EldoS | Feel safer!

Software components for data protection, secure storage and transfer

I have some problem to use the GetOriginatorProcessName method.

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#22752
Posted: 12/07/2012 09:25:44
by Mia Pak (Priority Standard support level)
Joined: 11/19/2012
Posts: 16

CallbackFilter help explain that "GetOriginatorProcessName" method do not call in OnReadFile/OnWriteFile callback.
So I used this method in OnCreateFile/OnOpenFile callback, and save processname to UserContext.
However at next case, I don't know which process called to OnReadFile/OnWriteFile Callback.

1. A.exe call OnCreateFile and my application save processname to UserContext.
2. B.exe call OnOpenFile and It's same UserContext to A.exe called.
3. OnWriteFile/OnReadFile be called, but I can't know which process called this callback.

In this case, Isn't there a way that which process called OnRead/WriteFile callback?
#22753
Posted: 12/07/2012 09:33:13
by Eugene Mayevski (EldoS Corp.)

1) You can't distinguish what process called OnWriteFile/OnReadFile because it can be cache manager that did it (which is neither A.exe nor B.exe). This is OS limitation, not ours.

2) In CBFS 4 there are different contexts offered (instead of one UserContext now) - one of them will be the same for A and B, and another will be different. But still in OnReadFile/OnWriteFile that second context which is different is not passed due to the restriction described above.

3) (just in case) remember to set CallAllOpenCloseCallbacks property to true in order to get OnOpenFile/OnCreateFile for operations (1) and (2) in your scenario.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 1132 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!