Re: how to track irp??

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: "heinz" <heinz_baer@xxxxxxxxxxx>
Date: 15 Feb 2006 20:50:36 -0800

Come back to my problem, I want to make my USB storage READONLY.

What you are doing can work, but there is more to do. There are other
write commands like SCSIOP_WRITE10 and possibly FORMAT type opcodes
that you need to handle. When you see any of the write SRB's, report a
check condition with write protect sense data and do not pass it down
to the next layer. You also need to do the same thing when your filter
gets scsi pass through ioctl's, not just SRB's. And don't forget to
modify any fields in things like mode sense data where the write
protect status of the device is queried. It would be impolite to let
the device report the medium is read/write, but then fail the write
commands with write protect status.

One thing you can do to assure you are covering the basics is write to
a disk and get a trace of it (not necessarily your device; any device
will do). Then get another trace when the media is physically write
protected and try to write to it. Compare every response to see what
changed. Now you know what commands you will get and exactly how to
respond to each of them.

There is one other caveat here. The solution you are developing will
work for windows filesystem access to the device. But a rogue device
driver could bypass the file system and device stack, and therefore
bypass your write protection filter. This can also be handled, but
requires undocumented work. It is good to be aware of this limitation.

.

Follow-Ups:
- Re: how to track irp??
  - From: bob

References:
- how to track irp??
  - From: lnqhzb@xxxxxxxxxxx
- Re: how to track irp??
  - From: heinz
- Re: how to track irp??
  - From: simonking
- Re: how to track irp??
  - From: heinz
- Re: how to track irp??
  - From: simonking
- Re: how to track irp??
  - From: heinz
- Re: how to track irp??
  - From: lnqhzb@xxxxxxxxxxx

Prev by Date: Does usbaudio.sys support ?
Next by Date: Re: USBD error query
Previous by thread: Re: how to track irp??
Next by thread: Re: how to track irp??
Index(es):
- Date
- Thread

Relevant Pages

Re: How to block system copy commands at driver level
... Store those keys on a SmartCard ... protected with the public key used to encrypt them before they are added. ... That still won't protect against cameras or screen capture ... How can I trace following System Copy commands and block them, ...
(microsoft.public.development.device.drivers)
Re: JES2 and $VS RACF Protection
... What is the process for checking commands entered when using $VS? ... JES2 checks the $VS profile and if allowed with let the command proceed. ... Also, to protect the /*ROUTE XEQ node1 command, I need the WRITER class ... Search the archives at http://bama.ua.edu/archives/ibm-main.html ...
(bit.listserv.ibm-main)
Re: how do i protect some commands from getting executed by the root?
... root also before they enter some password protected mode. ... A partial solution is to put disabled versions of the protected commands ... It also does not protect execution via direct execve ... If you just want to prevent "root" from accidentally run some dangerous commands, the above should work. ...
(comp.os.linux.development.system)
Re: Wordsearch:AI Insanity
... Mission = protect the important person) ... and finds that they override all previous commands? ... Maybe a part of it monitors the repetitive arrival at a contradiction, ... and a process starts where it attempts to semantically extend the ...
(rec.arts.sf.composition)
Re: Rexx IRXIC and IRXEXEC question
... cannot replace the IO routines and run TSO commands. ... The Rexx IRXIC (Trace and Execution control) allows one to enter some ... TS command to turn on tracing, then run an exec with IRXECEC. ...
(bit.listserv.ibm-main)