RE: [ntdev] RE:*** Vista RTM *** Writing to raw disk sectors (Unsigned Mail) (UnsignedMail)

Well spoken, Dan.
Thank you in the name of those doing weird things (like sector based
encryption etc.)


“Dan Kyler”
To: “Windows System Software Devs Interest List”
Sent by: cc:
bounce-276975-16691@li Subject: RE: [ntdev] RE: Vista RTM Writing to raw disk sectors (Unsigned Mail) (Unsigned Mail)

01/30/2007 06:07 PM
Please respond to
“Windows System
Software Devs Interest

While I have no issue with denying these writes from luser mode (binary
editor on a mounted volume == file system corruption), there are very
legitimate reasons for (e.g) a volume filter driver to need to do sector
based writes. While you indicate that there is no bypass, that is clearly
not true…otherwise Ntfs would be read-only.

Can you explain where and how the check is made, so that developers of
legitimate kernel mode software can generate their Irps in a way that will
allow them to get their job done?

If the check is in the file systems, then the answer for the OP is to not
open the volume through the FS–instead use the device object pointer he
already has in his filter.

If the check is somewhere in the storage stack, then there is some way to
format a request so that it looks like it came from the file system and
be allowed.

- Dan.