Hello!!
We are writing an encryption minifilter and I would like to know how I could redirect an operation from one file object to another. I could simply change the Data->Iopb->TargetFileObject but I see some issues, for example, for a PAGING_IO write operation the Resource/PagingIoResource for the destination file object would not be acquired by FS (resulting in partial writes or no write at all).
How can that be done?
Thank you very much!
On 3/9/2012 6:02 AM, xxxxx@gmail.com wrote:
Hello!!
We are writing an encryption minifilter and I would like to know how I could redirect an operation from one file object to another. I could simply change the Data->Iopb->TargetFileObject but I see some issues, for example, for a PAGING_IO write operation the Resource/PagingIoResource for the destination file object would not be acquired by FS (resulting in partial writes or no write at all).
Right, you need to handle all of the locking requests as well. The main
issue here are the callbacks registered when initialing the cache map,
you are not able to intercept these requests,
The easiest approach is to redirect during the irp_mj_create processing
then all subsequent requests will be handled correctly.
Pete
How can that be done?
Thank you very much!
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295
Thanks Pete!
Unfortunately I can?t do this, I have to redirect the operation in IRP_MJ_WRITE.
Thank you!
The approach of changing Data->Iopb->TargetFileObject to redirecty any given operation works, at least at the tactical level. However, as you have noticed, it may not be sufficient. You need to understand the whole set of connected operations and redirect (or duplicate) them.
Frankly I would try to see if there is any other simpler way (even possibly less efficient) to achieve the same goal before going down this route…
Thanks,
Alex.
Thanks a lot Alex!
I see this could get really difficult, the only approach I could come up with is to avoid performing redirection for a PAGING_IO operation, that is, I redirect operations to a second file when they are cached, so they will be written down to disk by Cc, and complete them when they are PAGING_IO to the first file so they are not performed.
I am not sure at all of this because I see many issues (ie. non cached memory mapped files) and it violates the “rule” for encryption drivers that only processes PAGING_IO operations.
Do you think this should work? Does anybody know of a different approach?
Thank you very much!
I agree with Pete that the best approach is to figure out if a handle should see encrypted or unencrypted data during IRP_MJ_CREATE.
Thanks,
Alex.
Thanks!, In that case, the only approach to achive multiple views is using SFO, isn?t it? Is there any other easier?
Thank you!
I don’t think so. Though I should point out that easier (and generally more efficient) would be to license one of the existing solutions…
Thanks,
Alex.