Hi,
I’m thinking to implement such mechanism with minifilter (encrypted file , only single process can see the decrypted contents the file) ,
But you says that if the file is accessed using memory-mapped file , there’s no way to implement such mechanism (except writing FSD and not filter/minifilter) ,
My question is - can Minifilter change the SectionObjectPointer (create it’s own for the permitted application) ? How about creating an “associated mapping” (another file-object) to achieve this task … ?
tnx
On Tue 27 Feb 17:20 2007 Dejan Maksimovic wrote:
Mm, right
That should’ve read no way in a filter.
Ladislav Zezula wrote:
> > To answer OP’s question: There is no way (at least not any the public here is
> > aware of and can share) to provide encrypted contents to an application using memory
> > mapped I/O if you provide cleartext to any other application that uses memory mapped
> > I/O.
>
> … unless you create a layered file system, which manages two system caches for each
> encrypted file. One containing encrypted text and one containing plaintext. On
> IRP_MJ_CREATE request, you just choose the proper SectionObjectPointer
> and put it to the file object.–
Kind regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: ferents@cs.bgu.ac.il
To unsubscribe send a blank email to xxxxx@lists.osr.com