EldoS | Feel safer!

Software components for data protection, secure storage and transfer

No Read Callbacks

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#32072
Posted: 02/03/2015 07:26:07
by Stelios Mavridis (Basic support level)
Joined: 01/09/2015
Posts: 34

Hello,

I am trying to get ReadCallbacks but am unable to do so.

Even though i have wrote the following in the initialization:

Code
cf.AddFilterCallbackRule(mask+"\\*",
CbFltCallbackFlags.PostReadCallback |
CbFltCallbackFlags.ReadCallback     |
...);


As well as set the handlers:

Code
cf.OnReadFileC = cset.CbFltReadFileC;
cf.OnPostReadFileC = cset.CbFltPostReadFileC;


I also tried your VirtualFilesTest and even though it seems to have the necessary code for read Callback, i still don't get ReadCallbacks.

Other Callbacks such as open,close and write are captured.
Furthermore i have also (just in case) added:
Code
cf.ProcessFailedRequests = true;
cf.ProcessCachedReadWriteCallbacks = true;


I am in a Windows Server 2012 R2.

I dont know what the problem is, does anyone have any suggestion i could try?
#32073
Posted: 02/03/2015 07:31:38
by Vladimir Cherniga (EldoS Corp.)

Quote
Stelios Mavridis wrote:
I also tried your VirtualFilesTest and even though it seems to have the necessary code for read Callback, i still don't get ReadCallbacks.

Did you try to create/read/write with virtual files. Do you have any problems with that sample?
#32076
Posted: 02/03/2015 07:48:14
by Stelios Mavridis (Basic support level)
Joined: 01/09/2015
Posts: 34

Quote
Vladimir Cherniga wrote:
QuoteStelios Mavridis wrote:
I also tried your VirtualFilesTest and even though it seems to have the necessary code for read Callback, i still don't get ReadCallbacks.
Did you try to create/read/write with virtual files. Do you have any problems with that sample?


Yes i created a Virtual file and i saw Callbacks for
VirtualOpen,Virtualwrite,Virtualclose,DirectoryEnumerate, but not read even though i opened the file with notpad and then wrote it.
#32077
Posted: 02/03/2015 07:57:14
by Vladimir Cherniga (EldoS Corp.)

Quote
Stelios Mavridis wrote:
Yes i created a Virtual file and i saw Callbacks for VirtualOpen,Virtualwrite,Virtualclose,DirectoryEnumerate, but not read even though i opened the file with notpad and then wrote it.

If you see the file opened in notepad in a consistent state, then problem is in caching policy. System keeps recent data in cache and read requests may be satisfied without user callbacks.
#32078
Posted: 02/03/2015 08:12:04
by Stelios Mavridis (Basic support level)
Joined: 01/09/2015
Posts: 34

Quote
Vladimir Cherniga wrote:
QuoteStelios Mavridis wrote:
Yes i created a Virtual file and i saw Callbacks for VirtualOpen,Virtualwrite,Virtualclose,DirectoryEnumerate, but not read even though i opened the file with notpad and then wrote it.
If you see the file opened in notepad in a consistent state, then problem is in caching policy. System keeps recent data in cache and read requests may be satisfied without user callbacks.


Wouldnt cf.ProcessCachedReadWriteCallbacks = true; suffice in this case?
#32080
Posted: 02/03/2015 08:34:38
by Vladimir Cherniga (EldoS Corp.)

Quote
Stelios Mavridis wrote:
Wouldnt cf.ProcessCachedReadWriteCallbacks = true; suffice in this case?

Virtual files is an exception. But for the ordinal files it should work as expected. Make sure that it was set before filter attachment. You may also check a file system log using Process Monitor tool from Microsoft. You may also check the problem with our FileMon sample, just modify it with ProcessCachedReadWriteCallbacks property set TRUE.
#32083
Posted: 02/03/2015 10:40:17
by Stelios Mavridis (Basic support level)
Joined: 01/09/2015
Posts: 34

I didnt really understand what you meant that virtual files are an exception but after switching projects it worked. I guess VS keept some old object files or something :S.

Thanks
#32085
Posted: 02/03/2015 10:54:53
by Vladimir Cherniga (EldoS Corp.)

Quote
Stelios Mavridis wrote:
I didnt really understand what you meant that virtual files are an exception

Actually for the virtual files cached/non-cached callbacks, as well as notifications must work correctly, ignore my previous post. You should compare your code with a provided samples to find the reason of problem.
#32097
Posted: 02/04/2015 08:55:11
by Stelios Mavridis (Basic support level)
Joined: 01/09/2015
Posts: 34

So after looking into it.

I found out that every time EnumerateDirectoryCB gets called the EndOfFile variable remains constantly to 0 instead of keeping the value i set it like this:

Code
void EnumerateCB(...,ret UInt32 EndOfFile,...)
{
if(file == "MyVirtFile")
EndOfFile = new_file_size;
}


Since the change does not seem to be retained,
this leads me to believe that when the file is opened(eg notepad) the application also sees 0 instead of the new_file_size and thus the file seems empty.

Is there something i am missing?
#32098
Posted: 02/04/2015 11:28:02
by Vladimir Cherniga (EldoS Corp.)

CbFltPostGetFileSizesEventC uses for the file size modification, as well as CbFltEnumerateDirectoryEventC. The second event reports about file size in directory listing in most cases.
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 5675 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!