SecureVol Project Part 1 Introduction
I have decided to code this project which implements a FAT (File Allocation Table) filesystem using a driver to create the volume on disk, mounting the filesystem and performing all I/O operations to such filesystem. It also uses a user-mode controller to interact with kernel-mode code.
SecureVol makes use of the VHD Api. Creates the virtual disk from usermode (starting size ~1 GB) and formats the volume from kernel mode.
There are two main components:
- fat.sys
Implements the kernel code. First off, it creates the device with type FILE_DEVICE_DISK_FILE_SYSTEM. There is no IRP_MN_MOUNT handling in this Software, this operation is done via a standard ZwDeviceIoControlFile when user selects the option ''Mount File System'' from SecureVol.exe. This call will produce the following
- Opening the hard disk to get a valid handle to it.
- Getting disk geometry information
- Filling a PARTITION_TABLE structure
- Finding right location to allocate the File System
- Loading the volume, if File System not installed yet, it will format partition.
It will also create the main I/O thread which will hold the interaction between kernel space and user space.
- SecureVol.exe
Implements the GUI and the user space code. It also manages all the interaction between driver and user.
Application overview (Main Window)
The idea is to do a basic re-implementation of explorer.exe. First picture shows 9 files with different extensions and some basic information like file index, time creation, size etc. The main difference between this fat version and others, is, file encryption (rudimentary stage), file compression (not developed yet), and other operations. The aim of SecureVol is to provide a secure storage container for files against Ransomware attacks or similar file-modifying viruses.
The last picture shows the VHD growing. Resizing the virtual the disk is something interesting and still needs to be developed. Keep in mind we are formatting the disk by ourselves, so this means, if we open disk management tool after mounting the VHD, Windows will still detect the disk as non initialized and without any File System, and that is fine. We dont want to use windows tools as this takes away the goal of making this application.
Comments
Post a Comment