>have “enough user rights”. But, I’m arguing that there is no way to get
"enough
user rights" to allow a disk filter drivers write to the disk. The current
policy in
PartMgr.sys seems to be:
Does the sector fall in a mounted partition?
If it does, prevent writes with STATUS_ACCESS_DENIED.
Else, allow the write.
This logic is only active if you issue writes from a file object which
references \.\PhysicalDrive%d device - the storage disk LUN devnode.
If you issue writes from the volume device object created by FtDisk - i.e.
\.\d: aka \?\Volume{guid} aka \Device\HarddiskVolume%d - then this logic is
NOT active, this is how restore paths of image backup tools work, as also
FORMAT and CHDKSK /R.
To do such from user mode, you need some rights and privileges, which are
checked at CreateFile (not at write) time.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com