A filter driver for Windows 7/8/8.1/10 that allows you to restrict the access rights of processes to objects in the file system. The File system Mini-filter driver template was used as a basis. To start, you need a WDK for your version of Windows.
This driver can:
- read information from the configuration file conf.txt;
- block the process of reading, depending on the rights;
- block the process of writing, depending on the rights;
- Simultaneously block the process of reading and writing, depending on the rights.
The configuration file conf.txt should be located in C:\Windows folder. It has the following structure:
<path_to_file_n> <path_to_process_n> xy
Two numbers - xy, which can be either 0 (enable) or 1 (disable); the number x is responsible for writing, and y for reading.
Access is blocked according to the following algorithm:
- getting the name of the file that the process is accessing;
- search for a matching file name in the access_array list;
- if there is a match, the process name is obtained;
- comparison of the name with the proc field of the structure;
- if there is a match, we check the number field (this field contains two numbers - xy, which can take values either 0 (permission) or 1 (prohibition); number x is responsible for writing, and y for reading);
- depending on the value of number, enable / disable is performed.
The driver can be debugged using the DbgView utility. Driver registration and start can be done through OSR Driver Loader.