I am reposting my query below.
My requirement is to either make a specific device (identified based on some
hardware id) read-only or to make all devices of a particular class read-only.
We want to control all devices including those which are seen as disk drives
(hot pluggable like USB flash card + hot pluggable with removable media like
CD/DVD, floppy drive) in the Windows and the ones which do not show up as disk
drives (Windows portable devices, blackberry, mobile phones etc).
I tried implementing upper class filter driver for various classes (based on
toaster sample in wdk) and tried setting FILE_READ_ONLY_DEVICE characteristic
while creating filter device object but it’s of no use. The USB device still can
be written to. I also tried rejecting write requests for PDO but no luck.
Any insights into this would be highly appreciated.
This seems like a very complicated solution to some unstated problem.
There is no generic solution, although in an upper filter for class
level device, rejecting write requests should effectively make a
device read only and likely break the applications and higher level
client drivers of the class.
On a case by case basis there can be clean solutions. It is possible
to transform disk partitions into read only objects, for example.
There is no generic mechanism for the design path you have chosen.
On Monday, December 21, 2009, wrote:
> I am reposting my query below.
>
> My requirement is to either make a specific device (identified based on some
> hardware id) read-only or to make all devices of a particular class read-only.
> We want to control all devices including those which are seen as disk drives
> (hot pluggable like USB flash card + hot pluggable with removable media like
> CD/DVD, floppy drive) in the Windows and the ones which do not show up as disk
> drives (Windows portable devices, blackberry, mobile phones etc).
>
> I tried implementing upper class filter driver for various classes (based on
> toaster sample in wdk) and tried setting FILE_READ_ONLY_DEVICE characteristic
> while creating filter device object but it’s of no use. The USB device still can
> be written to. I also tried rejecting write requests for PDO but no luck.
>
> Any insights into this would be highly appreciated.
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
–
Mark Roddy
> We want to control all devices including those which are seen as disk drives
(hot pluggable like USB flash card + hot pluggable with removable media like
CD/DVD, floppy drive) in the Windows and the ones which do not show up as disk
drives (Windows portable devices, blackberry, mobile phones etc).
You will need the approach of its own for each of the mentioned devices.
One approach for external disks (flash cards), another for CD/DVD, another for ActiveSync devices, another for BlackBerry (with the help from RIM or with major reverse-engineering effort), another for iPhone/iPod/iTunes, another for cell phones used as EDGE/WiMax modems, another for cell phones used via OBEX, and so on.
There are no generic ways in Windows to make all devices read-only.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
Thanks Maxim for responding. Can you please let me know what approach to follow to make at least USB mass storage devices read only?
What versions of Windows? NTFS cannot be made read-only prior to Vista,
IIRC. Otherwise there are two choices: storage stack and file system
stack. Read the WDK documentation on both and determine which best suits
your needs. You do not want to make the boot drive read-only as Windows
should crash if you do.
wrote in message news:xxxxx@ntdev…
> Thanks Maxim for responding. Can you please let me know what approach to
> follow to make at least USB mass storage devices read only?
>
> What versions of Windows? NTFS cannot be made read-only prior to Vista,
Prior to XP.
VSS is what required read-only NTFS.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
Filter the SCSI commands wrapped in URBs between USBSTOR and USBHUB.
Or filter the unwrapped SCSI commands above USBSTOR (between USBSTOR and DISK)
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntdev…
> Thanks Maxim for responding. Can you please let me know what approach to follow to make at least USB mass storage devices read only?
>
To David,
I am planning to make driver work above XP and later. Can you please be more elaborative on how to avoid making boot drive read-only. Also when you say storage stack, do you mean filtering at class level or device level? How we can achieve this at file system level?
To Maxim,
Can you please elaborate which scsi commands do I need to filter? Also when you say between USBSTOR and USBHUB, which filter driver you are talking about? When you say USBSTOR and disk, I believe you are talking about upper disk class filter driver. Is that right?
> Can you please elaborate which scsi commands do I need to filter?
Fail all write commands with proper sense info of “write protected media”, and also I think (don’t remember off-head) some MODE SENSE which returns the “write protected” flag.
Look at Disk source in the WDK samples for this flag-returning command.
you say USBSTOR and disk, I believe you are talking about upper disk class filter driver.
Lower.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
Maxim, So when you say between USBSTOR and USBHUB, which filter driver you are talking about?
> Maxim, So when you say between USBSTOR and USBHUB, which filter driver you are talking about?
Lower filter below USBSTOR.
But I think filtering between DISK and USBSTOR is better.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
xxxxx@yahoo.com wrote:
- Where can I get good documentation on the DISK, USBSTOR and USBHUB device stack (What is the purpose of each and which commands get passed through them etc.
