Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- FLT_PREOP_CALLBACK_STATUS FLTAPI
- FsmPreCreate (
- __inout PFLT_CALLBACK_DATA Data,
- __in PCFLT_RELATED_OBJECTS FltObjects,
- __deref_out_opt PVOID *CompletionContext
- )
- {
- NTSTATUS Status = STATUS_UNSUCCESSFUL;
- PUNICODE_STRING FilePath = NULL;
- PUNICODE_STRING Path = NULL;
- UNREFERENCED_PARAMETER(CompletionContext);
- if (FsmpIsMyProcess(IoThreadToProcess(Data->Thread))) {
- return FLT_PREOP_SUCCESS_NO_CALLBACK;
- }
- Status = FsmpGetCurrentFilePath(Data, FltObjects, &FilePath);
- if (!NT_SUCCESS(Status)) {
- return FLT_PREOP_SUCCESS_NO_CALLBACK;
- }
- if (MatchStringArray(FilePath, FsmPathsToProtect)) {
- if (FlagOn(Data->Iopb->Parameters.Create.SecurityContext->DesiredAccess,
- DELETE | FILE_WRITE_DATA | FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES |
- FILE_APPEND_DATA | WRITE_DAC | WRITE_OWNER) ||
- Data->Iopb->Parameters.Create.Options >> 24 != FILE_OPEN) {
- Data->IoStatus.Status = STATUS_ACCESS_DENIED;
- Data->IoStatus.Information = 0;
- return FLT_PREOP_COMPLETE;
- }
- }
- return FLT_PREOP_SUCCESS_WITH_CALLBACK;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement