Hi!
I am implementing a minifilter in which i need to read the data of a file when any IRP_MJ_WRITE comes on that file. I perform the read operation using FltReadFile and the same file object that i get in IRP_MJ_WRITE.
But this fails when the file was opened with just GENERIC_WRITE flag, because i am not allowed to perform a read using the same file object.
So, what i was thinking was to manipulate the flags in the IRP_MJ_CREATE itself and add GENERIC_READ flag too.
To avoid any loopholes due to this manipulation of flag, i maintain a list of file objects and their flags that i had modified in the Create call. Whenever a IRP_MJ_READ comes i check whether this is a valid call depending on the original flags.
Thus, this gives me the opputunity to read the file and on the same hand avoid any loopholes from usermode.
My questions are:
- “IS IT RIGHT TO DO THIS STUFF ?”
- What are the problems/ constraints of this implementation?
Thanks!
Ayush Gupta
> 2. What are the problems/ constraints of this implementation?
I think you may get random failures when an application specifies
a certain sharing level.
Try to write test program which opens a file twice
with FILE_SHARE_WRITE. Since you are adding GENERIC_READ
to the access, it might fail.
I know this is bigger problem if you are adding GENERIC_WRITE
flag when opened for GENERIC_READ, I am not sure if the same
problem comes in your scenario.
L.
hi Ladislav!
thanks for the reply!
I had mentioned that before allowing any IRP_MJ_READ, i will first validate the request by checking against a list that i maintain for file objects and corresponding flags that i had seen in the create request.
For ex:
if an application specifies to open a file with just GENERIC_WRITE, i append a GENERIC_READ flag in IRP_MJ_CREATE itself. I note the original flag (GENERIC_WRITE) in a list that i maintain.
Now suppose this, application tries to open a handle again, i will first vaildate the IRP_MJ_CREATE request with the list that i maintain.
“I NEED TO DO THIS STUFF ONLY WHEN I GET JUST GENERIC_WRITE”…
Any idea??
You could create your own fileobject in IRP_MJ_CREATE and save it in
context. Object your create will have GENERIC_READ flag and should SHARE all
flags. After IRP_MJ_WRITE comes you can use your object to read data from
file.
I’m using similar solution but I’m not really sure if it is RIGHT TO DO IT
too . Anyway you will not manipulate flag so it could be at least cleaner
solution. But there is need to write code to maintain your file object (look
to metadamanager sample).
Good luck
Jan
wrote in message news:xxxxx@ntfsd…
> Hi!
> I am implementing a minifilter in which i need to read the data of a file
when any IRP_MJ_WRITE comes on that file. I perform the read operation using
FltReadFile and the same file object that i get in IRP_MJ_WRITE.
>
> But this fails when the file was opened with just GENERIC_WRITE flag,
because i am not allowed to perform a read using the same file object.
>
> So, what i was thinking was to manipulate the flags in the IRP_MJ_CREATE
itself and add GENERIC_READ flag too.
> To avoid any loopholes due to this manipulation of flag, i maintain a list
of file objects and their flags that i had modified in the Create call.
Whenever a IRP_MJ_READ comes i check whether this is a valid call depending
on the original flags.
>
> Thus, this gives me the opputunity to read the file and on the same hand
avoid any loopholes from usermode.
>
> My questions are:
>
> 1. “IS IT RIGHT TO DO THIS STUFF ?”
> 2. What are the problems/ constraints of this implementation?
>
> Thanks!
> Ayush Gupta
>
>