Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

On-Access, Transparent, Per-File Data Encryption:

OSR's File Encryption Solution Framework (FESF) provides all the infrastructure you need to build a transparent file encryption product REALLY FAST.

Super flexible policy determination and customization, all done in user-mode. Extensive starter/sample code provided.

Proven, robust, flexible. In use in multiple commercial products.

Currently available on Windows. FESF for Linux will ship in 2018.

For more info: https://www.osr.com/fesf

Go Back   OSR Online Lists > ntfsd
Welcome, Guest
You must login to post to this list
  Message 1 of 5  
02 Oct 17 18:45
David F.
xxxxxx@terabyteunlimited.com
Join Date: 12 Jan 2012
Posts To This List: 2
First File System Filter Driver - Legacy or Filter Manager

Hi, So I'm going to write a small simple free utility using a file system filter driver, first file system driver (done device filters and legacy driver in past), looked years ago at legacy sample and seemed straight forward for basic stuff. Looking things up now they say something about a "Filter Manager", is that the way to go now? Are there samples using that as well? TIA!!
  Message 2 of 5  
02 Oct 17 18:59
Don Burn
xxxxxx@windrvr.com
Join Date: 23 Feb 2011
Posts To This List: 168
First File System Filter Driver - Legacy or Filter Manager

All of the samples are now minifilters using the Filter Manager, it is definitely the way to go. Don Burn Windows Driver Consulting Website: http://www.windrvr.com -----Original Message----- From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@terabyteunlimited.com Sent: Monday, October 02, 2017 6:46 PM To: Windows File Systems Devs Interest List <xxxxx@lists.osr.com> Subject: [ntfsd] First File System Filter Driver - Legacy or Filter Manager Hi, So I'm going to write a small simple free utility using a file system filter driver, first file system driver (done device filters and legacy driver in past), looked years ago at legacy sample and seemed straight forward for basic stuff. Looking things up now they say something about a "Filter Manager", is that the way to go now? Are there samples using that as well? TIA!! --- NTFSD is sponsored by OSR MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>
  Message 3 of 5  
02 Oct 17 19:01
Scott Noone
xxxxxx@osr.com
Join Date: 10 Jul 2002
Posts To This List: 920
List Moderator
First File System Filter Driver - Legacy or Filter Manager

Legacy filters are dead, you want to write a Filter Manager Minifilter. Samples are here: https://github.com/Microsoft/Windows-driver-samples/tree/master/filesys/miniFilte r If you give a high level description of what you?re trying to do we might be able to guide you further. -scott OSR @OSRDrivers
  Message 4 of 5  
04 Oct 17 02:22
David F.
xxxxxx@terabyteunlimited.com
Join Date: 12 Jan 2012
Posts To This List: 2
First File System Filter Driver - Legacy or Filter Manager

basically make existing files in a directory read-only (abort any attempted open that isn't read only, including delete requests), but allow new files to be created. Then a way to allow deletes when wanted.
  Message 5 of 5  
06 Oct 17 04:26
rod widdowson
xxxxxx@steadingsoftware.com
Join Date: 11 Sep 2006
Posts To This List: 826
First File System Filter Driver - Legacy or Filter Manager

> basically make existing files in a directory read-only (abort any > attempted open that > isn't read only, including delete requests), but allow new files to be > created. Then > a way to allow deletes when wanted. I'd absolutely suggest that you do this with a minifilter, but this is almost a perfect example of something which appears really easy (look at the desired access and respond) and turns out to have a whole bunch of issues... https://xkcd.com/1425/ What you want to do is (of course) possible but you need to think about the following: - What are you going to do about dispositions like FILE_OPEN_IF ? (create a file if it doesn't exist). It may seem that there is a trick you can play by looking at the Information field in post create and if the file hasn't been created cancel the create. But lower filters will have seen the open and may have already written to the file. Also, read on. - What are you going to do about the destructive dispositions? Are they write access (as I recall they do not require write access). - FILE_OVERWRITE_IF combines both these problems. A successful open of an existing file will have erased it so doing a FltCancelOpen is too late. - Delete on close is another case to worry about. - And then there all the ways of deleting a file which do not involved opening it for write (destructive link creation and rename spring to mind but there may be others) - Finally you might be surprised by the bone headed way many applications work. Several will create a file, close it and then reopen it for write. By your rules the second open will be denied, but I'll bet you that the application will complain. Often enough you'll discover that it won't even check that the second open worked... So, this is all possible to do, but it will involved a great deal of work and I'll bet you end up hitting performance (so add some "allowable performance" metrics to your requirements.
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntfsd list to be able to post.

All times are GMT -5. The time now is 02:17.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license