EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Preventing writing to files

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#31086
Posted: 10/21/2014 17:46:47
by Gregoir Lebrun (Basic support level)
Joined: 10/09/2014
Posts: 7

Hi,

I try to block write operations to files using a callback function for OnWriteFileC events:

Code
int _tmain(int argc, _TCHAR* argv[])
{
     ...
     g_CbFlt.SetOnWriteFileC(CbFltWriteFileC);
     ...
     g_CbFlt.AddFilterCallbackRule(L"*.txt",(CallbackFilter::CbFltCallbackFlags) 0x00020000L); // fltWriteCallback
    ...
}

void CbFltWriteFileC(...)
{
    printf("\nAttempting to write to file %ws", FileName);
    throw ECBFltError(ERROR_ACCESS_DENIED);
    *ProcessRequest = FALSE;
}


Whenever I attempt to write to a file using Notepad, the callback function is called, but the write operation is not blocked.

Can I block writing to files based on the event OnWriteFileC?

Many thanks.
#31087
Posted: 10/22/2014 01:07:38
by Eugene Mayevski (EldoS Corp.)

Blocking of writing operations should be performed by preventing file open with write access or by modifying access flags when the file is opened.

Here's why:

when the request to write the data is sent by the application, the data first is written to the cache. Later the cache manager flushes the data to the file. And it's the second operation that you intercept. At this moment of time the application has already written the data, it's cache manager that failed. So the application has no way to know that the writing operation has failed.

On the other hand when you alter the flags for the file being opened, the OS will know that the file should not be written to at all.


Sincerely yours
Eugene Mayevski
#31100
Posted: 10/23/2014 16:46:43
by Gregoir Lebrun (Basic support level)
Joined: 10/09/2014
Posts: 7

Hi Eugene,

Thanks for your feedback.

I have now implemented the following in the callback function for OpenFileC:

Code
if (*DesiredAccess & FILE_WRITE_DATA)
    throw ECBFltError(ERROR_ACCESS_DENIED);;


This effectively blocks attempts to write data.

Thanks again,

Gregoir
#31107
Posted: 10/26/2014 17:25:40
by Gregoir Lebrun (Basic support level)
Joined: 10/09/2014
Posts: 7

Hi Eugene,

I managed to block write operations using a callback function for OnWriteFileC as well. In order to make this work I had to set ProcessCachedReadWriteCallbacks to true.

Earlier in this thread you said that it is better to use callback functions for OnOpenFileC events, but it seems using OnWriteFileC works as well.

Are there disadvantages in using OnWriteFileC (with process cached callbacks enabled) compared to OnOpenFileC for blocking writing operations?

Thanks,

Gregoir
#31109
Posted: 10/27/2014 00:32:04
by Eugene Mayevski (EldoS Corp.)

Blocking writing in OnWriteFileC can confuse users and the application itself (which application, if coded not very well, can go mad and stop operating until restarted). Other than this I don't see big problems with this approach.


Sincerely yours
Eugene Mayevski
#31111
Posted: 10/27/2014 01:29:58
by Vladimir Cherniga (EldoS Corp.)

Quote
Gregoir Lebrun wrote:
Earlier in this thread you said that it is better to use callback functions for OnOpenFileC events

You must handle OnCreateFileC callback as well.
#31112
Posted: 10/27/2014 01:35:56
by Eugene Mayevski (EldoS Corp.)

Quote
Vladimir Cherniga wrote:
You must handle OnCreateFileC callback as well.


Vladimir means that if you choose OnOpenFileC way, then you need to also handle OnCreateFileC in the same way. The reason is that both callbacks can be called for an existing file depending on how exactly (with which flags) the client has requested file open operation.


Sincerely yours
Eugene Mayevski
#31113
Posted: 10/27/2014 01:50:53
by Vladimir Cherniga (EldoS Corp.)

I would suggest also to handle a possible file overwriting:
Code
    if ((*CreateDisposition & FILE_OVERWRITE_IF) == FILE_OVERWRITE_IF)
        *ProcessRequest = FALSE;
    else
        *ProcessRequest = TRUE;
#31132
Posted: 10/27/2014 17:53:46
by Gregoir Lebrun (Basic support level)
Joined: 10/09/2014
Posts: 7

Thanks for the additional feedback.
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 2834 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!