Hello Everybody,
I am writing a file filter driver which denies the user from deleting
any file\folder from the protected drive(this routine is complete and
working).
My next requirement is that the user should not be able to view the
files/folders which he deleted for the current session, I know this can be
achieved by filtering the IRP_MJ_DIRECTORY_CONTROL /
IRP_MN_QUERY_DIRECTORY.
The problems i’m facing are : -
-
Where should I store the list of files/folders which the user tried to
delete so that this list can be used for fooling the explorer(which should
be valid only for the current session). Would a simple text file be OK??
(I am doing the comparision in IRP_MJ_CREATE). What would be the best
solution. Some sort of a memory mapping???
-
Secondly with IRP_MJ_DIRECTORY_CONTROL/IRP_MN_QUERY_DIRECTORY, if all
the files and directories are returned at a single go, i.e. do the buffer
at the completion routine has all the files and directories which are to
be skipped from the explorer.
-
What are the other various issues which i may face ?? I think removing
the file descriptions in IRP_MJ_DIRECTORY_CONTROL / IRP_MN_QUERY_DIRECTORY
will be sufficient.
Thanks a Lot
Lalit.
Hi,
- Where should I store the list of files/folders which the user tried to
delete so that this list can be used for fooling the explorer(which should
be valid only for the current session). Would a simple text file be OK?? (I
am doing the comparision in IRP_MJ_CREATE). What would be the best solution.
Some sort of a memory mapping???
Use PagedPool memory. NonPagedPool would be OK, since the list is not
too big, but you do not require NonPagedPool during create and query directory
dispatch.
If you intend to do ANYTHING with the buffer in the completion, you
must use NonPagedPool.
- Secondly with IRP_MJ_DIRECTORY_CONTROL/IRP_MN_QUERY_DIRECTORY, if all the
files and directories are returned at a single go, i.e. do the buffer at the
completion routine has all the files and directories which are to be skipped
from the explorer.
What is the question here? I assume it’s what to do if all returned
files are to be skipped?
In that case, re-issue the IRP. Make sure your completion returns
STATUS_MORE_PROCESSING_REQUIRED so that you can reissue it.
- What are the other various issues which i may face ?? I think removing
the file descriptions in IRP_MJ_DIRECTORY_CONTROL / IRP_MN_QUERY_DIRECTORY
will be sufficient.
That’s about it - you will need to handle all codes -
FileBothDirectoryInformation is the most common one, but you will see
FIleNamesInformation class as well. Others are rarely seen, but you must
handle them all.
Ohh, and one thing - if this should also hide files on Lanman
redirector do NOT try to replace the buffer. This will hang the system, or
cause "Invalid user buffer’ (0xC00000E8) error status code.
–
Kind regards, Dejan M. MVP for DDK
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.
I struggled through creating a good algorithm for this that handles all
the corner cases. See this message for a summary (although I haven’t
gotten around to implementing it yet).
http://www.osr.com/cgi-bin/read.pl?scope_name=&cfg=osr.cfg&messid=043755
&mess_set=026917|043755|026926&index=1&site=&visit=1&mem_id=&check=&emai
l=&jump=0&sort=&searchWords=encompass&list=&page=view
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Lalit S. Rana
Sent: Sunday, May 11, 2003 7:47 AM
To: File Systems Developers
Subject: [ntfsd] IRP_MJ_DIRECTORY_CONTROL / IRP_MN_QUERY_DIRECTORY
Hello Everybody,
I am writing a file filter driver which denies the user
from deleting any file\folder from the protected drive(this
routine is complete and working).
My next requirement is that the user should not be able to
view the files/folders which he deleted for the current
session, I know this can be achieved by filtering the
IRP_MJ_DIRECTORY_CONTROL / IRP_MN_QUERY_DIRECTORY.
The problems i’m facing are : -
-
Where should I store the list of files/folders which the
user tried to delete so that this list can be used for
fooling the explorer(which should be valid only for the
current session). Would a simple text file be OK?? (I am
doing the comparision in IRP_MJ_CREATE). What would be the
best solution. Some sort of a memory mapping???
