Need help with usbstor.sys filter driver

NTDEV
1

Hello,
I`m a student and I thought of making a usb
disk-on-key manager as my final graduate project.
The main concept is to “catch” the mass storage
devices inserted to the machine and by comparing with
“black list” of usernames decide if to enable the
device or not.
I thought of making a filter driver to “usbstor.sys”
as its the usb mass storage driver of Windows.

I must say Im a newbie in this drivers world. Its really not clear to me yet, how do I “tell”
Windows that my driver is a filter driver for
usbstor.sys?
My lucky guess is the INF file, but I can`t realize
what the sections and kays-values in such file should
be, what is the class name & guid for mass storage
devices and how I specify its a filter driver.

Also,
will it work if I simply implement my custom AddDevice
driver entry and there check the users list?

Please,
if anyone can answer my question(s) and help in any
way it would be great… thanks

Yigi

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

2

Look under src\storage\filters in the DDK to see one way to install a
filter driver.

You’ll have a bigger problem than how to load a filter driver. Drivers
load in system context, not in the context of any particular login
session. There isn’t a good way to determine the “current user” and
with things like fast user switching the notion of “current user” is
going away.

This isn’t to say such a thing is unmanagable, but you’ll need to think
more about how to handle multiple users logged on to the system at the
same time, what happens when I switch users from someone on the black
list to someone who isn’t (or vice versa).

-p

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Yigal Maman
Sent: Sunday, March 26, 2006 10:15 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Need help with usbstor.sys filter driver

Hello,
I`m a student and I thought of making a usb disk-on-key manager as my
final graduate project.
The main concept is to “catch” the mass storage devices inserted to the
machine and by comparing with “black list” of usernames decide if to
enable the device or not.
I thought of making a filter driver to “usbstor.sys”
as its the usb mass storage driver of Windows.

I must say Im a newbie in this drivers world. Its really not clear to me yet, how do I “tell”
Windows that my driver is a filter driver for usbstor.sys?
My lucky guess is the INF file, but I can`t realize what the sections
and kays-values in such file should be, what is the class name & guid
for mass storage devices and how I specify its a filter driver.

Also,
will it work if I simply implement my custom AddDevice driver entry and
there check the users list?

Please,
if anyone can answer my question(s) and help in any way it would be
great… thanks

Yigi

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

3

Thank you Peter for answering me.
For the problem you mention I thought of making a
user-mode service which will recieve messages from my
driver (device insert\remove) and by the local policy
will send messages back to the driver and tell him
what to do.
Do you think this approach will work?

Also,
I saw two examples in the ddk, but I still not quite
sure how to make a filter driver for usb disk-on-keys,
which will automaticly be loaded each time such a
device is inserted. Does disk-on-key has a class guid?
Maybe you can point me to the right direction.

And last, (for now)
is there a way to install a driver on a remote
machine?

Thanks any one for your help.

Yigal

— Peter Wieland
wrote:

> Look under src\storage\filters in the DDK to see one
> way to install a
> filter driver.
>
> You’ll have a bigger problem than how to load a
> filter driver. Drivers
> load in system context, not in the context of any
> particular login
> session. There isn’t a good way to determine the
> “current user” and
> with things like fast user switching the notion of
> “current user” is
> going away.
>
> This isn’t to say such a thing is unmanagable, but
> you’ll need to think
> more about how to handle multiple users logged on to
> the system at the
> same time, what happens when I switch users from
> someone on the black
> list to someone who isn’t (or vice versa).
>
> -p
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf
> Of Yigal Maman
> Sent: Sunday, March 26, 2006 10:15 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Need help with usbstor.sys filter
> driver
>
> Hello,
> Im a student and I thought of making a usb<br>&gt; disk-on-key manager as my<br>&gt; final graduate project.<br>&gt; The main concept is to "catch" the mass storage<br>&gt; devices inserted to the<br>&gt; machine and by comparing with "black list" of<br>&gt; usernames decide if to<br>&gt; enable the device or not.<br>&gt; I thought of making a filter driver to "usbstor.sys"<br>&gt; as its the usb mass storage driver of Windows.<br>&gt; <br>&gt; I must say Im a newbie in this drivers world.
> Its really not clear to me yet, how do I "tell"<br>&gt; Windows that my driver is a filter driver for<br>&gt; usbstor.sys?<br>&gt; My lucky guess is the INF file, but I cant realize
> what the sections
> and kays-values in such file should be, what is the
> class name & guid
> for mass storage devices and how I specify its a
> filter driver.
>
> Also,
> will it work if I simply implement my custom
> AddDevice driver entry and
> there check the users list?
>
> Please,
> if anyone can answer my question(s) and help in any
> way it would be
> great… thanks
>
> Yigi
>
>
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR
> Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR
> Online at
> http://www.osronline.com/page.cfm?name=ListServer
>


Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

4

I’m not sure how a service solves the problem of making the device visible in some sessions but not in others.

on your second question: there is no “disk-on-key” device class, but there is a “disk” device class. That’s where you’d want to install your filter. You then need to determine whether the device is a USB disk or a fixed disk … you can use IOCTL_STORAGE_QUERY_PROPERTY to determine the bus type for a given disk device.

I don’t beleive there’s a way to install your driver on a remote machine. SetupDI has some remote machine access, but i don’t believe that device installation is part of that. However i could be wrong - you should look at the SetupDi functions to find out for yourself.

-p

From: xxxxx@lists.osr.com on behalf of Yigal Maman
Sent: Tue 3/28/2006 11:52 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Need help with usbstor.sys filter driver

Thank you Peter for answering me.
For the problem you mention I thought of making a
user-mode service which will recieve messages from my
driver (device insert\remove) and by the local policy
will send messages back to the driver and tell him
what to do.
Do you think this approach will work?

Also,
I saw two examples in the ddk, but I still not quite
sure how to make a filter driver for usb disk-on-keys,
which will automaticly be loaded each time such a
device is inserted. Does disk-on-key has a class guid?
Maybe you can point me to the right direction.

And last, (for now)
is there a way to install a driver on a remote
machine?

Thanks any one for your help.

Yigal

— Peter Wieland
wrote:

> Look under src\storage\filters in the DDK to see one
> way to install a
> filter driver.
>
> You’ll have a bigger problem than how to load a
> filter driver. Drivers
> load in system context, not in the context of any
> particular login
> session. There isn’t a good way to determine the
> “current user” and
> with things like fast user switching the notion of
> “current user” is
> going away.
>
> This isn’t to say such a thing is unmanagable, but
> you’ll need to think
> more about how to handle multiple users logged on to
> the system at the
> same time, what happens when I switch users from
> someone on the black
> list to someone who isn’t (or vice versa).
>
> -p
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf
> Of Yigal Maman
> Sent: Sunday, March 26, 2006 10:15 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Need help with usbstor.sys filter
> driver
>
> Hello,
> Im a student and I thought of making a usb<br>&gt; disk-on-key manager as my<br>&gt; final graduate project.<br>&gt; The main concept is to "catch" the mass storage<br>&gt; devices inserted to the<br>&gt; machine and by comparing with "black list" of<br>&gt; usernames decide if to<br>&gt; enable the device or not.<br>&gt; I thought of making a filter driver to "usbstor.sys"<br>&gt; as its the usb mass storage driver of Windows.<br>&gt;<br>&gt; I must say Im a newbie in this drivers world.
> Its really not clear to me yet, how do I "tell"<br>&gt; Windows that my driver is a filter driver for<br>&gt; usbstor.sys?<br>&gt; My lucky guess is the INF file, but I cant realize
> what the sections
> and kays-values in such file should be, what is the
> class name & guid
> for mass storage devices and how I specify its a
> filter driver.
>
> Also,
> will it work if I simply implement my custom
> AddDevice driver entry and
> there check the users list?
>
> Please,
> if anyone can answer my question(s) and help in any
> way it would be
> great… thanks
>
> Yigi
>
>
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com http:</http:>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR
> Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR
> Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com http:</http:>


Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer