Preventing folder rename

NTFSD
1

I need to prevent rename operations for some folders.
I’m using a minifilter and the IRP_MJ_SET_INFORMATION Pre-Operation callback and return FLT_PREOP_COMPLETE if the path matches the “protected” folder.

It works only partially because if I leave the IoStatus to STATUS_SUCCESS, Explorer then tries to open the rename destination path, which doesn’t exists and fails reporting a “File not found” error. If I alter the IoStatus to STATUS_ACCESS_DENIED, Explorer then reports and “Access Denied” error.

I would like to just silently block the operation and send a message to a user application to report a custom error.

Any suggestion would be greatly appreciated.

2

How very Heisenberg. The rename has either succeeded or failed. If it
fails Explorer will complain but if it succeeds then explorer will assume
that the rename happened, but you kinda want the file to be renamed, and yet
not.

I have never written one, but maybe you need a shell extension to tell
explorer that the rename didn’t happen, and then return a distinguished
error (or failure) from your filter.

But I suspect your users will get as confused as I am…

Rod

3

Explorer has a habit of getting in the way when you try to alter the
behaviour below it by returning an error.

I remember hitting a similar problem a year or two ago with the
PsSetCreateProcessNotifyRoutineEx function. The callback has a
PS_CREATE_NOTIFY_INFO struct which lets you set a CreationStatus variable to
prevent a process from being created. The only problem with this is that
explorer will display whatever error you choose in the message box you
mention, which is really annoying and not very transparent.

I had to write a lot of code to try and tear down the process silently once
it had been successfully created (to appease explorer) but before any code
could run in that process.

I realise this doesn’t really help you, but thought I’d share the story.

You’re going to have to come up with a various elaborate ways to work around
this, try them all and see which works best.

Ged.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Rod Widdowson
Sent: 18 March 2014 18:58
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Preventing folder rename

How very Heisenberg. The rename has either succeeded or failed. If it
fails Explorer will complain but if it succeeds then explorer will assume
that the rename happened, but you kinda want the file to be renamed, and yet
not.

I have never written one, but maybe you need a shell extension to tell
explorer that the rename didn’t happen, and then return a distinguished
error (or failure) from your filter.

But I suspect your users will get as confused as I am…

Rod

NTFSD is sponsored by OSR

OSR is hiring!! Info at http://www.osr.com/careers

For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

4

Wait a second. Are you trying to complete the rename in pre-op with STATUS_SUCCESS w/o actually doing the rename? If so, that is your problem. Explorer then thinks the rename is done and then tries to query info for the new name (the target name).

I do not really understand what you are trying to do. Preventing rename operations for some folders should be straightforward. However, I did not understand what you meant by:

What do you mean by “silently” blocking the operation? And what is the bit about a “user application to report a custom error”? A few examples would help. What happens if the rename operation is not being done via Explorer or even non-interactively?

  • Danilo
5

I don’t know if I can really blame Explorer in these cases. I mean,
frankly, as an app developer if you try to start a process because the user
told you to and it fails with an error are you supposed to just swallow the
error ? Same goes for a folder that you rename and the operation returns
success, why shouldn’t the app try to access it using the new name ?

I don’t see what’s wrong with an “Access Denied” message when trying to do
an operation that is no allowed on a protected resource. This is the
behavior I would expect from any shell.

Thanks,
Alex.

On Tue, Mar 18, 2014 at 2:52 PM, Ged Murphy
wrote:

> Explorer has a habit of getting in the way when you try to alter the
> behaviour below it by returning an error.
>
> I remember hitting a similar problem a year or two ago with the
> PsSetCreateProcessNotifyRoutineEx function. The callback has a
> PS_CREATE_NOTIFY_INFO struct which lets you set a CreationStatus variable
> to
> prevent a process from being created. The only problem with this is that
> explorer will display whatever error you choose in the message box you
> mention, which is really annoying and not very transparent.
>
> I had to write a lot of code to try and tear down the process silently once
> it had been successfully created (to appease explorer) but before any code
> could run in that process.
>
> I realise this doesn’t really help you, but thought I’d share the story.
>
> You’re going to have to come up with a various elaborate ways to work
> around
> this, try them all and see which works best.
>
> Ged.
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Rod Widdowson
> Sent: 18 March 2014 18:58
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] Preventing folder rename
>
> How very Heisenberg. The rename has either succeeded or failed. If it
> fails Explorer will complain but if it succeeds then explorer will assume
> that the rename happened, but you kinda want the file to be renamed, and
> yet
> not.
>
> I have never written one, but maybe you need a shell extension to tell
> explorer that the rename didn’t happen, and then return a distinguished
> error (or failure) from your filter.
>
> But I suspect your users will get as confused as I am…
>
> Rod
>
>
>
> —
> NTFSD is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTFSD is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

6

@Danilo,

I’m trying to block the rename in the pre-op by completing it. I’ve tried to return STATUS_SUCCESS (which causes explorer to complain about non existing path) and STATUS_ACCESS_DENIED which gives a more elaborated Explorer error after retrying to rename it many times.

I have a desktop application that syncs down multiple folders, so I don’t want the user to delete or rename them. When blocking the rename I don’t want explorer to show an error, but have the minifilter notify the desktop application which then will warn the user about the fact that he cannot delete or rename the root folders from the desktop and redirect him to a web page.

7

For what OS? I think on XP you are out of luck.
But for Vista+, I think you can create a copy hook for Explorer.

For a generic application - don’t bother. You have to be application
agnostic, there is no generic solution.

Kind regards, Dejan.

On Wed, Mar 19, 2014 at 1:44 AM, wrote:

> @Danilo,
>
> I’m trying to block the rename in the pre-op by completing it. I’ve tried
> to return STATUS_SUCCESS (which causes explorer to complain about non
> existing path) and STATUS_ACCESS_DENIED which gives a more elaborated
> Explorer error after retrying to rename it many times.
>
> I have a desktop application that syncs down multiple folders, so I don’t
> want the user to delete or rename them. When blocking the rename I don’t
> want explorer to show an error, but have the minifilter notify the desktop
> application which then will warn the user about the fact that he cannot
> delete or rename the root folders from the desktop and redirect him to a
> web page.
>
> —
> NTFSD is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

8

I agree that’s it’s certainly not explorer’s fault, but when you’re trying
to do something transparently it can be rather frustrating.

In my particular case, the ‘access denied’ was to be handled by some
usermode code I had written, which presented a list of options to the user.
Having explorer also pop up a message box made the whole experience a little
jarring. I suspect the OP has the same issue.

Ged.

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alex Carp
Sent: 19 March 2014 00:03
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Preventing folder rename

I don’t know if I can really blame Explorer in these cases. I mean, frankly,
as an app developer if you try to start a process because the user told you
to and it fails with an error are you supposed to just swallow the error ?
Same goes for a folder that you rename and the operation returns success,
why shouldn’t the app try to access it using the new name ?

I don’t see what’s wrong with an “Access Denied” message when trying to do
an operation that is no allowed on a protected resource. This is the
behavior I would expect from any shell.

Thanks,

Alex.

On Tue, Mar 18, 2014 at 2:52 PM, Ged Murphy mailto:xxxxx > wrote:

Explorer has a habit of getting in the way when you try to alter the
behaviour below it by returning an error.

I remember hitting a similar problem a year or two ago with the
PsSetCreateProcessNotifyRoutineEx function. The callback has a
PS_CREATE_NOTIFY_INFO struct which lets you set a CreationStatus variable to
prevent a process from being created. The only problem with this is that
explorer will display whatever error you choose in the message box you
mention, which is really annoying and not very transparent.

I had to write a lot of code to try and tear down the process silently once
it had been successfully created (to appease explorer) but before any code
could run in that process.

I realise this doesn’t really help you, but thought I’d share the story.

You’re going to have to come up with a various elaborate ways to work around
this, try them all and see which works best.

Ged.

-----Original Message-----
From: xxxxx@lists.osr.com
mailto:xxxxx
[mailto:xxxxx@lists.osr.com
mailto:xxxxx] On Behalf Of Rod Widdowson
Sent: 18 March 2014 18:58
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Preventing folder rename

How very Heisenberg. The rename has either succeeded or failed. If it
fails Explorer will complain but if it succeeds then explorer will assume
that the rename happened, but you kinda want the file to be renamed, and yet
not.

I have never written one, but maybe you need a shell extension to tell
explorer that the rename didn’t happen, and then return a distinguished
error (or failure) from your filter.

But I suspect your users will get as confused as I am…

Rod


NTFSD is sponsored by OSR

OSR is hiring!! Info at http://www.osr.com/careers

For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


NTFSD is sponsored by OSR

OSR is hiring!! Info at http://www.osr.com/careers

For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

— NTFSD is sponsored by OSR OSR is hiring!! Info at
http://www.osr.com/careers For our schedule of debugging and file system
seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List
Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>

9

> I’m using a minifilter and the IRP_MJ_SET_INFORMATION Pre-Operation callback and return

FLT_PREOP_COMPLETE if the path matches the “protected” folder.

Fail the operation instead of no-oping it.


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

10

>rename them. When blocking the rename I don’t want explorer to show an error

I don’t think you can do this.


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

11

You really do need to return an error (as others have already said). One possibility to address your scenario would be to return an error and put up a notification in the tray. Then an interactive user can have some clue as to what is going on regardless of the application that is issuing the operation. If go this route, make sure to deliver the notification to the correct session.

  • Danilo