Re: Support three application types for my encryptionminifilter.


I’m thinking to implement such mechanism with minifilter (encrypted file , only single process can see the decrypted contents the file) ,
But you says that if the file is accessed using memory-mapped file , there’s no way to implement such mechanism (except writing FSD and not filter/minifilter) ,
My question is - can Minifilter change the SectionObjectPointer (create it’s own for the permitted application) ? How about creating an “associated mapping” (another file-object) to achieve this task … ?


On Tue 27 Feb 17:20 2007 Dejan Maksimovic wrote:

Mm, right :wink: That should’ve read no way in a filter.

Ladislav Zezula wrote:

> > To answer OP’s question: There is no way (at least not any the public here is
> > aware of and can share) to provide encrypted contents to an application using memory
> > mapped I/O if you provide cleartext to any other application that uses memory mapped
> > I/O.
> … unless you create a layered file system, which manages two system caches for each
> encrypted file. One containing encrypted text and one containing plaintext. On
> IRP_MJ_CREATE request, you just choose the proper SectionObjectPointer
> and put it to the file object.

Kind regards, Dejan
File system audit, security and encryption kits.

Questions? First check the IFS FAQ at

You are currently subscribed to ntfsd as:
To unsubscribe send a blank email to