Basically if you need to tag along a header or trailer
to your encrypted file that’s specific to your filter,
but that you don’t want applications to see.
You do have me curious… when does the need arise
to spoof file sizes
and offsets? I’m sure I’m nowhere close to such a
thing, but it does make
me curious when such a thing would occur. Thanks to
everyone again for
their input…Bill
=====
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com
Ahhh… understood. You had me worried there 
We need no header
information luckily as it’s part of a suite of software that enforces
policy on certain directories. Basically if a directory is protected by a
certain user, we can assume that it needs to be encrypted/decrypted
automatically. All we really need to do (as if it’s not enough) is just
make sure data is decrypted on the way up and encrypted on the way down.
Young Jedi will continue in hopes of success eventually. Thanks again for
the correspondence.
Bill
Basically if you need to tag along a header or trailer
to your encrypted file that’s specific to your filter,
but that you don’t want applications to see.> You do have me curious… when does the need arise
> to spoof file sizes
> and offsets? I’m sure I’m nowhere close to such a
> thing, but it does make
> me curious when such a thing would occur. Thanks to
> everyone again for
> their input…
>
> Bill=====
- Nicholas Ryan
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com
Just curious, but whose filter driver is signed or tested personally by
Microsoft anyway? I’m not aware of anyone that does have their seal of
approval, but I could be wrong. And yes, you do have it straight. Our
legal beagles do care about protecting themselves from a license agreement
from Microsoft that basically claims that information provided within the
IFS kit is not necessarily their own creation. Furthermore, the agreement
states that if they have infringed upon patents within the kit, they are
not liable, and those who use the kit possibly could be liable. I’m
certainly not a lawyer, but I do trust those who are in our legal
department. After not so recent developments in the industry, I think I’d
shy away from getting in trouble with Microsoft anyway
I completely understand that it sounds ludicrous to have such a paranoid
legal team (it can be frustrating to work in such a place) though, so
you’re not alone in that feeling. Wish us luck in getting through this
without the IFS kit, right?
Do I have this straight? Your legal bagels won’t let you sign a license
with MS that every other SW company with a legitimate filter product has
signed, but they will let you pollute your IP with a header file of
unknown parentage that might, in fact, be stolen and render your
employer liable? And when your customers ask hard questions about the
reliability of your driver, and you have to tell them that it is not
built with the approved MS stamp-of-approval SDK, nor tested with the
stress tests therein?
Bill,
1 - Is there any other way for me to know the amount of data that I should
encrypt and decrypt? I haven’t found a reliable way other than this of
obtaining the file size, and it seems like if I encrypt the entire buffer
that’s sent in, there are some ill side effects
Well, there could be possible pitfalls, however, assuming you DO get n
IRP_MJ_CREATE for a file, you should query the size at that time, and modify
it on any successful IRP that modifies file size, such as WRITE past the end
of file (exclude paging IO), IRP for setting FileStandardInformation
(FileSize) etc.
2 - Won’t I still have to generate my own IRP to get the encrypted data
down to the file system? Or is there another way I should be handling
this?
You don’t need to generate a new IRP, as you can reuse the old one,
there is no problem with that. You just need to remember to set the fields
back to the original values before returning.
–
Kind regards, Dejan M. www.alfasp.com
E-mail: xxxxx@alfasp.com ICQ#: 56570367
Alfa File Monitor - File monitoring library for Win32 developers.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa Registry Monitor - Registry monitoring library for Win32 developers.
Alfa Registry Protector - Registry protection library for Win32 developers.
Well, Microsoft doesn’t sign filters (at least it didn’t the last time I
looked). But that’s not the point anyway - the point is that the IFS kit
is pretty much the only way to get much of the information you need when
you’re building a filter (and, AFAIK, the only legal way). I suppose
it’s possible to reverse engineer, or to gather bits and pieces through
the books out there - but your legal team has pretty much doubled or
tripled the effort you’ll need to put into building the filter.
Maybe it’s time to tell the lawyers to stuff it (i.e., they need to let
you do what you need to do) and just do what’ll give your project the
best chance of succeeding in a difficult space… After all, you’re
professionals too, and your opinion (when it comes to saving money)
should count for as much as theirs. It’s time to make that argument to
the management that’s actually listening to the legal advice (which is,
after all, only advice, and can be ignored).
Ob Lawyer Joke: How are a lawyer and a sperm alike?
Answer: they each have about a one in two million chance of becoming
life.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Champion
Sent: Friday, May 03, 2002 8:28 PM
To: File Systems Developers
Subject: [ntfsd] Re: Why would a file stream suddenly stop?
Just curious, but whose filter driver is signed or tested personally by
Microsoft anyway? I’m not aware of anyone that does have their seal of
approval, but I could be wrong. And yes, you do have it straight. Our
legal beagles do care about protecting themselves from a license
agreement from Microsoft that basically claims that information provided
within the IFS kit is not necessarily their own creation. Furthermore,
the agreement states that if they have infringed upon patents within the
kit, they are not liable, and those who use the kit possibly could be
liable. I’m certainly not a lawyer, but I do trust those who are in our
legal department. After not so recent developments in the industry, I
think I’d shy away from getting in trouble with Microsoft anyway
I completely understand that it sounds ludicrous to have such a paranoid
legal team (it can be frustrating to work in such a place) though, so
you’re not alone in that feeling. Wish us luck in getting through this
without the IFS kit, right?
Do I have this straight? Your legal bagels won’t let you sign a
license with MS that every other SW company with a legitimate filter
product has signed, but they will let you pollute your IP with a
header file of unknown parentage that might, in fact, be stolen and
render your employer liable? And when your customers ask hard
questions about the reliability of your driver, and you have to tell
them that it is not built with the approved MS stamp-of-approval SDK,
nor tested with the stress tests therein?
You are currently subscribed to ntfsd as: xxxxx@exmsft.com
To unsubscribe send a blank email to %%email.unsub%%