After a few days, I finally decided to solve the dynamic plus of IFS.
In order to be no longer halo, summarize as follows:
1. Encrypt in sfWrite (IRP_MJ_WRITE) instead of completing the routine,
Decrypt in sfread (IRP_MJ_READ) instead of completion routines,
3. Just handle IRP_NOCACHE | IRP_PAGING_IO | IRP_SYNCHRONOUS_PAGING_IO
2. Encryption Simple Process:
a. Get buffer address from Windows,
IF (IRP-> MDLADDRESS)
{
SysdataBuf = MmgetsystemAddressFormdlsafe (IRP-> MDLDRESS, NORMALPAGEPRIORIRIRITY);
}
Else
{
SysdataBuf = IRP-> UserBuffer;
}
b. Save the plain text sysdatabuf in sysdatabase, SYSDATABUFFIRST
c. Encrypt SysdataBuf with your powerful algorithm - >> mybuf
d. Put mybuf copy to sysdatabuf,
E.IocallDriver Put the secret to the Double, write to Harddisk.
f. Recovery of Memory's plaintext RTLCopyMemory (sysdatabuf, sysdatabase;) ;.
3. Decryption approach:
A.iocallDriver reads to ciphertext
B, decryption
C. IOCOMPLETEREQUEST
My development environment:
IFS2600, Sfilter's code is for XP SP1