Like I said, it was not easy to implement but it does work, quite nicely.
And yes, access to the source would have made things a heck of a lot easier
but then again, that would take all the fun out of it!
And yes, I ‘picked’ one section/cache mapping to be maintained by the
underlying filesystem and then I maintained all other sections and cache
mappings within the filter driver, or more precisely, layered filesystem.
Pete
Kernel Drivers
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of David J. Craig
Sent: Monday, January 23, 2006 5:27 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Encryption filter
Not impossible, but almost impossible except for a very few. The lower file
system where the file really resides has to be almost completely hidden.
Your filter (almost FSD) has to expose different contexts for the same file
and keep the two contexts from interfering with each other. You won’t get
any help from the real file system. You also have to create cache mappings
with the cache manager that are different. If you wanted to use the same
mappings as the lower file system for the encrypted version of the file that
could be possible, but not easy at all. It might be a little easier if you
had source code access to the components of the OS that support file systems
(IoManager, cache manager, memory manager, and NTFS). It might have been
easier to write a file system because you basically had to do so where the
caller became a part of the context. I guess the testing of multiple
processes attempting to write to the same block at the same time would make
life interesting, especially if mixed memory mapped and standard file opens.
Sounds like a nightmare, but it could be fun some of the time.
“Peter Scott” wrote in message
news:xxxxx@ntfsd…
>
> Architecturally impossible? Come on Max, this IS only software.
>
> I have implemented this through an architecture which supports multiple
> sections for a given file. This took many, many months to get working
> correctly and is, essentially, a filesystem in itself.
>
> Pete
>
> Kernel Drivers
> Windows Filesystem and Device Driver Consulting
> www.KernelDrivers.com
> (303)546-0300
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
> Sent: Monday, January 23, 2006 2:01 AM
> To: Windows File Systems Devs Interest List
> Subject: Re: [ntfsd] Encryption filter
>
> I don’t think such things are possible. System cache is only 1 per
> file,
> and shared among notepad and wordpad. So, both will see cleartext data.
>
> If you will keep encrypted data in cache - then sorry, any app using
> memory
> mapped files (which is also notepad
) will see the crypto.
>
> So - architecturally impossible, look for another OS to do this (though
> I
> don’t think that any OS will allow such).
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> ----- Original Message -----
> From: “vishnu”
> Newsgroups: ntfsd
> To: “Windows File Systems Devs Interest List”
> Sent: Monday, January 23, 2006 11:49 AM
> Subject: [ntfsd] Encryption filter
>
>
>> hi,
>>
>> Im trying to develop a encryption filter for text files. These are the
>> following action i need to do:
>>
>> 1. notepad should display the decrypted data.
>> 2. wordpad should display the encrypted data.
>> 3. remaining applications should not have read access.
>> 4. Only notepad has write access.
>>
>>
>> Currently im able to identify the process from processid.
>> Im doing the encryption and decryption in Paging IO
>> (if(FlagOn(Irp->Flags,IRP_PAGING_IO) && FlagOn(Irp->Flags,IRP_NOCACHE)).
>>
>>
>> Problem:
>>
>> When is open the file with notepad i get the decrypted data. But when i
> open
>> the file with wordpad i am gettin the same decrypted data instead of
>> encrypted data. What i understood form previous archives is that notepad
> and
>> wordpad uses memory mapped files. so they read the data directly form
> cache.
>>
>>
>> Is there a way that i could solve the problem like setting any flags in
>> create irp so that these applications always send Paging IO when they
>> read
>> the file??
>>
>> Thanks in advance.
>>
>> regards
>> vishnu
>>
>>
>>
>> —
>> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>>
>> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com