists.osr.com
> > > [mailto:xxxxx@lists.osr.com] On Behalf Of David J. Craig
> > > Sent: Monday, January 23, 2006 5:27 PM
> > > To: Windows File Systems Devs Interest List
> > > Subject: Re:[ntfsd] Encryption filter
> > >
> > > Not impossible, but almost impossible except for a very few. The
> lower
> > > file
> > >
> > > system where the file really resides has to be almost completely
> hidden.
> > > Your filter (almost FSD) has to expose different contexts for the same
> > > file
> > > and keep the two contexts from interfering with each other. You won’t
> get
> > > any help from the real file system. You also have to create cache
> > > mappings
> > > with the cache manager that are different. If you wanted to use the
> same
> > > mappings as the lower file system for the encrypted version of the
> file
> > > that
> > >
> > > could be possible, but not easy at all. It might be a little easier
> if
> > > you
> > > had source code access to the components of the OS that support file
> > > systems
> > >
> > > (IoManager, cache manager, memory manager, and NTFS). It might have
> been
> > > easier to write a file system because you basically had to do so where
> the
> > > caller became a part of the context. I guess the testing of multiple
> > > processes attempting to write to the same block at the same time would
> > > make
> > > life interesting, especially if mixed memory mapped and standard file
> > > opens.
> > >
> > > Sounds like a nightmare, but it could be fun some of the time.
> > >
> > > “Peter Scott” wrote in message
> > > news:xxxxx@ntfsd…
> > >>
> > >> Architecturally impossible? Come on Max, this IS only software.
> > >>
> > >> I have implemented this through an architecture which supports
> multiple
> > >> sections for a given file. This took many, many months to get working
> > >> correctly and is, essentially, a filesystem in itself.
> > >>
> > >> Pete
> > >>
> > >> Kernel Drivers
> > >> Windows Filesystem and Device Driver Consulting
> > >> www.KernelDrivers.com
> > >> (303)546-0300
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: xxxxx@lists.osr.com
> > >> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S.
> Shatskih
> > >> Sent: Monday, January 23, 2006 2:01 AM
> > >> To: Windows File Systems Devs Interest List
> > >> Subject: Re: [ntfsd] Encryption filter
> > >>
> > >> I don’t think such things are possible. System cache is only 1 per
> > >> file,
> > >> and shared among notepad and wordpad. So, both will see cleartext
> data.
> > >>
> > >> If you will keep encrypted data in cache - then sorry, any app
> using
> > >> memory
> > >> mapped files (which is also notepad ) will see the crypto.
> > >>
> > >> So - architecturally impossible, look for another OS to do this
> > >> (though
> > >> I
> > >> don’t think that any OS will allow such).
> > >>
> > >> Maxim Shatskih, Windows DDK MVP
> > >> StorageCraft Corporation
> > >> xxxxx@storagecraft.com
> > >> http://www.storagecraft.com
> > >>
> > >> ----- Original Message -----
> > >> From: “vishnu”
> > >> Newsgroups: ntfsd
> > >> To: “Windows File Systems Devs Interest List”
> > >> Sent: Monday, January 23, 2006 11:49 AM
> > >> Subject: [ntfsd] Encryption filter
> > >>
> > >>
> > >>> hi,
> > >>>
> > >>> Im trying to develop a encryption filter for text files. These are
> the
> > >>> following action i need to do:
> > >>>
> > >>> 1. notepad should display the decrypted data.
> > >>> 2. wordpad should display the encrypted data.
> > >>> 3. remaining applications should not have read access.
> > >>> 4. Only notepad has write access.
> > >>>
> > >>>
> > >>> Currently im able to identify the process from processid.
> > >>> Im doing the encryption and decryption in Paging IO
> > >>> (if(FlagOn(Irp->Flags,IRP_PAGING_IO) &&
> FlagOn(Irp->Flags,IRP_NOCACHE)).
> > >>>
> > >>>
> > >>> Problem:
> > >>>
> > >>> When is open the file with notepad i get the decrypted data. But
> when
> i
> > >> open
> > >>> the file with wordpad i am gettin the same decrypted data instead of
> > >>> encrypted data. What i understood form previous archives is that
> notepad
> > >> and
> > >>> wordpad uses memory mapped files. so they read the data directly
> form
> > >> cache.
> > >>>
> > >>>
> > >>> Is there a way that i could solve the problem like setting any flags
> in
> > >>> create irp so that these applications always send Paging IO when
> they
> > >>> read
> > >>> the file??
> > >>>
> > >>> Thanks in advance.
> > >>>
> > >>> regards
> > >>> vishnu
> > >>>
> > >>>
> > >>>
> > >>> —
> > >>> Questions? First check the IFS FAQ at
> > >> https://www.osronline.com/article.cfm?id=17
> > >>>
> > >>> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> > >>> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> > >>
> > >>
> > >>
> > >> —
> > >> Questions? First check the IFS FAQ at
> > >> https://www.osronline.com/article.cfm?id=17
> > >>
> > >> You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> > >> To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > >
> > > —
> > > Questions? First check the IFS FAQ at
> > > https://www.osronline.com/article.cfm?id=17
> > >
> > > You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> > >
> > >
> > >
> >
> >
> >
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>