EldoS | Feel safer!

Software components for data protection, secure storage and transfer

EncryptwithHeader Sample

Also by EldoS: SecureBlackbox
200+ components and classes for digital security, signing, encryption and secure networking.
#24223
Posted: 03/21/2013 09:25:50
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

In Encrypt with Header C++ sample can I assign two filters as below:

//Objective is to ensure that protected files are read encrypted files properly by program "xyz" from this directly only [I will add restriction in File Open call back" using ProcessName.

Code
g_CbFlt.AddFilterCallbackRule("C:\Test\", (CallbackFilter::CbFltCallbackFlags)(
      CallbackFilter::ReadCallback |
      CallbackFilter::WriteCallback |
      CallbackFilter::CreateCallback |
      CallbackFilter::RenameCallback |
      CallbackFilter::SetSizesCallback |
      CallbackFilter::EnumerateDirectoryCallback |
      CallbackFilter::OpenCallback |
      CallbackFilter::CloseCallback |
      CallbackFilter::GetSizesCallback
      ));


//Objective is to ensure encryption of all files saved by program "abc" [at any location in any format]
Code
       g_CbFlt.AddFilterCallbackRule(L"*.*", (CallbackFilter::CbFltCallbackFlags)(
      CallbackFilter::WriteCallback |
      CallbackFilter::OpenCallback
      ));

I am thinking of adding restriction on write call back using "processname" recorded at "File Open callback"

Question: Can I have both definitions in one program ... or I need to create two separate programs.
#24225
Posted: 03/21/2013 09:46:51
by Vladimir Cherniga (EldoS Corp.)

You may add several filters to the same program. There rules will not affect on each other. If you add some rules to the same filter instance, they will be processed one by one until match filter mask found, that suits the rule. The second rule may hide the mask of the first rule if added last. So you should keep in mind that your second rule will shadow the first one if added as second. You should add second rule first, because last added rule checked first.
#24268
Posted: 03/25/2013 06:11:14
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

In VC++ encryption with header sample:

if I use filter with mask ["C:\Test\"] and restricting encrypting decryption using process id on Open Call back ... .. it is WORKING FINE.


if I use filter with mask ["*.*"] and restricting encrypting decryption using process id on Open Call back ... ..THE SYSTEM HANGS as soon as I attach filter or after few seconds.

I am matching the process id of the program I want to allow encryption / decryption.

To get the process id of the program I want to allow, I am starting it on button click from the menu using createprocess method.

To get process id I am use Sender->GetOriginatorProcessid method

The comparison works very well with Mask as ANY FOLDER, but fails with MASK as *.*

For WCHAR Disk[4] , I am assigning "c:\" as value so that rest of the process can work.

My question is how I can make it work with "*.*" as filter Mask.
#24269
Posted: 03/25/2013 06:28:50
by Vladimir Cherniga (EldoS Corp.)

You should be aware of including in filter mask system directories like ..\system32 and others, because this is a simple way to get locked. Running filter application may initiate a callback for some system dlls, and this way lock is guarantee. I suggest you to add ..passthrough.. rules for the system directories.
#24271
Posted: 03/25/2013 07:12:19
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

I added AddFilterPassThroughRule for:

1. C:\Windows

2. C:\program Files

3. C:\program File (x86)

4. Folder in which my code files are


The AddFilterPassThroughRule is added before AddFilterCallbackRule [and before attach filter method]

The situation is still same ... system Hangs

Need help please
#24273
Posted: 03/25/2013 07:32:31
by Vladimir Cherniga (EldoS Corp.)

The possible reason of hang is an actions made from within callback handler, that may raise another callback at the same time. You should try to disable some code from callbacks, that possibly is the source of the problem. If you can create a kernel dump from the hang system and share it with us through the any file sharing service, then we can analyze this dump to find the source of issue. Anyway, processing callbacks synchronously, requires a minimal interaction with filtered files. Open file handles from callbacks is possible only with a methods provided with CallbackFilter class. If possible, postpone any additional processing to another thread, in that way you may prevent possible locking within callbacks.
#24274
Posted: 03/25/2013 07:37:11
by Vladimir Cherniga (EldoS Corp.)

If you handle with a kernel dump creation, please open a corresponding ticket in helpdesk system.
#24275
Posted: 03/25/2013 07:48:46
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

Actually Now I have tried with only one callbackfilter.

In the example I have only changed the mask to "*.*" and then added passthrouth

I will try to make a dump and share. In the mean time can you please share some example of AddPassThroughCallbackRuleEx

I think with EaName I can filter all system files or allow only user files

But I need some detail on i. In the help details about EaName is not available and I cannot find using google also.
#24276
Posted: 03/25/2013 08:19:48
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

I tried with AddPassThroughCallbackRuleEx

For LPCSTR EaName i gave "system" and Mask as "*.*" and all other things same as filter

The app did not hang but also filter was not applied to any file. That means file was not encrypted when saved
#24277
Posted: 03/25/2013 08:20:50
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

One more thing ... I am working on NTFS win 7 system,
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 14306 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!