I need to: 1. Monitor operations on certain drives/paths 2. Prevent read and/or write operations on certain drives/paths For example: C://Users D: Can this be done using Windows Filesystem Minifilter Drivers ? I am mostly interested in step 2. In other words can a minifilter cancel a IRP ? ...
I am writing a windows filesystem minifilter driver that must fail I/O Request Packets (IRP's) in a preoperation callback based on their type (read/write). How can I find out from the callback parameters (or elsewhere?) if the operation is read-like ( only reads data ) or it's write-like ( modifies data on the disk - write, delete, forma...
I want to extract a USB storage device serial number from inside a minifilter filesystem driver, inside the InstanceSetup callback using the technique described here the only difference is that I do it in kernel-mode. I use: status = IoGetDeviceInterfaces( &GUID_DEVINTERFACE_DISK, NULL, 0, &SymbolicLinkList ); to...
Hello! I am trying to adapt swapBuffers sample on WDK so that the swapped buffer is the same one than original buffer but in upper case. Modifying this lines on SwapPostReadBuffers() it doesn't work... I get execution errors. Can anyone help me to do it? THANKS // We suppose that input data are always characters in lower case. UCHAR *...