-
Secondly with
IRP_MJ_DIRECTORY_CONTROL/IRP_MN_QUERY_DIRECTORY, if all the
files and directories are returned at a single go, i.e. do
the buffer at the completion routine has all the files and
directories which are to be skipped from the explorer.
-
What are the other various issues which i may face ?? I
think removing the file descriptions in
IRP_MJ_DIRECTORY_CONTROL / IRP_MN_QUERY_DIRECTORY will be sufficient.
Thanks a Lot
Lalit.
You are currently subscribed to ntfsd as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Hi Dejan,
Thanks for your reply.
I wish to frame the second question again.
When the explorer issues a request for presentation of files and
directories. Does all the files and directories returned at one go i.e.
the buffer returned contains all the directories and files.
OR
The files and directories returned one by one.
> 1. Where should I store the list of files/folders which the user tried to
> delete so that this list can be used for fooling the explorer(which should
> be valid only for the current session). Would a simple text file be OK?? (I
> am doing the comparision in IRP_MJ_CREATE). What would be the best solution.
> Some sort of a memory mapping???
Use PagedPool memory. NonPagedPool would be OK, since the list is not
too big, but you do not require NonPagedPool during create and query directory
dispatch.
If you intend to do ANYTHING with the buffer in the completion, you
must use NonPagedPool.
Regarding your reply to the first question. If I use the PagedPool memory
there is no need to make any file. Should I deal with the memory directly.
I think this would be difficult to implement. Please suggest.
There is one more question
What should be the format of storing files so that comparision is
reliable. I think I will have t o give the absolute file name. But there
must be other issues involved. Please Help.
Regards
Lalit.
> When the explorer issues a request for presentation of files and
directories. Does all the files and directories returned at one go i.e.
the buffer returned contains all the directories and files.
OR
The files and directories returned one by one.
Ahh, that.
In most cases, not all files are returned in one go. So, you have to handle
that, i.e. re-issue the IRP.
Regarding your reply to the first question. If I use the PagedPool memory there is
no need to make any file. Should I deal with the memory directly. I think this
would be difficult to implement. Please suggest.
Hell, no - it’s as easy as it can get.
What should be the format of storing files so that comparision is
reliable. I think I will have t o give the absolute file name. But there
must be other issues involved. Please Help.
Use of wildcards is the easiest solution. The only problem is handling of
short vs. long file names. You have to handle that in your filter, if you wish to
compare LFN only - but LFN always.
–
Kind regards, Dejan M. MVP for DDK
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.
Hi Dejan,
Thanks for your reply.
But regarding the following query my doubt is not solved.
What should be the format of storing files so that comparision is
reliable. I think I will have t o give the absolute file name. But there
must be other issues involved. Please Help.
Use of wildcards is the easiest solution. The only problem is handling of
short vs. long file names. You have to handle that in your filter, if you
wish to
compare LFN only - but LFN always.
Here I don’t understand the meaning of wild cards. What I am planning to
do is to create a SINGLE_LINK_LIST add the names of the files which the
user deletes into it and do comparisions. Is it what you intend to say. By
my little knowledge wildcards are * and ?, how are they going to help.
One more question.
The names of the files which I am planning to store in linked list should
also contain the drive name (C: D: etc); I have to compare the full paths
of the files deleted, how will I be able to get that.
Regards,
Lalit
> Here I don’t understand the meaning of wild cards. What I am planning to do
is to create a SINGLE_LINK_LIST add the names of the files which the user
deletes into it and do comparisions. Is it what you intend to say. By my
little knowledge wildcards are * and ?, how are they going to help.
I thought you meant what to compare, so I suggested wildcards.
There is no better or worse format - linked list is probably the
easiest to use vs. arrays.
The names of the files which I am planning to store in linked list should
also contain the drive name (C: D: etc); I have to compare the full paths of
the files deleted, how will I be able to get that.
SFilter should have a way to do that. (If it uses ObQueryNameString
that’s NOT the way - I recall some SFilter version did that)
–
Kind regards, Dejan M. MVP for DDK
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.