I am developing an application, which has to prevent users from burning CD-DVDs on the system. I have been able to achieve this by putting Lowere filter
driver in CD-DVD stack and by denying write requests coming with IOCTL_SCSI_PASS_THROUGH_DIRECT ,IOCTL_SCSI_PASS_THROUGH and IRP_MJ_SCSI in the filter driver. But some CD burners are able to bypass this and the filter is unable to stop the CD burning.
By doing some search I came to know that thesese burners directly send SRB to port drivers bypassing whole CD-DVD stack. So I think I have to develop scsi miniport driver to take care of these scenarios.
Can some one please tell me whether idea of developing scsi miniport for this is correct or wrong. Also if it is correct, it would be great help if some body can point out some example source code. I tried to find it out in win ddk samples but
found storport miniport sample not scsi miniport sample.
> By doing some search I came to know that thesese burners directly send SRB
to port drivers bypassing whole CD-DVD stack. So I >think I have to
develop scsi miniport driver to take care of these scenarios.
No, writing a SCSI miniport driver is not the correct approach. The miniport
driver talks directly to the hardware and there’s no miniport filtering
support in any of the port wrappers, so you’re not going to get very far in
that approach.
Filtering the CD burning process is unfortunately a huge pain since most of
these drivers are not good driver citizens. Some products (e.g. Alcohol
120%) actively work to prohibit filter drivers from interfering with the
burning process. The best approach is to narrow the products that you’re
willing to support, spend time analyzing how they work, and designing a
solution from there.
wrote in message news:xxxxx@ntdev… > Hi, > > I am developing an application, which has to prevent users from burning > CD-DVDs on the system. I have been able to achieve this by putting Lowere > filter > driver in CD-DVD stack and by denying write requests coming with > IOCTL_SCSI_PASS_THROUGH_DIRECT ,IOCTL_SCSI_PASS_THROUGH and IRP_MJ_SCSI in > the filter driver. But some CD burners are able to bypass this and the > filter is unable to stop the CD burning. > > By doing some search I came to know that thesese burners directly send SRB > to port drivers bypassing whole CD-DVD stack. So I think I have to develop > scsi miniport driver to take care of these scenarios. > > Can some one please tell me whether idea of developing scsi miniport for > this is correct or wrong. Also if it is correct, it would be great help if > some body can point out some example source code. I tried to find it out > in win ddk samples but > found storport miniport sample not scsi miniport sample. >
I am developing an application, which has to prevent users from burning CD-DVDs on the system. I have been able to achieve this by putting Lowere filter driver in CD-DVD stack and by denying write requests coming with IOCTL_SCSI_PASS_THROUGH_DIRECT ,IOCTL_SCSI_PASS_THROUGH and IRP_MJ_SCSI in the filter driver. But some CD burners are able to bypass this and the filter is unable to stop the CD burning.
The better, cheaper, and more reliable solution is to remove the
writable CD drives from your computers and install CD/DVD readers.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Can’t you use an UpperFilter on the CD-ROM class?
I do not know what IRPs you would have to filter, but if the burners you
want to filter are creating “DVD/CD class” objects, it could work.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class{4D36E965-E325-11CE-BFC1-08002BE10318}
UpperFilters=(REG_MULTI_SZ) “MyFilter.sys”
Of course, if there are no instance of the burners in DVD/CD-ROM class,
it won’t work…
I am developing an application, which has to prevent users from burning CD-DVDs on the system. I have been able to achieve this by putting Lowere filter
driver in CD-DVD stack and by denying write requests coming with IOCTL_SCSI_PASS_THROUGH_DIRECT ,IOCTL_SCSI_PASS_THROUGH and IRP_MJ_SCSI in the filter driver. But some CD burners are able to bypass this and the filter is unable to stop the CD burning.
By doing some search I came to know that thesese burners directly send SRB to port drivers bypassing whole CD-DVD stack. So I think I have to develop scsi miniport driver to take care of these scenarios.
Can some one please tell me whether idea of developing scsi miniport for this is correct or wrong. Also if it is correct, it would be great help if some body can point out some example source code. I tried to find it out in win ddk samples but
found storport miniport sample not scsi miniport sample.
>the filter driver. But some CD burners are able to bypass this
You will need to play “core wars” with these software titles, up to disabling their services in the SC database
The easiest solution at the workplace is to revoke admin rights from the users and thus ban installation of such titles (OS-embedded CD burning, at least in Vista/2008, cannot work for non-admins).
I am developing an application, which has to prevent users from
burning CD-DVDs on the system. […]
On 10/27/2009 6:12 PM, Tim Roberts wrote:
The better, cheaper, and more reliable solution is to remove the
writable CD drives from your computers and install CD/DVD readers.
Exactly!
It makes me sad to see inquiries like these. Often “inhibiting” drivers
come in the name of security.
But how many people actually analyze how many problems these “drivers”
may/do cause, and how secure the overall “solution” really is? See:
MGR: “We need to secure our PCs so that nothing can get in or out that
we don’t control. We will hot-glue the connectors to all external
devices like monitor, keyboard and mouse, cover the rest and mount a
shield to prevent floppy and CD access. We also need drivers to prevent
addition of unauthorized USB devices and CD burning.”
DEV: “By the way, what if someone zips and encrypts a file and sends it
our via e-mail? Or if someone opens the machine and just steals the HDD,
or manipulates in with another PC? Also: do you pay your admins well?
They have access to all the backups and can install new stuff, too. How
about the cleaning staff? They have physical access to most rooms.”
> MGR: “We need to secure our PCs so that nothing can get in or out that > we don’t control. We will hot-glue the connectors to all external > devices like monitor, keyboard and mouse, cover the rest and mount a > shield to prevent floppy and CD access. We also need drivers to prevent > addition of unauthorized USB devices and CD burning.” > > DEV: “By the way, what if someone zips and encrypts a file and sends it > our via e-mail? Or if someone opens the machine and just steals the HDD, > or manipulates in with another PC? Also: do you pay your admins well? > They have access to all the backups and can install new stuff, too. How > about the cleaning staff? They have physical access to most rooms.” > > MGR: “…” >
Devs used to object to their managers before the crisis. Now they know better.
Make me the chairman of “Sloan school of management”. I promise I will
change the spelling to MANGER.
BTW, languages change over time. "Its cool " had a different meaning 30
yrs ago. Now a different story.
Please vote for me to take the above position, just for a day!
-pro
Pavel A. wrote:
“Hagen Patzke” wrote in message > news:xxxxx@ntdev… > > [snip] > >> MGR: “We need to secure our PCs so that nothing can get in or out that >> we don’t control. We will hot-glue the connectors to all external >> devices like monitor, keyboard and mouse, cover the rest and mount a >> shield to prevent floppy and CD access. We also need drivers to prevent >> addition of unauthorized USB devices and CD burning.” >> >> DEV: “By the way, what if someone zips and encrypts a file and sends it >> our via e-mail? Or if someone opens the machine and just steals the HDD, >> or manipulates in with another PC? Also: do you pay your admins well? >> They have access to all the backups and can install new stuff, too. How >> about the cleaning staff? They have physical access to most rooms.” >> >> MGR: “…” >> > > > Devs used to object to their managers before the crisis. Now they > know better. > > --pa > > > > — > NTDEV is sponsored by OSR > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at > http://www.osronline.com/page.cfm?name=ListServer >
