通过minifelters进入特定路径的障碍
我正在尝试编写一个微型滤波器,以阻止对特定路径中任何文件的访问。我已经能够为C:。这就是我所做的。首先,我声明:
const wchar* internal_drives [] = {l“ c:”};
然后,在instant_setup我启动c:通过做:我可以:
int internal_drives_length = sizeof internal_drives / sizeof * internal_drives;
for (size_t i = 0; i < internal_drives_length; i++)
{
if (wcscmp(ctx->Name.Buffer, internal_drives[i]) == 0)
{
status = STATUS_SUCCESS;
}
}
我可以 :块访问C:然后通过添加功能:mini_pre_create,mini_post_create:
status = STATUS_ACCESS_DENIED;
data->IoStatus.Status = status;
data->IoStatus.Information = 0;
有效,我可以阻止C中的任何文件的访问
这 能够指定我要阻止访问的哪个文件夹。我尝试在变量internal_drives中指定路径,但是它不起作用,我什么也没有阻止:
const wchar* internal_drives [] = {l“ d:\\ path”};
我错过了什么吗?有没有更正确的方法与miniferter进行?我是一个小型效率的完整初学者。
I am trying to write a minifilter that block access to any file within a specific path. I have been able to do it for any path in C:. This is what I´ve done. First, I declare:
const WCHAR* internal_drives[] = { L"C:" };
Then, in instant_setup I start the minifilter for C: by doing:
int internal_drives_length = sizeof internal_drives / sizeof * internal_drives;
for (size_t i = 0; i < internal_drives_length; i++)
{
if (wcscmp(ctx->Name.Buffer, internal_drives[i]) == 0)
{
status = STATUS_SUCCESS;
}
}
I can block access to C: then by adding in functions: mini_pre_create, mini_post_create:
status = STATUS_ACCESS_DENIED;
data->IoStatus.Status = status;
data->IoStatus.Information = 0;
That works, I am able to block the access to any file in C:
But I´d like to be able to specify to which folder I want to block the access. I´ve trying specifying the path in the variable internal_drives but It does not work, I am blocking nothing :
const WCHAR* internal_drives[] = { L"D:\\path" };
Am I missing something? is there a more correct way to do this with minifilters? I am a complete beginner with minifilters.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您将设置为驱动程序,然后在特定的IRP_MJ_CREATE中过滤。为此,您必须使用fltgetFilenamamInformation和fltparsefilenamameminformation。
请注意,文件系统不适用于DOS名称驱动器字母,因此您必须将\ device \ harddiskvolumex \ folder \ file.txt转换为c:\ folder \ file.txt。您可以在设置上进行映射。
You setup to the drivers, then you filter in the specific IRP_MJ_CREATE. To do that, you have to use FltGetFileNameInformation plus FltParseFileNameInformation.
Do note that the filesystem does not work with DOS name drive letters, so you will have to transform \Device\Harddiskvolumex\folder\file.txt to c:\folder\file.txt. You can do that mapping on setup.