I'm using minifilter scanner program. The flow of the process is as follow: 1. The program reads the file content with FltReadFile function and stores into Buffer. 2. The program sends the Buffer to user mode. 3. The user mode checks for file content and send a block in case required.
I'm trying to read the file header but unable to do so. I think the FltReadFile is sending me only the content and not the Header which I need in order to check it's signature. Signature is a Hex number with an offset which locates in the file itself.
https://en.wikipedia.org/wiki/List_of_file_signatures
My Goal is to read that signature, identify and block access if I want so.
Thanks for your help.