|
-
Jun 20th, 2011, 03:55 PM
#1
File System Mini Filter Driver
Bonjour,
Bit of a long shot but does anyone know if it is possible (I said possible, not easy ) to create a file system mini filter driver in .NET? I'm assuming not but I don't really know of any technical reason why... just that every single example on the interwebs is C++.
I realise it would take me a very long time just to convert all of the functions and structures required to .NET before I even got started on the actual functionality of the filter driver itself but theoretically is it possible?
Cheers
Chris
-
Jun 20th, 2011, 04:28 PM
#2
Re: File System Mini Filter Driver
I looked into this a long time ago. I realized that I would basically be creating a VB.NET wrapper around a C++ library. I would say that it is theoretically possible to do in VB.NET. You are right too, most of your time would just be writing a functional library that wraps the C++ base. I would think that you could basically make a class that has a shared event that gets triggered when a file is opening/read/closed etc... Might be an interesting project, for sure. How versed are you in C++? I think the start would be to dissect that CodeProject implementation that you probably saw and read some of the documentation from the link you provided. If there is a specific thing you want to do? Then instead of making this "grand project" just start with getting something simple working and then progress.
I actually was looking into this to create a "safe/vault" for folders and files that you could password protect. It would be interesting to hear what your plans are. In terms of the actual functionality of the driver, I'm not sure but I think that almost all of it would need to be written in C++.
-
Jun 20th, 2011, 04:43 PM
#3
Re: File System Mini Filter Driver
Yeah I was afraid that might be the case I don't know C++ or C at all - looked at learning several times but it just frustrates me and I end up going back to the speed and ease of use of .NET. I guess for doing something specific like this it might be worth learning though... although learning C++ by writing a driver is probably asking for a lot of problems.
I found an article on StackOverflow that explained how the .NET Framework CLR cannot run in kernel mode so it looks like writing a standard file system mini filter driver is out of the window. So now I'm looking at whether or not it is possible to 1. write a mini filter driver in the UMDF (User Mode Driver Framework) and 2. use .NET code in a UMDF driver. So far I think the answer to both is no lol
As for what I actually wanted this mini filter driver to do - I wanted to audit file operations, e.g create, delete, modify, move, etc so that I can audit who changes which files on a file server. Windows includes security auditing options that will log this stuff but each file operation triggers so many events that are all very verbose and unclear, that it is pretty much useless.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|