I have a question about IoCreateFile function.
I’ve hooked IoCreateFile to filter access to shared-folder from
remote-machine.
In the hooked-IoCreateFile routine, I returned STATUS_ACCESS_DENIED when a
certain file(ex, test.txt) is being accessed.
By the way, sometimes access is allowed.
If i try to open test.txt file continually(from remote), test.txt is being
opened occasionally.
It seems that IoCreateFile is bypassed.
What’s the cause of this problem?
Thanks in advance!
IIRC, You might have to trap ZwOpenFile, as well as ZwCreateFile.
-pro
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of csjung
Sent: Thursday, March 18, 2004 12:32 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Need help!
I have a question about IoCreateFile function.
I’ve hooked IoCreateFile to filter access to shared-folder from
remote-machine.
In the hooked-IoCreateFile routine, I returned STATUS_ACCESS_DENIED when a
certain file(ex, test.txt) is being accessed.
By the way, sometimes access is allowed.
If i try to open test.txt file continually(from remote), test.txt is being
opened occasionally.
It seems that IoCreateFile is bypassed.
What’s the cause of this problem?
Thanks in advance!
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
csjung wrote:
I have a question about IoCreateFile function.
I’ve hooked IoCreateFile to filter access to shared-folder from
remote-machine.
Oh, my. We’re here again.
“Hooking” IoCreateFile, or its friends and relatives, is NOT the proper
way to intercept file open requests.
If you want to intercept file create operations, you write a file system
filter driver. There is no other acceptable alternative.
If you try to hack it, guess what? It won’t work.
Take any questions about file system filters to the NTFSD list.
Peter
OSR
OT: I’ve been trying for weeks to join the NTFSD list, but when I try to
join I keep getting:
This Lyris ListManager Server is currently unavailable.
Is there some trick I’ve missed?
Thanks,
Ken
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of PeterGV
Sent: Thursday, March 18, 2004 12:20 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Need help!
csjung wrote:
I have a question about IoCreateFile function.
I’ve hooked IoCreateFile to filter access to shared-folder from
remote-machine.
Oh, my. We’re here again.
“Hooking” IoCreateFile, or its friends and relatives, is NOT the proper
way to intercept file open requests.
If you want to intercept file create operations, you write a file system
filter driver. There is no other acceptable alternative.
If you try to hack it, guess what? It won’t work.
Take any questions about file system filters to the NTFSD list.
Peter
OSR
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
Hi,
Try to hook NtCreateFile if u are working on the 2K and Higher version.
Good Luck,
From: “csjung”
>Reply-To: “Windows System Software Devs Interest List”
>To: “Windows System Software Devs Interest List”
>Subject: [ntdev] Need help!
>Date: Thu, 18 Mar 2004 17:32:25 +0900
>
>I have a question about IoCreateFile function.
>
>I’ve hooked IoCreateFile to filter access to shared-folder from
>remote-machine.
>
>In the hooked-IoCreateFile routine, I returned STATUS_ACCESS_DENIED when a
>certain file(ex, test.txt) is being accessed.
>
>By the way, sometimes access is allowed.
>
>If i try to open test.txt file continually(from remote), test.txt is being
>opened occasionally.
>
>It seems that IoCreateFile is bypassed.
>
>What’s the cause of this problem?
>
>Thanks in advance!
>
>
>
>—
>Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
>You are currently subscribed to ntdev as: xxxxx@hotmail.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com
Catch the formula fever! Get all the latest news. Right here on msn.
Go back and read Peter Viscarola’s response! Hooking any thing is a bad
idea if there is another way, and here a filesystem filter driver is
definitely the correct way!
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
“yatindra vaishnav” wrote in message
news:xxxxx@ntdev…
Hi,
Try to hook NtCreateFile if u are working on the 2K and Higher version.
Good Luck,
>From: “csjung”
>Reply-To: “Windows System Software Devs Interest List”
>To: “Windows System Software Devs Interest List”
>Subject: [ntdev] Need help!
>Date: Thu, 18 Mar 2004 17:32:25 +0900
>
>I have a question about IoCreateFile function.
>
>I’ve hooked IoCreateFile to filter access to shared-folder from
>remote-machine.
>
>In the hooked-IoCreateFile routine, I returned STATUS_ACCESS_DENIED when a
>certain file(ex, test.txt) is being accessed.
