0

In order to restrict access to some specific files i've create a hook on NtCreateFile. I ve read many documentation and I know it's undocumented, it's a bit tricky etc etc =) But in my case i just want to forbid access on several files.

I've succeeded to hook it, and to block access. But i receive all file path in the following form : \??\C:\blabla or \??\UNC

Firstly i removed that \??\prefix and then if I encounter a unknown drive letter (I have a db in which are stored all drives, their type and their letter) I deduce that it is a network access but I think that's a poor solution to deduce a network path by default.

So my question is in 2 parts :

-Is there a function that i missed to acheive this

-Is there a real logical way to deduce a network path from a ntFilePath.

Thanks in advance.

I've done it with a win32 C++ Dll.

Delatour
  • 45
  • 5
  • possible duplicate of [How can I convert a native (NT) pathname into a Win32 path name?](http://stackoverflow.com/questions/4445108/how-can-i-convert-a-native-nt-pathname-into-a-win32-path-name) – David Heffernan Feb 02 '12 at 16:01
  • If you want to restrict access to the files, why not just use a DACL? – Jerry Coffin Feb 02 '12 at 16:05
  • Hi, so i don't DACL :/, and when i'll acheive this fir;st objective i would like to try to redirect the access on those file – Delatour Feb 03 '12 at 09:49
  • Thanks Mr Heffernan for your remark, i go to check if it is the same and if yes i'll delete it. Sorry if it is the case. – Delatour Feb 03 '12 at 09:52
  • You are aware, that windows support symlinks and hardlinks and you need to resolve the first and than a file may still have multiple identities due to the later, right? Windows Vista and later support symlinks and hardlinks called that way, but NT and XP already supported "junctions" and "reparse points" on NTFS which is different implementation of the same, so you have to watch for them. – Jan Hudec Feb 03 '12 at 10:22

0 Answers0