Help me!

Chang_Sung_Jung · November 28, 2003, 11:25pm

I wanna control access to a file(test.txt) of directory(c:\test :
shared-folder).
So, I hooked ZwCreateFile.
In the ZwCreateFile Routine, I checked whether someone try to access
c:\test\test.txt.
If someone access, I returned STATUS_ACCESS_DENIED code.
Otherwise, I called original ZwCreateFile Routine.

In the local system, It works very well.
But, If i try to open c:\test\test.txt from a remote machine, ZwCreateFile
Routine is called.
STATUS_ACCESS_DENIED code is returened, of course.
By the way, c:\test\test.txt is opened.

It’s really abnormal!
Other functions shoud be hooked?
How can solve this problem?

Any answer’ll be great appreciated!

Best regards.
tocsjung.

OSR_Community_User · November 28, 2003, 11:40pm

Hello Jung.,

First of all, the way you’re using is wrong. You’re using
undocumented features, it means you cann’t guarantee the stable work
of your S/W. You’d better to use(develop) intermediate FS driver.

Anyway, if you want to use hooking…
Some time ago when I’ve been developing “Cautus AC” tool, and I had same
problem as you now ;), to solve that problem you
must intercept IoCreateFile(and not ZwCreateFile). Why? Try to
understand it by yourself.
Hint: take a look into CIFS.

Regards,
Michael

Saturday, November 29, 2003, 1:25:00 PM, you wrote:

CSJ> I wanna control access to a file(test.txt) of directory(c:\test :
CSJ> shared-folder).
CSJ> So, I hooked ZwCreateFile.
CSJ> In the ZwCreateFile Routine, I checked whether someone try to access
CSJ> c:\test\test.txt.
CSJ> If someone access, I returned STATUS_ACCESS_DENIED code.
CSJ> Otherwise, I called original ZwCreateFile Routine.

CSJ> In the local system, It works very well.
CSJ> But, If i try to open c:\test\test.txt from a remote machine, ZwCreateFile
CSJ> Routine is called.
CSJ> STATUS_ACCESS_DENIED code is returened, of course.
CSJ> By the way, c:\test\test.txt is opened.

CSJ> It’s really abnormal!
CSJ> Other functions shoud be hooked?
CSJ> How can solve this problem?

CSJ> Any answer’ll be great appreciated!

CSJ> Best regards.
CSJ> tocsjung.

Alexei_Jelvis-2 · November 28, 2003, 11:52pm

If you want to implement this functionality you need to develop file system
filter instead of hooking ZwCreateFile.

Alexei.

“Chang Sung, Jung.” wrote in message
news:xxxxx@ntfsd…
>
> I wanna control access to a file(test.txt) of directory(c:\test :
> shared-folder).
> So, I hooked ZwCreateFile.
> In the ZwCreateFile Routine, I checked whether someone try to access
> c:\test\test.txt.
> If someone access, I returned STATUS_ACCESS_DENIED code.
> Otherwise, I called original ZwCreateFile Routine.
>
> In the local system, It works very well.
> But, If i try to open c:\test\test.txt from a remote machine, ZwCreateFile
> Routine is called.
> STATUS_ACCESS_DENIED code is returened, of course.
> By the way, c:\test\test.txt is opened.
>
> It’s really abnormal!
> Other functions shoud be hooked?
> How can solve this problem?
>
> Any answer’ll be great appreciated!
>
> Best regards.
> tocsjung.
>
>