I would like to build a minifilter driver that interacts with the user land(via fltmgr port) in the following fashion:
1. From a GUI I would like to give as input Paths to executables(such as AdobeReader, Chrome, MicrosoftWord, etc).
2. These selections above, are to be checked against a processID
3. User files can only be opened by checking if they belong to the map created at step2(EXAMPLE: PDF files -> (PdfReader,Chrome,Firefox, IE), DOCX files( Microsoft Word, [login to view URL])
Example: Suppose AdobeReader tries to open a document 1.pdf. The minifilter driver monitors [login to view URL] and sees which process attemtps to open this document. First it checks the processID who makes the attempt, then it converts the processID to ImagePathFile(path of exe who attempts the reading, i.e in this case AdobeReader) and if the name of the program is in the list found in steps 2/3, then it grants opening(PRE_OP_CALLBACK). If not, suppose a random exe tries to load the [login to view URL] content as streamed buffer, the USER gets a popup dialog(MessageBox) which is asking him whether he/she desires to open this [login to view URL] with unknown.exe.
The output of the project consists of a GUI(C#.,C++) ... your choice
the minifilter kernel driver can be as dll or integrated with the GUI
Preference is as dll to be consumed separately. It is extremely important that the communication from kernel land to user land is well documented and understood.