>
>By the way, sometimes access is allowed.
>
>If i try to open test.txt file continually(from remote), test.txt is being
>opened occasionally.
>
>It seems that IoCreateFile is bypassed.
>
>What’s the cause of this problem?
>
>Thanks in advance!
>
>
>
>—
>Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
>You are currently subscribed to ntdev as: xxxxx@hotmail.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com
Catch the formula fever! Get all the latest news. Right here on msn.
Hi,
The web interface to the lists is down, so you’ll need to subscribe via
email. Just send an email to xxxxx@lists.osr.com with this in the body:
subscribe ntfsd pw=password
set ntfsd membertype
Where membertype is one of the following:
mail (receive posts via email as they come in
nomail (receive no mail)
digest (receive all posts from the day as one big email)
index (receive the subject lines from the posts of the day in one big
email)
If you have any problems feel free to email me directly
(xxxxx@osr.com).
OSR List Slave
“Ken Cross” wrote in message news:xxxxx@ntdev…
> OT: I’ve been trying for weeks to join the NTFSD list, but when I try to
> join I keep getting:
>
> This Lyris ListManager Server is currently unavailable.
>
> Is there some trick I’ve missed?
>
> Thanks,
> Ken
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of PeterGV
> Sent: Thursday, March 18, 2004 12:20 PM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] Need help!
>
> csjung wrote:
>
> > I have a question about IoCreateFile function.
> >
> > I’ve hooked IoCreateFile to filter access to shared-folder from
> > remote-machine.
> >
>
> Oh, my. We’re here again.
>
> “Hooking” IoCreateFile, or its friends and relatives, is NOT the proper
> way to intercept file open requests.
>
> If you want to intercept file create operations, you write a file system
> filter driver. There is no other acceptable alternative.
>
> If you try to hack it, guess what? It won’t work.
>
> Take any questions about file system filters to the NTFSD list.
>
> Peter
> OSR
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@comcast.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
Yeah, you need to hook some variation on IoCreateFile, and then you don’t
need no stinkin’ ntfsd email list server 
=====================
Mark Roddy
-----Original Message-----
From: Ken Cross [mailto:xxxxx@comcast.net]
Sent: Thursday, March 18, 2004 1:35 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Need help!OT: I’ve been trying for weeks to join the NTFSD list, but
when I try to join I keep getting:This Lyris ListManager Server is currently unavailable.
Is there some trick I’ve missed?
Thanks,
Ken-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of PeterGV
Sent: Thursday, March 18, 2004 12:20 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Need help!csjung wrote:
> I have a question about IoCreateFile function.
>
> I’ve hooked IoCreateFile to filter access to shared-folder from
> remote-machine.
>Oh, my. We’re here again.
“Hooking” IoCreateFile, or its friends and relatives, is NOT
the proper way to intercept file open requests.If you want to intercept file create operations, you write a
file system filter driver. There is no other acceptable alternative.If you try to hack it, guess what? It won’t work.
Take any questions about file system filters to the NTFSD list.
Peter
OSR
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as:
xxxxx@stratus.com To unsubscribe send a blank email to
xxxxx@lists.osr.com
Hi Don,
Not always, i believe. To understand the way things move u can hook, which is not harmful i think. Hey! Don some times we need to some bad thing to bring good thing in place, so if the asking guy is doin it for that then no doubt one shud go for that and if that is for development of some tools which will go public then no doubt i’ll oppose to hook, the reason being this will break the integrety of the operating system because i’ve also faced a problem relating to hook systems services. And i believe u are also agree on it with me.
Good Luck,
From: “Don Burn”
>Reply-To: “Windows System Software Devs Interest List”
>To: “Windows System Software Devs Interest List”
>Subject: Re:[ntdev] Need help!
>Date: Thu, 18 Mar 2004 13:45:08 -0500
>
>Go back and read Peter Viscarola’s response! Hooking any thing is a bad
>idea if there is another way, and here a filesystem filter driver is
>definitely the correct way!
>
>
>–
>Don Burn (MVP, Windows DDK)
>Windows 2k/XP/2k3 Filesystem and Driver Consulting
>
>
>“yatindra vaishnav” wrote in message
>news:xxxxx@ntdev…
>Hi,
>Try to hook NtCreateFile if u are working on the 2K and Higher version.
