Most of file system perform these check in irp_mj_create entry code.
*NTSTATUS *
*IoCheckShareAccess(*
* IN ACCESS_MASK* *DesiredAccess**,*
* IN ULONG* *DesiredShareAccess**,*
* IN OUT PFILE_OBJECT* *FileObject**,*
* IN OUT PSHARE_ACCESS* *ShareAccess**,*
* IN BOOLEAN* *Update*
* );
So, threre is no way bypass them except you write a file system filter or
hook ntcreatefile and modify the parameter.
However, if you can get the fileobject pointer and modify
parameter(shareacess in fileobject), then bypass them.
*
2009/3/6 Amit Kulkarni
> Hay! What happened, no one is responding to this post.
>
> OK, Here I ask it again…
>
> Description about IO_IGNORE_SHARE_ACCESS_CHECK in MSDN states that it
> "Indicates that the I/O manager should not perform share-access checks on
> the file object after it is created. However, the file system might still
> perform these checks. "
>
> Now if file system perform these checks then again we will not able to open
> the file. So following are some questions that came in my mind…
>
> 1> Which are the file systems that perform these checks? Or In which
> circumstances file systems perform these checks?
>
> 2> is there any way to bypass them?
>
> Thanks & Regards,
> Amit.
>
>
> ------------------------------
> Check out the all-new Messenger 9…0! Click here.http:</http:>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
Please lets not recommend ways to crash the system. You don’t own the file
object and changing it is not going to do any good. Scott Noone has
offered the correct suggestion, what you propose is just wrong, and way more
work than needed.
–
Don Burn (MVP, Windows DDK)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“ke li” wrote in message news:xxxxx@ntdev…
> Most of file system perform these check in irp_mj_create entry code.
> NTSTATUS
> IoCheckShareAccess(
> * IN ACCESS_MASK DesiredAccess **,
> * IN ULONG DesiredShareAccess* ,
> * IN OUT PFILE_OBJECT FileObject **,
> * IN OUT PSHARE_ACCESS* ShareAccess* ,
> * IN BOOLEAN Update
> * );
> So, threre is no way bypass them except you write a file system filter or
> hook ntcreatefile and modify the parameter.
> However, if you can get the fileobject pointer and modify
> parameter(shareacess in fileobject), then bypass them.
> *
Information from ESET NOD32 Antivirus, version of virus signature database 3920 (20090309)
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com