I need create app for Block file creation in folder, I am tried to see some of examples about minifilter, but still don't understand how to do this. Found this piece of code that does the processing. This is a link of example https://github.com/Microsoft/Windows-driver-samples/tree/master/filesys/miniFilter/minispy
CONST FLT_OPERATION_REGISTRATION Callbacks[] =
{
{ IRP_MJ_CREATE,
0,
SpyPreOperationCallback,
SpyPostOperationCallback },
{ IRP_MJ_WRITE,
0,
SpyPreOperationCallback,
SpyPostOperationCallback },
{ IRP_MJ_SET_INFORMATION,
0,
SpyPreOperationCallback,
SpyPostOperationCallback },
{ IRP_MJ_CLOSE,
0,
SpyPreOperationCallback,
SpyPostOperationCallback },
{ IRP_MJ_OPERATION_END } };
So, in short, every sort of open or file creation ends up in the IRP_MJ_CREATE callback. You can get the name of the file to be opened (or created) and the name of the folder and such (FltGetFileNameInformation) and decide whether to allow the request (return FLT_PREOP_SUCCESS_NO_CALLBACK which allows the request to continue) or set the IoStatus to something like STATUS_ACCESS_DENIED and return FLT_PREOP_COMPLETE to block the request. This is, in a nutshell, what your filter should do to block creating files under specific folder.