IRP_MJ_WRITE ISSUE

Hi all,

I am writting minifilter driver , and intercepting IRP_MJ_WRITE, and denied access in PreOperationCallback , but existing data is being corrupted and file created of 0 bytes.

anybody can tell me what is the problem.

Thanks

What do you want exactly?

to deny creation of file; if so you should deny create not write.

The creation of a file with 0 bytes looks obvious as you have not allowed any write on it and I think because of this no set_information IRP has been generated.

Hi Aditya,

Actually I want to restrict modification of files… but when intercepting IRP_MJ_WRITE… then some application creates 0 bytes file.

Thanks

You’re blocking all writes, so even if a brand new file is created, it can’t be written to.

At a high level: You’re going to need to get into the PreCreate path to examine incoming requests CreateDisposition and Desired access fields. In some\most cases you’ll probably have to open the file yourself to see if it exists. Then on the files you’re interested in, you can block the writes just for those.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@yahoo.com
Sent: Monday, November 16, 2009 7:46 AM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] IRP_MJ_WRITE ISSUE

Hi Aditya,

Actually I want to restrict modification of files… but when intercepting IRP_MJ_WRITE… then some application creates 0 bytes file.

Thanks


NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.425 / Virus Database: 270.14.67/2506 - Release Date: 11/16/09 07:43:00

>>Actually I want to restrict modification of files

like what ? Windows already have security mechanism; why you can not leverage that. Another possibility is to change the desired access parameter to read only in pre create and build a system around that. but it is quite possible that It is not what you want so once again, kindly *elaborate* on what exactly you want.