Google is your friend, as is MSDN. Both are much faster than waiting
for a reply from this list.
- Also I used the toaster filter driver as upper disk class filter driver and rebooted the machine and system crashed. I couldn’t figure out from crash information what could be the reason but is this known issue?
You mean, is blindly attaching filter drivers to driver stacks without
understanding the impact a known issue? Yes, it is.
We don’t have any clue what you might have done to the driver nor how
you installed it. You can try posting the output of “!analyze -v”.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
> 2. I used disk class upper filter driver and returned STATUS_MEDIA_WRITE_PROTECTED through
IOCTL_DISK_IS_WRITABLE and USB devices became read-only. Isn’t this sufficient
Yes, this is also a way.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
Maxim,
Using IOCTL_DISK_IS_WRITABLE, disk class devices became read-only. Is there any similar way to make CD-ROM devices read-only using upper filter class driver for CD-ROM class?
>make CD-ROM devices read-only using upper filter class driver for CD-ROM class?
No.
I remember solving this problem by patching the response to one of the MMC commands (forget what, but it was a large structure) to show the current media as -ROM and not -R or -RW or -RAM.
Also fail WRITE commands.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
Amit Shinde wrote:
I tried implementing upper class filter driver for various classes
(based on toaster sample in wdk) and tried setting
FILE_READ_ONLY_DEVICE characteristic while creating filter device
object but it’s of no use. The USB device still can be written to.
If I have physical access to the machine (since I’m plugging in USB drives), I can just boot from a restore CD, reset the administrator password, and then remove your filter. So your whole project is worthless anyway.
Chris,
You are thinking about a traditional desktop when you make the point that
‘physical access’ provides unlimited access. However, there are many valid
scenarios where ‘physical access to a USB port’ does not imply unlimited
access.
The little Kodak Picture Kiosk at CVS comes to mind…
And I would sure hope that it mounts my USB drive R/O!
Cheers,
Dave Cattley
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Saturday, January 02, 2010 12:39 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Need help for making devices read only
Amit Shinde wrote:
I tried implementing upper class filter driver for various classes
(based on toaster sample in wdk) and tried setting
FILE_READ_ONLY_DEVICE characteristic while creating filter device
object but it’s of no use. The USB device still can be written to.
If I have physical access to the machine (since I’m plugging in USB drives),
I can just boot from a restore CD, reset the administrator password, and
then remove your filter. So your whole project is worthless anyway.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
It looks like some conspiracy exists against letting
users write-protect their storage devices or media.
20 years ago all disks, tapes and floppies had a write-protect tab.
5 years ago I could find several USB flash models with a protection switch,
but today hardly can see one.
Almost all external disk enclosures have no write protect switch (though
many of them
have a “backup button”).
Full-size SD flash cards have the protect switch, but micro SD
cards already have no built-in switch, and please show me a micro SD reader
with the switch. It’s a mistery…
– pa
“David R. Cattley” wrote in message news:xxxxx@ntdev…
> Chris,
>
> You are thinking about a traditional desktop when you make the point that
> ‘physical access’ provides unlimited access. However, there are many
> valid
> scenarios where ‘physical access to a USB port’ does not imply unlimited
> access.
>
> The little Kodak Picture Kiosk at CVS comes to mind…
>
> And I would sure hope that it mounts my USB drive R/O!
>
> Cheers,
> Dave Cattley
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
> xxxxx@gmail.com
> Sent: Saturday, January 02, 2010 12:39 PM
> To: Windows System Software Devs Interest List
> Subject: RE:[ntdev] Need help for making devices read only
>
> Amit Shinde wrote:
>
>> I tried implementing upper class filter driver for various classes
>> (based on toaster sample in wdk) and tried setting
>> FILE_READ_ONLY_DEVICE characteristic while creating filter device
>> object but it’s of no use. The USB device still can be written to.
>
> If I have physical access to the machine (since I’m plugging in USB
> drives),
> I can just boot from a restore CD, reset the administrator password, and
> then remove your filter. So your whole project is worthless anyway.
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
Maxim,
So this patching needs to be done in a way up for IRP i.e.in IoCompletion routine , rite? And for failing Write commands, I need to fail IRP_MJ_WRITE as well as IOCTL_SCSI_PASS_THROUGH and IOCTL_SCSI_PASS_THROUGH_DIRECT for write command, rite?
“I remember solving this problem by patching the response to one of the MMC
commands (forget what, but it was a large structure) to show the current media
as -ROM and not -R or -RW or -RAM”,