Modifying share/access rights

Hi all,

I’m trying to selectively block access to files from other processes once
they are opened.

I have this working for regular files by clearing
currentIrpStack->Parameters.Create.ShareAccess and
nextIrpStack->Parameters.Create.ShareAccess in the open.

I am now trying to achieve the same for executables, the above method
doesn’t work.

I’m currently investigating Parameters.Create.SecurityContext->DesiredAccess
as this (as far as I can tell) is where the only noticeable difference
occurs.

Best Regards,

Rob Linegar
Software Engineer
Data Encryption Systems Limited