EldoS | Feel safer!

Software components for data protection, secure storage and transfer

filtering content based on process (problem with UserContext shared)

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#24030
Posted: 03/12/2013 01:25:40
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

Code
void CbFltOpenFileEventC(CallbackFilter Sender, string FileName, ref UInt32 DesiredAccess, ref UInt16 FileAttributes, ref UInt16 ShareMode, ref UInt32 Options, ref UInt16 CreateDisposition, ref bool ProcessRequest)
    {


        string OriginatorProcess2;


        mFilter.GetOriginatorProcessName(out OriginatorProcess2);

        AddToLog(string.Format("Open by", OriginatorProcess2));



        if (OriginatorProcess2.StartsWith("Adobe Premiere Pro"))
             {

                 ProcessRequest = true;
             }
  
        else{
                  ProcessRequest = false;
             }
            
    }


Yes... see the complete code above
#24034
Posted: 03/12/2013 03:00:32
by Vladimir Cherniga (EldoS Corp.)

Code
AddToLog(string.Format("Open by", OriginatorProcess2));

Do you check for exception with above code ?
May be this help
Code
AddToLog(string.Format("Open by {0}", OriginatorProcess2));
#24039
Posted: 03/12/2013 06:18:27
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

after changing to it is displaying in log:
Code
AddToLog(string.Format("Open by {0}", OriginatorProcess2))


I am now able to deny all other applications .

I want to know how to store the information in UserContext so that I can use it in other callbacks as given in help

Below is description from help:
Quote

Store obtained information somewhere and store the reference to this information in the UserContext;
When you need to check the originator information in some file-related callback, access the stored information via UserContext
#24040
Posted: 03/12/2013 06:28:34
by Eugene Mayevski (EldoS Corp.)

Please see About Contexts in the help file. It contains a sample.


Sincerely yours
Eugene Mayevski
#24214
Posted: 03/21/2013 07:50:52
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

Code
void CbFltOpenFileEventC(CallbackFilter Sender, string FileName, ref UInt32 DesiredAccess, ref UInt16 FileAttributes, ref UInt16 ShareMode, ref UInt32 Options, ref UInt16 CreateDisposition, ref bool ProcessRequest)
    {

        string OriginatorProcess2;

        mFilter.GetOriginatorProcessName(out OriginatorProcess2);

        AddToLog(string.Format("Open by", OriginatorProcess2));


        if (OriginatorProcess2.StartsWith("Adobe Premiere Pro"))
             {

                 ProcessRequest = true;
             }
  
        else{
                  ProcessRequest = false;
             }
            
    }


Can someone help me write this code in vc++ 2010 EncryptwithHeader sample

The problem is in c++ "GetOriginatorProcessName" value cannot returns null during folder browsing and it throws error.


Code I am trying:

Code
void CbFltOpenFileC(
    CallbackFilter* Sender,
    LPWSTR FileName,
    PACCESS_MASK DesiredAccess,
    PWORD FileAttributes,
    PWORD ShareMode,
    PDWORD CreateOptions,
    PWORD CreateDisposition,
    LPBOOL RequestAccepted
    )
{
   WCHAR text[MAX_PATH * 2];
    if (0 == (*FileAttributes & FILE_ATTRIBUTE_DIRECTORY))
    {
       wsprintfW(text, L"OpenFileC %s", FileName);
       AddToLog(text);
    }

   LPWSTR OriginatorProgram;
   LPWSTR OriginatoDrive;
   LPWSTR OriginatorFolder;
   LPWSTR OriginatorFile;
   LPWSTR OriginatorExtn;



   g_CbFlt.GetOriginatorProcessName (OriginatorProgram,1000);
   
_wsplitpath(OriginatorProgram,OriginatoDrive,OriginatorFolder,OriginatorFile,OriginatorExtn);

if (wcscmp(OriginatorFile,ReturnedAllowedProgram ))
{
    *RequestAccepted = TRUE;
}
else
{
     *RequestAccepted = FALSE;
}


}


I get error at

Code
_wsplitpath(OriginatorProgram,OriginatoDrive,OriginatorFolder,OriginatorFile,OriginatorExtn)


because OriginatorProgram is NULL when I browse the folder [which should be bypassed]

I tried to include my code inside
Code
if (0 == (*FileAttributes & FILE_ATTRIBUTE_DIRECTORY))
but no difference.

I have tried making following declarations globle also
Code
  LPWSTR OriginatorProgram;
   LPWSTR OriginatoDrive;
   LPWSTR OriginatorFolder;
   LPWSTR OriginatorFile;
   LPWSTR OriginatorExtn;

Any lead / workable code? Please.
#24219
Posted: 03/21/2013 08:32:28
by Vladimir Cherniga (EldoS Corp.)

You should initialize OriginatorProgramm = NULL, then check this value on g_CbFlt.GetOriginatorProcessName() finished. Originator process may be a system process, that doesn't have an associated file image, so that it could be ignored. There is also another optional flag that could be used to detect directory/file opening in CreateOptions parameter:
FILE_DIRECTORY_FILE = 0x00000001
FILE_NON_DIRECTORY_FILE = 0x00000040
#24222
Posted: 03/21/2013 09:14:05
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

While searching your forum using google I could find code below, which seems to be working
Code
   WCHAR process[1024];
   unsigned long len (1024);
    Sender->GetOriginatorProcessName( process, &len);
   
   if(wcsstr(process, L"notepad.exe") != 0)

      //!=0 found
      //==0 found

      *RequestAccepted = TRUE;
     //then it contains "example"
else
    

     *RequestAccepted = FALSE;


Is is correct method.

I tried with directory flags but no success.
#24224
Posted: 03/21/2013 09:27:51
by Vladimir Cherniga (EldoS Corp.)

If you try to reject "notepad.exe" from filtered files opening, then it should work.
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 7029 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!