EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ReadFile callback not firing

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#9439
Posted: 03/29/2009 19:07:06
by Wang Sheng (Basic support level)
Joined: 02/16/2009
Posts: 44

use your sample:encrypt ,to monitor *.txt
I open a txt file:a1.txt, using notepad.exe,

First,everying is ok,Openfile,closefile,readfile callback is firing.
Next,I close the notepad.exe ,and reopen the same file,
only:openfile,closefile callback is firing,readFile callback is not.
why?

The same with FileMon sample.
cbflt version: 1.1.16
#9444
Posted: 03/30/2009 04:18:02
by Vladimir Cherniga (EldoS Corp.)

The content of the file was copied to the system cache memory during first open request from the notepad. This method accelerate access to the recently used files, so there is no needs to read file from the secondary storage every time it is opened by some application. Callback Filter by his nature don't interrupt such requests to the system cache memory, only "real" read/write requests directed to/from the secondary storage device.
#9494
Posted: 04/01/2009 01:19:09
by Wang Sheng (Basic support level)
Joined: 02/16/2009
Posts: 44

Hi,But Callback Filter is developed for Content Security.If
content of the file exist in the cache,quite big security bug exists.

Ofcourse,Callback Filter by his nature don't interrupt such requests to the system cache memory, only "real" read/write requests directed to/from the secondary storage device.

But I suggest Callback Filter should provide a api to clear the cache,
to ensure total control of the file content.
#10537
Posted: 07/07/2009 05:26:00
by Filippo Solimando (Standard support level)
Joined: 06/23/2009
Posts: 10

Hi, I'm reply on this post because we have the same problem: we need to discard the file and all his reference from System cache memory to allow us to intercept every data read.

The best solution would be to sel ect if we want to discard or not data from cache memory in the OpenFileC callback like.

Best regard
#10546
Posted: 07/08/2009 07:49:47
by Vladimir Cherniga (EldoS Corp.)

You could utilize FILE_FLAG_WRITE_THROUGH flag during precreate callback path. This way file data will be flushed directly to disk even if caching is enabled. There is no way to terminate file caching if any file handles or memory mappings exist in the system for the seleted file. But in the IRP_MJ_CLEANUP path filter attempt to purge any stale data from the cache for the filtered files. In order to intercept every data read/write you could prohibit access to the selected files during system boot by setting the default access rules. They will be active until you attach filter and reset default rules to the needed one.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 3509 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!