Dev Center - Hardware >
I/O-Manager file object / handle generation

Answered I/O-Manager file object / handle generation

  • Sunday, May 06, 2012 10:36 AM
     
     
    Sign In to Vote
    0

    Hey a few question relating to the FileObject generation / accessing.

    1. Has the I/O-Manager already created a specific FileObject / Handle in the IRP_MJ_CREATE Callback of a mini filter?

      1.1. Is it the one provided by RelatedObjects->FileObject?

    2. When a file is being opened for reading only but the application tries to write, an error occurs. Are the rights for which the file has been openend stored in the FileObject?

    3. Are there supported routines which can modify the rights with which a file has been opened?

    4. is this all possible in the precreatecallback of a mini filter?


    • Edited by csource Sunday, May 06, 2012 10:57 AM
    •  
     

All Replies

  • Sunday, May 06, 2012 1:54 PM
     
     Answered
    Sign In to Vote
    0

    The file object exists when the create callbacks occur, it is in RelatedObjects->FileObject.  Take a look at the definition of the FILE_OBJECT http://msdn.microsoft.com/en-us/library/windows/hardware/ff545834(v=vs.85).aspx you can see that there are BOOLEAN variable for the basic rights, there are no support routines to modify these.  The DesiredAccess is available in the precreateroutine, and this can be modified to adjust the permissions granted by the open.

    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr

     
  • Sunday, May 06, 2012 4:43 PM
     
     
    Sign In to Vote
    0

    Thanks for the answer.

    I cannot find executable access in the FileObject structure. Where is this defined?

    Since the FileObject already exists in the precreatecallback how / by whom does changes on the DesiredAccess variable effect the object? I tried to delete the execute flag in DesiredAccess, with no effect. (The application was anyway executed).

     
  • Sunday, May 06, 2012 4:49 PM
     
     
    Sign In to Vote
    0

    The file object exists but is not fulling initialized at this point.  Only once the create completes can you trust most of the file object.

    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr

     
  • Sunday, May 06, 2012 4:52 PM
     
     
    Sign In to Vote
    0
    Okay but since changes on DesiredAccess ( i also commited these changes with FltSetCallbackDataDirty()) have no effect. How could i "steal" the execute right for this object?
     
  • Monday, May 07, 2012 3:08 PM
     
     
    Sign In to Vote
    0
    If this question cannot be answered. What flag does windows check if it wants to know whether a file has been openend with execute access?