I need to:
1. Monitor operations on certain drives/paths
2. Prevent read and/or write operations on certain drives/paths
For example:
C://Users
D:
Can this be done using Windows Filesystem Minifilter Drivers ?
I am mostly interested in step 2. In other words can a minifilter cancel a IRP ?
Yes this is all possible with a filesystem mini filter driver.
For #1 you don't need a mini filter driver you could use a Win32 API like ReadDirectoryChangesW.
For #2 you can not only do that but you can also modify what gets read/written, even of different size.
You can get started here.