[NTOSKRNL] Only allow page file on a few specific device types

diff --git a/ntoskrnl/mm/pagefile.c b/ntoskrnl/mm/pagefile.c
index 9855578..0649f0f 100644 (file)
--- a/ntoskrnl/mm/pagefile.c
+++ b/ntoskrnl/mm/pagefile.c
@@ -364,6 +364,7 @@ NtCreatePagingFile(IN PUNICODE_STRING FileName,
     SECURITY_DESCRIPTOR SecurityDescriptor;
     PACL Dacl;
     PWSTR Buffer;
     SECURITY_DESCRIPTOR SecurityDescriptor;
     PACL Dacl;
     PWSTR Buffer;

+    DEVICE_TYPE DeviceType;

 
     DPRINT("NtCreatePagingFile(FileName %wZ, MinimumSize %I64d)\n",
            FileName, MinimumSize->QuadPart);
 
     DPRINT("NtCreatePagingFile(FileName %wZ, MinimumSize %I64d)\n",
            FileName, MinimumSize->QuadPart);


@@ -727,6 +728,17 @@ NtCreatePagingFile(IN PUNICODE_STRING FileName,
         return Status;
     }
 
         return Status;
     }
 

+    /* Only allow page file on a few device types */
+    DeviceType = IoGetRelatedDeviceObject(FileObject)->DeviceType;
+    if (DeviceType != FILE_DEVICE_DISK_FILE_SYSTEM && DeviceType != FILE_DEVICE_NETWORK_FILE_SYSTEM &&
+        DeviceType != FILE_DEVICE_DFS_VOLUME && DeviceType != FILE_DEVICE_DFS_FILE_SYSTEM)
+    {
+        ObDereferenceObject(FileObject);
+        ZwClose(FileHandle);
+        ExFreePoolWithTag(Buffer, TAG_MM);
+        return Status;
+    }
+

     /* Deny page file creation on a floppy disk */
     FsDeviceInfo.Characteristics = 0;
     IoQueryVolumeInformation(FileObject, FileFsDeviceInformation, sizeof(FsDeviceInfo), &FsDeviceInfo, &Count);
     /* Deny page file creation on a floppy disk */
     FsDeviceInfo.Characteristics = 0;
     IoQueryVolumeInformation(FileObject, FileFsDeviceInformation, sizeof(FsDeviceInfo), &FsDeviceInfo, &Count);