0

My goal is to overwrite a files contents and name just before it is deleted - wiping deleted files.

I am trying to use a minifilter driver and the pre-cleanup callback routine that gets called just before the final delete operation.

So far I have been able to get rid of the create/changed/access dates and overwrite the contents of the file just before it gets deleted.

However I am not able to change the file name and owner information.

I found that I can rename the file using FltSetFileInformation, but the file does not delete properly during cleanup. With shift+delete, it gets deleted, but the filename on the disc remains the same as it was. With just a normal delete, it will not go to recycle bin(presumably because is cant move it, now that it has a new name.)

The control flow of minifilters is bit unclear to me. For instance if I call FltWriteFile does it just send another IRP, does it do it synchronously or asynchronously.

How can i change the name of the file i want to delete within the IRP , so it still gets deleted by the lower drivers.

ollo
  • 926
  • 1
  • 14
  • 33
  • Make your question more clear. You are renaming so why is there delete? Also what is your overall objective? – Rohan Apr 05 '14 at 09:08

1 Answers1

0

FileDispositionInformation use this for deletion.

FileRenameInformation use this for rename also you need to figure out for which you are Doing rename is a file or a file within directory first find name of a fine then parse it ...etc.

since on the same volume the rename is a move operation but on different volume it is copy delete.hope this will help.

Yu Hao
  • 119,891
  • 44
  • 235
  • 294
user3863195
  • 21
  • 1