i want to change the file’s access rights to make the file read-only in postCreate.
i tried to chane CallbackData->Iopb->Parameters.Create.SecurityContext.DesiredAccess to GENERIC_READ ,but it dose not work.
and the WriteAccess member of fileobject could not be changed.
should i do this in precreate?
It cannot work. Analyze again your goal and redesign achivement. An application which opens file with RW or W acess rights expects after successfull open that writes will work. I suppose your goal is not the failing applications.
Bronislav Gabrhelik
thans a lot??i’m a rookie,and there are so many problem.
I see?my goal is just make file to be read-only, i’m going to do this in some other way…
one there comes a IRP_MJ_CREATE , the system create a new file object. is that right?
An aplication should be designed, so it allows R/O mode. Usually after unsuccessful open with R/W access it tries to open the file with R/O access and switches into R/O mode. So first solution which comes to my mind is to fail opens with W access with STATUS_ACCESS_DENIED. But generally if an application is not ready to work in R/O mode it will not be able to work. Try to define the set of applications you will support and then you can analyze their behavior on R/O file. Use some monitoring tool like filespy, filemon, processmon…
Then you can define some more advanced filters how to fake an application, so it doesn’t modify data.
Regards,
Bronislav Gabrhelik