EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Can I check which process accesses the file?

CallbackFilter offers flexible mechanisms to check the caller process.

What you need to do is handle file creation and opening requests (add callback rules for OnOpenFile and OnCreateFile). In the corresponding callbacks / event handlers your code needs to call GetOriginatorToken or other GetOriginator* method of CallbackFilter to obtain information about the calling process. With this information you can perform any checks you like, be it process file integrity check or anything else.

If the process should not access the file, you need to decline the request by setting ProcessRequest parameter to false or throwing ECbFltError with error code 5 (Access Denied).

For performance and efficiency reasons, don't use GetOriginator* methods in callbacks that use the already opened file handles (e.g. OnWriteFileC). Instead, obtain the needed information and store it in the HandleContext parameter of OnPostOpenFileC and OnCreateFileC callbacks. Then, access the stored information via HandleContext parameter when it is available (it might be not available in some cases in OnReadFileC and OnWriteFileC callbacks). See information about checking the originator in read and write requests.

The same checks can be implemented in directory enumeration and file information retrieval callbacks (OnEnumerateDirectoryC and OnGetFileInfoC).

For information about integrity checking of the caller process see this question.

Return to the list


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!