Search code examples
cwindowsfilterdriverminifilter

Block file creation

I have to write a functionality which prevents the user from creating files on the desktop (except shortcuts files (*.lnk) and directories) for windows XP. After some research i came to the conclusion that this can be done using a file system filter driver or minidriver. Changing the NTFS permissions don't work as the roaming profile cannot be loaded/saved.

I had a look at the DDK samples. e.g. cancelSafe. They are canceling the I/O but this is not what i want. I've seen anti-virus programs which blocked the access to an infected file and the OS returned error code 5: Access Denied.

I want exactly the same behavior. So how can i achieve this in a filter driver?

Solution
    1. You need to write minifilter driver and attach to appropriate volume where desktop folder is present.
    2. In minifilter, filter IRP_MJ_CREATE
    3. In the PreOperation callback for the IRP, check for file path, if its under desktop folder path fail the IRP and do not pass it further down the stack.
    4. IRP can be failed by completing it in preoperation callback and setting appropriate status, in IoStatus.Status. More info at Completing an I/O Operation in a Preoperation Callback Routine