[R00tKit]

hi
i will write driver that prevent user from access USB , if USB is mass storage and allow if it is another class of USB!


can use IoSetDeviceInterfaceState within IoRegisterPlugPlayNotification for disable usb ?

is any other solution ?
thanks

[R00tKit]

i attache to FILE_DEVICE_DISK_FILE_SYSTEM file system with IoRegisterFsRegistrationChange and filter IRP_MJ_FILE_SYSTEM_CONTROL ( IRP_MN_MOUNT_VOLUME)

but in IRP handler, How find the device want to be mount is USB

this code

Code: Select all

CurrentIrpStackLocation=IoGetCurrentIrpStackLocation(Irp);
		

			if(CurrentIrpStackLocation->Parameters.MountVolume.DeviceObject->DeviceType==FILE_DEVICE_MASS_STORAGE) 

cant recognize USB ( At least for my external hard and flash memory ) in IRP handler

if i filter without USB detection it block USB but it prevent format other drive

Code: Select all

	DriverObject->MajorFunction[IRP_MJ_FILE_SYSTEM_CONTROL]=preventMount;

Code: Select all

NTSTATUS preventMount(IN PDEVICE_OBJECT DeviceObject ,IN PIRP Irp)
{
	NTSTATUS ntstat;
	PIO_STACK_LOCATION CurrentIrpStackLocation;

		CurrentIrpStackLocation=IoGetCurrentIrpStackLocation(Irp);
		
			if((CurrentIrpStackLocation->MinorFunction==IRP_MN_MOUNT_VOLUME));   	 // how detect USB in here
			{
				Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
				Irp->IoStatus.Information =0;
				IoCompleteRequest(Irp, IO_NO_INCREMENT);
				return STATUS_ACCESS_DENIED;

			}
		 IoSkipCurrentIrpStackLocation (Irp);
    return IoCallDriver(pDevExt->pTargetDeviceObject, Irp);
			
}

[kmd]

hi

u can try filter IRP_MN_PNP

http://msdn.microsoft.com/en-us/library ... s.85).aspx

[R00tKit]

i solve my problem and my driver block even in boot time

with

IoBuildDeviceIoControlRequest IOCTL_STORAGE_QUERY_PROPERTY

can detect device bus type