All,
I’ve embarked on a file filter driver project and would like to get all my
ducks in a row before I jump into the wrong model.
What the driver is:
- A filter that will monitor files being opened
- Determine if they are a EXE
- Look at the header of the file
- Depending on #3 if a match is found display a dialog
to the user to continue or stop the file from opening.
What I’ve done:
- Worked with an antivirus company years ago and wrote the low
level device driver for DOS, Win3.x.
- Wrote WDM Audio Device Drivers.
- Discovered the IFS Kit from MS, purchased, installed and have studied.
- Searched this newsgroup for Q/A.
- Have the latest SoftIce stuff for Win2k.
What I think I need:
- System Kernel Driver based on SFilter.
- User mode driver for dialog box?
- Help on direction? Suggestions of where I may find someone to help
out.
Feel free to email and/or call me.
Best Regards,
Carlton
440-717-7510 x 110
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> What the driver is:
- A filter that will monitor files being opened
- Determine if they are a EXE
- Look at the header of the file
- Depending on #3 if a match is found display a dialog
to the user to continue or stop the file from opening.
A filter driver can filter these main events :
IRP_MJ_CREATE
IRP_MJ_CREATE_NAMED_PIPE
IRP_MJ_CLOSE
IRP_MJ_READ
IRP_MJ_WRITE
IRP_MJ_QUERY_INFORMATION
IRP_MJ_SET_INFORMATION
IRP_MJ_QUERY_EA
IRP_MJ_SET_EA
IRP_MJ_FLUSH_BUFFERS
IRP_MJ_QUERY_VOLUME_INFORMATION
IRP_MJ_SET_VOLUME_INFORMATION
IRP_MJ_DIRECTORY_CONTROL
IRP_MJ_FILE_SYSTEM_CONTROL
IRP_MJ_DEVICE_CONTROL
IRP_MJ_INTERNAL_DEVICE_CONTROL
IRP_MJ_SHUTDOWN
IRP_MJ_LOCK_CONTROL
IRP_MJ_CLEANUP
IRP_MJ_CREATE_MAILSLOT
IRP_MJ_QUERY_SECURITY
IRP_MJ_SET_SECURITY
IRP_MJ_QUERY_POWER
IRP_MJ_SET_POWER
IRP_MJ_DEVICE_CHANGE
IRP_MJ_QUERY_QUOTA
IRP_MJ_SET_QUOTA
IRP_MJ_PNP_POWER
IRP_MJ_MAXIMUM_FUNCTION
Filter Driver doesnt not identify wheather file is EXE or not. But u can
identify by trapping above events.
I feel For displaying the Dialog u can interact with Front-end application.
What I’ve done:
- Worked with an antivirus company years ago and wrote the low
level device driver for DOS, Win3.x.
- Wrote WDM Audio Device Drivers.
- Discovered the IFS Kit from MS, purchased, installed and have studied.
- Searched this newsgroup for Q/A.
- Have the latest SoftIce stuff for Win2k.
I have DDK,VC++,MS-Tools,SoftIce,IFS Kit These things are enough.
What I think I need:
- System Kernel Driver based on SFilter.
- User mode driver for dialog box?
- Help on direction? Suggestions of where I may find someone to help
out.
Feel free to email and/or call me.
I am refering Rajeev nagars book and his sample Filter Driver.
Regards,
Satish K.S
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com