filespy how to protect a folder

OSR_Community_User · October 23, 2005, 7:09pm

I am a newbie of ifs program.Now I want to protect a folder file.People
can’t read it but can’t delete and modify the file in folder.First I try to
modify the filespy.c(sample of ifs ).I modify the code in the spycrate
function.I found my system crash.How can I do this.Any help?

if (DeviceObject == gControlDeviceObject) {
if (FlagOn( gFileSpyDebugLevel, SPYDEBUG_TRACE_IRP_OPS )) {

SpyDumpIrpOperation( TRUE, Irp );
}
KeAcquireSpinLock( &gControlDeviceStateLock, &oldIrql );

if (gControlDeviceState != CLOSED) {

Irp->IoStatus.Status = STATUS_DEVICE_ALREADY_ATTACHED;
Irp->IoStatus.Information = 0;

} else {
//Irp->IoStatus.Status = STATUS_SUCCESS; —filespy.c source code
Irp->IoStatus.Status = STATUS_ACCESS_DENIED; //----I do modify
//Irp->IoStatus.Information = FILE_OPENED;—filespy.c source
code
Irp->IoStatus.Information = 0; //—I do modify
//gControlDeviceState = OPENED; ----filespy.c source code
}
KeReleaseSpinLock( &gControlDeviceStateLock, oldIrql );

IoCompleteRequest( Irp, IO_NO_INCREMENT );
return status;
}

Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn

OSR_Community_User · October 24, 2005, 1:26am

Taylor,

I’m a newbie myself, but in the sample code, two things struck me.
First, if your wanting to block access to a specific folder, your
modifying the wrong portion of code. I think a simple way to block
access to a particular folder would be to read the path from the file
object and determine whether to pass or fail the irp, if the path does
not match the path of your ‘special folder’, then call SpyPassThrough.
If you want your user application or a service to be the only thing that
can access your ‘special folder’, then you could add some extra logic to
look for the caller’s PID and compare it to the PID of your service or
application.

Second, you left out a line of code (status = Irp->IoStatus.Status;).
Your Irp’s status is set
to STATUS_ACCESS_DENIED while your dispatch routine’s return status is
set to, well, nothing from as far as I can tell…

Still learning myself, so take my advice with a grain of salt…
Perhaps someone else here will help you more

M.

taylor luo wrote:

I am a newbie of ifs program.Now I want to protect a folder
file.People can’t read it but can’t delete and modify the file in
folder.First I try to modify the filespy.c(sample of ifs ).I modify
the code in the spycrate function.I found my system crash.How can I do
this.Any help?

if (DeviceObject == gControlDeviceObject) {
if (FlagOn( gFileSpyDebugLevel, SPYDEBUG_TRACE_IRP_OPS )) {

SpyDumpIrpOperation( TRUE, Irp );
}
KeAcquireSpinLock( &gControlDeviceStateLock, &oldIrql );

if (gControlDeviceState != CLOSED) {

Irp->IoStatus.Status = STATUS_DEVICE_ALREADY_ATTACHED;
Irp->IoStatus.Information = 0;

} else {
//Irp->IoStatus.Status = STATUS_SUCCESS; —filespy.c source code
Irp->IoStatus.Status = STATUS_ACCESS_DENIED; //----I do modify
//Irp->IoStatus.Information = FILE_OPENED;—filespy.c source code
Irp->IoStatus.Information = 0; //—I do modify
//gControlDeviceState = OPENED; ----filespy.c source code }
KeReleaseSpinLock( &gControlDeviceStateLock, oldIrql );

IoCompleteRequest( Irp, IO_NO_INCREMENT );
return status;
}

Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · October 24, 2005, 2:19am

> I am a newbie of ifs program.Now I want to protect a folder file.People

can’t read it but can’t delete and modify the file in folder.First I try to

Can’t this be done by builtin Windows security ?

L.

amitr0-2 · October 24, 2005, 2:35am

>I am a newbie of ifs program.Now I want to protect a folder file.

I know a lot of members will ask you to use windows ACLs and it is the right
way to do these things, why go for an over kill, but yes, for knowledge
sake, I do support your efforts. I am also a learner here, it would be nice
if you can share your knowledge with me.

Amitrajit

Slava_Imameyev · October 24, 2005, 3:08pm

Hi!
You did not modify the returned status!
You complete an IRP with the error STATUS_ACCESS_DENIED in the
Irp->IoStatus.Status field but return STATUS_SUCCESS from the IRP_MJ_CREATE
dispatcher function.

Try the following code:
{
…
Irp->IoStatus.Status = STATUS_ACCESS_DENIED; //----I do modify
status = Irp->IoStatus.Status
//Irp->IoStatus.Information = FILE_OPENED;—filespy.c source
code
Irp->IoStatus.Information = 0; //—I do modify
//gControlDeviceState = OPENED; ----filespy.c source code
}
KeReleaseSpinLock( &gControlDeviceStateLock, oldIrql );

IoCompleteRequest( Irp, IO_NO_INCREMENT );
return status;
}

“taylor luo” wrote in message news:xxxxx@ntfsd…
>I am a newbie of ifs program.Now I want to protect a folder file.People
>can’t read it but can’t delete and modify the file in folder.First I try to
>modify the filespy.c(sample of ifs ).I modify the code in the spycrate
>function.I found my system crash.How can I do this.Any help?
>
> if (DeviceObject == gControlDeviceObject) {
> if (FlagOn( gFileSpyDebugLevel, SPYDEBUG_TRACE_IRP_OPS )) {
>
> SpyDumpIrpOperation( TRUE, Irp );
> }
> KeAcquireSpinLock( &gControlDeviceStateLock, &oldIrql );
>
> if (gControlDeviceState != CLOSED) {
>
> Irp->IoStatus.Status = STATUS_DEVICE_ALREADY_ATTACHED;
> Irp->IoStatus.Information = 0;
>
> } else {
> //Irp->IoStatus.Status = STATUS_SUCCESS; —filespy.c source code
> Irp->IoStatus.Status = STATUS_ACCESS_DENIED; //----I do modify
> //Irp->IoStatus.Information = FILE_OPENED;—filespy.c source
> code
> Irp->IoStatus.Information = 0; //—I do modify
> //gControlDeviceState = OPENED; ----filespy.c source code }
> KeReleaseSpinLock( &gControlDeviceStateLock, oldIrql );
>
> IoCompleteRequest( Irp, IO_NO_INCREMENT );
> return status;
> }
>
> _________________________________________________________________
> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn
>