EldoS | Feel safer!

Software components for data protection, secure storage and transfer

filtering content based on process (problem with UserContext shared)

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#24030
Posted: 03/12/2013 01:25:40
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

Code
void CbFltOpenFileEventC(CallbackFilter Sender, string FileName, ref UInt32 DesiredAccess, ref UInt16 FileAttributes, ref UInt16 ShareMode, ref UInt32 Options, ref UInt16 CreateDisposition, ref bool ProcessRequest)
    {


        string OriginatorProcess2;


        mFilter.GetOriginatorProcessName(out OriginatorProcess2);

        AddToLog(string.Format("Open by", OriginatorProcess2));



        if (OriginatorProcess2.StartsWith("Adobe Premiere Pro"))
             {

                 ProcessRequest = true;
             }
  
        else{
                  ProcessRequest = false;
             }
            
    }


Yes... see the complete code above
#24034
Posted: 03/12/2013 03:00:32
by Vladimir Cherniga (EldoS Corp.)

Code
AddToLog(string.Format("Open by", OriginatorProcess2));

Do you check for exception with above code ?
May be this help
Code
AddToLog(string.Format("Open by {0}", OriginatorProcess2));
#24039
Posted: 03/12/2013 06:18:27
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

after changing to it is displaying in log:
Code
AddToLog(string.Format("Open by {0}", OriginatorProcess2))


I am now able to deny all other applications .

I want to know how to store the information in UserContext so that I can use it in other callbacks as given in help

Below is description from help:
Quote

Store obtained information somewhere and store the reference to this information in the UserContext;
When you need to check the originator information in some file-related callback, access the stored information via UserContext
#24040
Posted: 03/12/2013 06:28:34
by Eugene Mayevski (EldoS Corp.)

Please see About Contexts in the help file. It contains a sample.


Sincerely yours
Eugene Mayevski
#24214
Posted: 03/21/2013 07:50:52
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

Code
void CbFltOpenFileEventC(CallbackFilter Sender, string FileName, ref UInt32 DesiredAccess, ref UInt16 FileAttributes, ref UInt16 ShareMode, ref UInt32 Options, ref UInt16 CreateDisposition, ref bool ProcessRequest)
    {

        string OriginatorProcess2;

        mFilter.GetOriginatorProcessName(out OriginatorProcess2);

        AddToLog(string.Format("Open by", OriginatorProcess2));


        if (OriginatorProcess2.StartsWith("Adobe Premiere Pro"))
             {

                 ProcessRequest = true;
             }
  
        else{
                  ProcessRequest = false;
             }
            
    }


Can someone help me write this code in vc++ 2010 EncryptwithHeader sample

The problem is in c++ "GetOriginatorProcessName" value cannot returns null during folder browsing and it throws error.


Code I am trying:

Code
void CbFltOpenFileC(
    CallbackFilter* Sender,
    LPWSTR FileName,
    PACCESS_MASK DesiredAccess,
    PWORD FileAttributes,
    PWORD ShareMode,
    PDWORD CreateOptions,
    PWORD CreateDisposition,
    LPBOOL RequestAccepted
    )
{
   WCHAR text[MAX_PATH * 2];
    if (0 == (*FileAttributes & FILE_ATTRIBUTE_DIRECTORY))
    {
       wsprintfW(text, L"OpenFileC %s", FileName);
       AddToLog(text);
    }

   LPWSTR OriginatorProgram;
   LPWSTR OriginatoDrive;
   LPWSTR OriginatorFolder;
   LPWSTR OriginatorFile;
   LPWSTR OriginatorExtn;



   g_CbFlt.GetOriginatorProcessName (OriginatorProgram,1000);
   
_wsplitpath(OriginatorProgram,OriginatoDrive,OriginatorFolder,OriginatorFile,OriginatorExtn);

if (wcscmp(OriginatorFile,ReturnedAllowedProgram ))
{
    *RequestAccepted = TRUE;
}
else
{
     *RequestAccepted = FALSE;
}


}


I get error at

Code
_wsplitpath(OriginatorProgram,OriginatoDrive,OriginatorFolder,OriginatorFile,OriginatorExtn)


because OriginatorProgram is NULL when I browse the folder [which should be bypassed]

I tried to include my code inside
Code
if (0 == (*FileAttributes & FILE_ATTRIBUTE_DIRECTORY))
but no difference.

I have tried making following declarations globle also
Code
  LPWSTR OriginatorProgram;
   LPWSTR OriginatoDrive;
   LPWSTR OriginatorFolder;
   LPWSTR OriginatorFile;
   LPWSTR OriginatorExtn;

Any lead / workable code? Please.
#24219
Posted: 03/21/2013 08:32:28
by Vladimir Cherniga (EldoS Corp.)

You should initialize OriginatorProgramm = NULL, then check this value on g_CbFlt.GetOriginatorProcessName() finished. Originator process may be a system process, that doesn't have an associated file image, so that it could be ignored. There is also another optional flag that could be used to detect directory/file opening in CreateOptions parameter:
FILE_DIRECTORY_FILE = 0x00000001
FILE_NON_DIRECTORY_FILE = 0x00000040
#24222
Posted: 03/21/2013 09:14:05
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

While searching your forum using google I could find code below, which seems to be working
Code
   WCHAR process[1024];
   unsigned long len (1024);
    Sender->GetOriginatorProcessName( process, &len);
   
   if(wcsstr(process, L"notepad.exe") != 0)

      //!=0 found
      //==0 found

      *RequestAccepted = TRUE;
     //then it contains "example"
else
    

     *RequestAccepted = FALSE;


Is is correct method.

I tried with directory flags but no success.
#24224
Posted: 03/21/2013 09:27:51
by Vladimir Cherniga (EldoS Corp.)

If you try to reject "notepad.exe" from filtered files opening, then it should work.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 7004 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!