T
Terry Denham
Guest
Before the holidays I was researching writing a filter driver that could intercept calls for file system objects. From what i remember there was a way to "register" a file with your driver and the driver would be able to provide additional access control.
For the life of me, I can't find what I found, and I took terrible notes.
I recollect that using certain WDK calls I could associate a file with my driver. This wouldn't be a extension association, but would use metadata to track these files with the driver. If the driver was stopped then the OS would ensure that access to these files was denied.
Does this make sense to anyone and can anyone suggest that special keyword that opens up the documentation.
I've looked at security filters and metadata filters but while those may be needed, they are not what I remember looking into.
Any help would be appreciated,
Terry
Continue reading...
For the life of me, I can't find what I found, and I took terrible notes.
I recollect that using certain WDK calls I could associate a file with my driver. This wouldn't be a extension association, but would use metadata to track these files with the driver. If the driver was stopped then the OS would ensure that access to these files was denied.
Does this make sense to anyone and can anyone suggest that special keyword that opens up the documentation.
I've looked at security filters and metadata filters but while those may be needed, they are not what I remember looking into.
Any help would be appreciated,
Terry
Continue reading...