EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Apply Callback filter for a plugin

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#27737
Posted: 12/21/2013 06:42:21
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

Callback version 3.0.67

We have a program say X.exe.

It uses a plugin Y.dll

The plugin loads some files say ".abc"

If we set filter to "*.abc" the program X.exe works as desired with encrypted files.

But if we set filter as "X.exe | *.abc" The program X.exe do not load files.

The plugin "Y.dll" is a third party plugin.

We used Process Monitor, Process Explorer and Task manager and found that only "X.exe" is loading files.

My question is how we can set the filter so that only "X.exe" reads the files and not any other program

Please note that ".abc" is not the default extension of the program X.exe but it is used by the plugin Y.dll to load its files.
#27738
Posted: 12/21/2013 07:11:44
by Eugene Mayevski (EldoS Corp.)

Are you saying that right now the plugin can't load the files as you expect?


In general, filtering is done on per-process level, and this includes the main EXE and all library modules that are loaded by this EXE. It's not possible to distinguish (and separate) calls made by EXE and its libraries (DLLs).


Sincerely yours
Eugene Mayevski
#27739
Posted: 12/22/2013 05:35:50
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

Quote
Are you saying that right now the plugin can't load the files as you expect?


Plugin loads files if callback filter is applied only for file extn "*.abc" or the folder name in which files are.

If filter is applied for "Program name | *.abc" .... the plugin do not load "*.abc" files.

Let me explain you further.

The Y.dll plugin can be used with many programs like X.exe, X1.exe, X2.exe

If filter is on "folder" or file extn "*.abc" ... the encrypted files loads like normal files in the plugin and works as expected.

Further the plugin supplier [third party] has given its own standalone application to work with this plugin. The result is same.

That is plugin [a dll file] do not work with encrypted files if filter is applied on program name.

We see only the program name in "Process Monitor", Process Explorer and Task Manager.

I hope I am able to clarify the subject.

Thanks for your response.
#27740
Posted: 12/22/2013 08:57:45
by Vladimir Cherniga (EldoS Corp.)

Quote
If filter is applied for "Program name | *.abc" .... the plugin do not load "*.abc" files.

I don't know what rules you've applied with selected process name mask, but it could be possible that some callback events directed from system thread context may be skipped. For example, read/write requests initiated by the running process X.exe may be completed asynchronously in system thread, that is running on behalf of system cache manager or memory manager.
#27741
Posted: 12/22/2013 09:28:25
by Eugene Mayevski (EldoS Corp.)

You need to check , what process actually tries to load the file when the plugin does his job. It is possible that the plugin DLL calls the external process to read the data. You can check this using Process Monitor tool by Sysinternals.


Sincerely yours
Eugene Mayevski
#27742
Posted: 12/22/2013 22:30:38
by Manoj Jain (Standard support level)
Joined: 02/28/2013
Posts: 94

Quote
I don't know what rules you've applied with selected process name mask


Exactly same as given in Encrypt header VC++ sample. No Change.

Quote
You need to check , what process actually tries to load the file when the plugin does his job. It is possible that the plugin DLL calls the external process to read the data.


I agree.

Quote
You can check this using Process Monitor tool by Sysinternals


In my both the post earlier I have said that I have tried with Process Monitor as well as Process Explorer from Sysinternals.

They both display only the name of EXE which is calling the dll.


I can give you details of process names [software products] in Help Desk Ticket.
Also by EldoS: SecureBlackbox
200+ components and classes for digital security, signing, encryption and secure networking.

Reply

Statistics

Topic viewed 2661 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!