send information to user mode application

Dear all,
I mad a filter file system driver to decrypt some protected files in the
read operation and encrypt the write operation to these files,
but I need to make some technique to inform a use mode application (that a
protected file is being accessed by an application) with the file name and
path and some other information and block the file access until the user
mode application respond by a password or the decryption key (for the
protected file being accessed…) to the driver to allow the file access or
reject it

I do not know how to make that, and how to block the calling thread until my
special user mode application respond to the driver request by the
decryption key.

thank you all in advance

For the data transfer use the inverted call model of having the application
call the filter with an IOCTL that pends until there is action to take, the
filter then fills in the data and returns to the application. DO NOT BLOCK
THE CALLING THREAD, this is the wrong approach, pend the request instead.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

“Khaled Abdulaziz” wrote in message news:xxxxx@ntfsd…
> Dear all,
> I mad a filter file system driver to decrypt some protected files in the
> read operation and encrypt the write operation to these files,
> but I need to make some technique to inform a use mode application (that a
> protected file is being accessed by an application) with the file name and
> path and some other information and block the file access until the user
> mode application respond by a password or the decryption key (for the
> protected file being accessed…) to the driver to allow the file access
or
> reject it
>
> I do not know how to make that, and how to block the calling thread until
my
> special user mode application respond to the driver request by the
> decryption key.
>
> thank you all in advance
>
>
>

Dear Don Burn thank you for your reply

the steps that i have is as follows:-

1. the driver have a list of files to be protected (pre encrypted files).
2. any application tries to access the protected, and the driver monitored
   this access try.
3. the driver needs the decryption key or the password from the user (the
   driver needs to tell a user mode application to ask the user for the
   password), so the driver needs to stop the file access untill the user mode
   application respond.
4. the user mode application will ask the user for the password.
5. the user mode application will respond to the driver request with the
   requested password.
6. the driver will use this password to decrypt the file content and grant
   the file access.

it may need some times for the user mode application to display a dialog to
ask for the access password, and that may take time before it reply back to
the driver ?

i am little cofused, and the idea not clear in my mind. plz could you give
me an example

thank you all in advance for your great help.

Khaled,

I will leave it up to Don to reply if he feels so inclined, but you might want to read the IFS FAQ; particularly look at: http://www.osronline.com/article.cfm?article=17#Q37

That will give you a good understanding on how to communicate between usermode and kernelmode.

In the inverted call model that Don mentions, you have the usermode app send down a custom IRP which your kernel code marks pending(STATUS_PENDING) and holds in some sort of que. When you need to pop up to usermode you complete the IRP in the kernel code and let the usermode app get it. Rinse. Repeat.

Khaled Abdulaziz wrote:

Dear Don Burn thank you for your reply

the steps that i have is as follows:-

1. the driver have a list of files to be protected (pre encrypted files).
2. any application tries to access the protected, and the driver monitored
   this access try.
3. the driver needs the decryption key or the password from the user (the
   driver needs to tell a user mode application to ask the user for the
   password), so the driver needs to stop the file access untill the user mode
   application respond.
4. the user mode application will ask the user for the password.
5. the user mode application will respond to the driver request with the
   requested password.
6. the driver will use this password to decrypt the file content and grant
   the file access.

it may need some times for the user mode application to display a dialog to
ask for the access password, and that may take time before it reply back to
the driver ?

i am little cofused, and the idea not clear in my mind. plz could you give
me an example

thank you all in advance for your great help.

---

Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@vulscan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

–
Regards,
Dana Epp
[Blog: http://silverstr.ufies.org/blog/]

thank you all, specially Dana Epp
the link that you give to me make the idea almost clear . but I have one
more question.

1. Do I need to mark the request of the application that needs to access the
   protected file as STATUS_PENDING and
2. Give it a “Request ID” and keep it in driver defined queue, and get the
   decryption key (or password) from my special user mode application.
3. find the stored “Request ID” in the driver queue and release the pending
   request ?

thank you all again