need help!

mynam · December 4, 2003, 5:12am

I’m making a hooking-driver and want to filter access from remote.
For example, When someone try to access shared-folder of nt-server, the
i/o request must be denied.

I need to hook IoCreateFile, is it right?
Then, How should i hook IoCreateFile.
I don’t know how to hook IoCreateFile at all.

Some code would be a great help.

Best Regards.
mynam.

OSR_Community_User · December 4, 2003, 6:01am

Hi,

Hooking system calls is not a recommended technique for filtering
requests and may lead to unforeseen errors. Try writing a FileSystem
Filter driver instead.
Rajeev Nagar’s book on the subject is an excellent reference. Also
Walter Oney’s book on WDM drivers contains a good description of IRP
cancellation.

Bye,
samarth

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of mynam
Sent: Thursday, December 04, 2003 3:42 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] need help!

I’m making a hooking-driver and want to filter access from remote.
For example, When someone try to access shared-folder of nt-server, the
i/o request must be denied.

I need to hook IoCreateFile, is it right?
Then, How should i hook IoCreateFile.
I don’t know how to hook IoCreateFile at all.

Some code would be a great help.

Best Regards.
mynam.

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@mynetsec.com
To unsubscribe send a blank email to xxxxx@lists.osr.com