> But you can write to, say, \.\d: - to a partition, provided you called CreateFile properly and have > enough user rights. This is how FORMAT, CHKDSK /F, and image backup restore works.
I expect that my disk filter driver, which is being driven by a SYSTEM owned thread (service), should be able to write to the disk. This appears to not be the case. Your workaround seems to tell me that there is a difference in security policy between disk physical access and partition access. There appears to be a security policy being enforced for reading and writing partitions that require you to have “enough user rights”. But, I’m arguing that there is no way to get “enough user rights” to allow a disk filter drivers write to the disk. The current policy in PartMgr.sys seems to be:
Does the sector fall in a mounted partition?
If it does, prevent writes with STATUS_ACCESS_DENIED.
Else, allow the write.
What it should be doing is:
Does the sector fall in a mounted partition and does the owning process not have enough user rights for that device?
If it does not have permission, then prevent writes with STATUS_ACCESS_DENIED.
Else allow the write.