Here what I have:
- the user application – it’s MSVC project, service, written on C++ with small Boost & STL (app are using hooks to get users actions)
- the driver – it’s a FS Minifilter Driver, that monitors USB mount/umount actions, and file movements
Problem: On XP, this two guys works great together, but when I’m started to port them on Vista & Win7 systems, the troubles rised quickly.
- driver doesn’t installing, because it’s not signed
- hooks are not working, because in Vista and above servicies are placed to the different session, and unable to interact with user session (f*ck!)…
- UAC – that doesn’t gave access from my application to driver when it’s ON, and so, and so…
But: I just want to hear, is there realy possible to connect driver and user application on Vista & Win7 with UAC-is-on, and if it’s possible, what are conditions must be to perform this interaction (for example, driver must be signed or maybe something else…)?
Great thanks!
Your driver should expose a virtual device for the user-mode application to open and interact with (often via IOCTLs).
This is completely independent of the filesystem device layers you are already working with.
When your driver creates this new virtual device, it can set permissions to allow any user to open it, only elevated admins, etc.
As a final note, the things you mentioned (monitoring mount, unmount, and MoveFile) are already built into Windows. I don’t know why you are writing a driver when you could use
WM_DEVICECHANGE(for mount/unmount) and theFindFirstChangeNotification/ReadDirectoryChangesWand/or NTFS logs for MoveFile detection.