Hi all,
I am writting minifilter driver , and intercepting IRP_MJ_WRITE, and denied access in PreOperationCallback , but existing data is being corrupted and file created of 0 bytes.
anybody can tell me what is the problem.
Thanks
Hi all,
I am writting minifilter driver , and intercepting IRP_MJ_WRITE, and denied access in PreOperationCallback , but existing data is being corrupted and file created of 0 bytes.
anybody can tell me what is the problem.
Thanks
What do you want exactly?
to deny creation of file; if so you should deny create not write.
The creation of a file with 0 bytes looks obvious as you have not allowed any write on it and I think because of this no set_information IRP has been generated.
Hi Aditya,
Actually I want to restrict modification of files… but when intercepting IRP_MJ_WRITE… then some application creates 0 bytes file.
Thanks
You’re blocking all writes, so even if a brand new file is created, it can’t be written to.
At a high level: You’re going to need to get into the PreCreate path to examine incoming requests CreateDisposition and Desired access fields. In some\most cases you’ll probably have to open the file yourself to see if it exists. Then on the files you’re interested in, you can block the writes just for those.
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@yahoo.com
Sent: Monday, November 16, 2009 7:46 AM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] IRP_MJ_WRITE ISSUE
Hi Aditya,
Actually I want to restrict modification of files… but when intercepting IRP_MJ_WRITE… then some application creates 0 bytes file.
Thanks
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.425 / Virus Database: 270.14.67/2506 - Release Date: 11/16/09 07:43:00
>>Actually I want to restrict modification of files
like what ? Windows already have security mechanism; why you can not leverage that. Another possibility is to change the desired access parameter to read only in pre create and build a system around that. but it is quite possible that It is not what you want so once again, kindly *elaborate* on what exactly you want.