Re: How to block system copy commands at driver level

And the answer is there are no basic copy commands. All you are going to
see are reads and writes, there is no concept of copying at the kernel
level. So unless you want to make a file so it cannot be read (which makes
it rather useless) you cannot stop copying. Go to http://www.osronline.com/
and join the NTFSD newsgroup, and then start reading the archives, this has
been discussed way too many times.


--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply




"Bipin Mistry" <bpnmistry@xxxxxxxxx> wrote in message
news:7b8f425d-e3c1-41c5-a321-5cb18c07899b@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello David,

Up to the extent I agree with you that this task can not be done
unless we know how Windows works with these events at low level.

Put the data to be protected in a directory. Encrypt that directory's
files
with a symmetric key or multiple keys. Store those keys on a SmartCard
protected with the public key used to encrypt them before they are added.
Issue a CD/DVD/USB drive with the files on it, a SmartCard reader, & the
fully initialized SmartCard. Write an application that permits the files
to
be viewed, but does not respond to any key strokes that might copy the
data
in the viewer.

I also do agree as am currently working on bit similer system, now
requirements dose says that copy protection for basic copy commands
need to be ignored/blocked when such restricted data are concerned.

If you have / come accross to know about any thing that can help me
then please do post it, so as I can work arround & complete my task.

Bipin



On May 23, 4:21 pm, "David Craig" <driv...@xxxxxxxxxx> wrote:
This question has been asked and answered many times in the last few
months.
I guess there is someone out there hiring companies to implement an
anti-copy driver. Maybe they are offering a large completion payment with
nothing until it is done. The answer is NO. Until you learn how Windows
works, you cannot prevent copying and you can't understand why it cannot
be
done. I can think of only one solution for Windows and it is not
practical.
The other choice is to write your own OS that has different rules.

Put the data to be protected in a directory. Encrypt that directory's
files
with a symmetric key or multiple keys. Store those keys on a SmartCard
protected with the public key used to encrypt them before they are added.
Issue a CD/DVD/USB drive with the files on it, a SmartCard reader, & the
fully initialized SmartCard. Write an application that permits the files
to
be viewed, but does not respond to any key strokes that might copy the
data
in the viewer. That still won't protect against cameras or screen capture
programs, but it is about as good as it can be done. You need a separate
encryption key for each copy of the files to provide post compromise
security. If you try and use normal programs such as Notepad, Wordpad, or
Word the data must be placed in plaintext in the buffers where another
driver can obtain access easily. The Windows filesystems just don't work
if
encryption is done closer to the application unless it is within the
application's context as part of its code or an injected DLL.

"Bipin Mistry" <bpnmis...@xxxxxxxxx> wrote in message

news:6a3688db-4c57-4671-a27c-30043ef6aa32@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



Hello,

How can I trace following System Copy commands and block them, so as
secured folder/drive do not react to these commands.

1. [Ctrl + C],
2. Right Click Menu -> Copy
3. File Menu -> Copy
4. Command prompt copy

As per me all above command will be calling a single rutine process at
driver level.
I am unable to identify which rutine dose it call & how can I identify
that the any of above 4 are triggered.

During my RnD till now I reached till IRP_MJ_READ & WRITE where by
related parameters and their properties do not describe about COPY in
specifically.

Some place I read about this can be posible with keeping watch on
Clipboard, dont know how much this will be useful, as there was no
extra informaiton was provided.

If any one can help me out for this situation then please do share
your knowledge with me.

Best regards,
Bipin- Hide quoted text -

- Show quoted text -


.

Relevant Pages

  • Re: How to block system copy commands at driver level
    ... Store those keys on a SmartCard ... protected with the public key used to encrypt them before they are added. ... That still won't protect against cameras or screen capture ... How can I trace following System Copy commands and block them, ...
    (microsoft.public.development.device.drivers)
  • Re: How to block system copy commands at driver level
    ... unless we know how Windows works with these events at low level. ... Store those keys on a SmartCard ... protected with the public key used to encrypt them before they are added. ... requirements dose says that copy protection for basic copy commands ...
    (microsoft.public.development.device.drivers)
  • Re: System Information Unavailable on XP Pro
    ... Bill, ... Open a Command Prompt window and enter the following commands, ... > You can see I'm multibooting, where WinXP is on partition ... >>> received the reply, "The Windows Management ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Thanks Everyone
    ... All I was able to do was do simple dos commands, ... Windows hadn't loaded, I was hoping I was in the Command Prompt and that I ...
    (microsoft.public.windowsxp.general)
  • Re: [opensuse] RPM Question
    ... of the disks, and what files are stored on what disks, could ... put the commands in shell scripts (think of .bat files, ... packages on my windows machine here at work. ... an internet connection to open up and process an RPM file? ...
    (SuSE)