>
>Good Luck,
>
>
>
> >From: “csjung”
> >Reply-To: “Windows System Software Devs Interest List”
> >To: “Windows System Software Devs Interest List”
> >Subject: [ntdev] Need help!
> >Date: Thu, 18 Mar 2004 17:32:25 +0900
> >
> >I have a question about IoCreateFile function.
> >
> >I’ve hooked IoCreateFile to filter access to shared-folder from
> >remote-machine.
> >
> >In the hooked-IoCreateFile routine, I returned STATUS_ACCESS_DENIED when a
> >certain file(ex, test.txt) is being accessed.
> >
> >By the way, sometimes access is allowed.
> >
> >If i try to open test.txt file continually(from remote), test.txt is being
> >opened occasionally.
> >
> >It seems that IoCreateFile is bypassed.
> >
> >What’s the cause of this problem?
> >
> >Thanks in advance!
> >
> >
> >
> >—
> >Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
> >
> >You are currently subscribed to ntdev as: xxxxx@hotmail.com
> >To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>Catch the formula fever! Get all the latest news. Right here on msn.
>
>
>
>—
>Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
>You are currently subscribed to ntdev as: xxxxx@hotmail.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com
Get head-hunted by 10,000 recruiters. Post your CV on naukri.com today.
Eh, not in this case. The OP described a standard file system filtering
function: allow/deny file opens based on some criteria. The solution to that
problem is a file system filter driver. It is not hooking some api. There
might be other valid reasons for hooking whatever, but not in this case.
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of yatindra vaishnav
Sent: Thursday, March 18, 2004 5:05 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Need help!
Hi Don,
Not always, i believe. To understand the way things move u can hook, which
is not harmful i think. Hey! Don some times we need to some bad thing to
bring good thing in place, so if the asking guy is doin it for that then no
doubt one shud go for that and if that is for development of some tools
which will go public then no doubt i’ll oppose to hook, the reason being
this will break the integrety of the operating system because i’ve also
faced a problem relating to hook systems services. And i believe u are also
agree on it with me.
Good Luck,
>From: “Don Burn”
>Reply-To: “Windows System Software Devs Interest List”
>To: “Windows System Software Devs Interest List”
>Subject: Re:[ntdev] Need help!
>Date: Thu, 18 Mar 2004 13:45:08 -0500
>
>Go back and read Peter Viscarola’s response! Hooking any thing is a bad
>idea if there is another way, and here a filesystem filter driver is
>definitely the correct way!
>
>
>–
>Don Burn (MVP, Windows DDK)
>Windows 2k/XP/2k3 Filesystem and Driver Consulting
>
>
>“yatindra vaishnav” wrote in message
>news:xxxxx@ntdev…
>Hi,
>Try to hook NtCreateFile if u are working on the 2K and Higher version.
>
>Good Luck,
>
>
>
> >From: “csjung”
> >Reply-To: “Windows System Software Devs Interest List”
> >To: “Windows System Software Devs Interest List”
> >Subject: [ntdev] Need help!
> >Date: Thu, 18 Mar 2004 17:32:25 +0900
> >
> >I have a question about IoCreateFile function.
> >
> >I’ve hooked IoCreateFile to filter access to shared-folder from
> >remote-machine.
> >
> >In the hooked-IoCreateFile routine, I returned STATUS_ACCESS_DENIED when
a
> >certain file(ex, test.txt) is being accessed.
> >
> >By the way, sometimes access is allowed.
> >
> >If i try to open test.txt file continually(from remote), test.txt is
being
> >opened occasionally.
> >
> >It seems that IoCreateFile is bypassed.
> >
> >What’s the cause of this problem?
> >
> >Thanks in advance!
> >
> >
> >
> >—
> >Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
> >
> >You are currently subscribed to ntdev as: xxxxx@hotmail.com
> >To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>Catch the formula fever! Get all the latest news. Right here on msn.
>
>
>
>—
>Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
>You are currently subscribed to ntdev as: xxxxx@hotmail.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com
_____
Get head-hunted by 10,000 recruiters. Post your CV on naukri.com
http: today. —
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@hollistech.com
To unsubscribe send a blank email to xxxxx@lists.osr.com</http:>