- You need to write minifilter driver and attach to appropriate volume where desktop folder is present.
- In minifilter, filter IRP_MJ_CREATE
- In the PreOperation callback for the IRP, check for file path, if its under desktop folder path fail the IRP and do not pass it further down the stack.
- IRP can be failed by completing it in preoperation callback and setting appropriate status, in
IoStatus.Status
. More info at Completing an I/O Operation in a Preoperation Callback Routine
Block file creation
-
31-05-2022 - |
Pergunta
I have to write a functionality which prevents the user from creating files on the desktop (except shortcuts files (*.lnk) and directories) for windows XP. After some research i came to the conclusion that this can be done using a file system filter driver or minidriver. Changing the NTFS permissions don't work as the roaming profile cannot be loaded/saved.
I had a look at the DDK samples. e.g. cancelSafe. They are canceling the I/O but this is not what i want. I've seen anti-virus programs which blocked the access to an infected file and the OS returned error code 5: Access Denied.
I want exactly the same behavior. So how can i achieve this in a filter driver?
Solução
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow