public ListViewItem FormatRegistryMessage(FilterAPI.MessageSendData messageSend)
{
ListViewItem lvItem = new ListViewItem();
try
{
string userName = string.Empty;
string processName = string.Empty;
FilterAPI.DecodeUserName(messageSend.Sid, out userName);
FilterAPI.DecodeProcessName(messageSend.ProcessId, out processName);
string[] listData = new string[listView_Message.Columns.Count];
int col = 0;
listData[col++] = messageSend.MessageId.ToString();
listData[col++] = FormatDateTime(messageSend.TransactionTime);
listData[col++] = userName;
listData[col++] = processName + " (" + messageSend.ProcessId + ")";
listData[col++] = messageSend.ThreadId.ToString();
listData[col++] = GetRegCallbackClassName(messageSend);
listData[col++] = messageSend.FileName;
listData[col++] = FilterMessage.FormatStatus(messageSend.Status);
listData[col++] = RegistryHandler.FormatDescription(messageSend);
lvItem = new ListViewItem(listData, 0);
if (messageSend.Status >= (uint)NtStatus.Status.Error)
{
lvItem.BackColor = Color.LightGray;
lvItem.ForeColor = Color.Red;
}
else if (messageSend.Status > (uint)NtStatus.Status.Warning)
{
lvItem.BackColor = Color.LightGray;
lvItem.ForeColor = Color.Yellow;
}
if (GlobalConfig.EnableLogTransaction)
{
FilterMessage.LogTrasaction(listData);
}
AddItemToList(lvItem);
}
catch (Exception ex)
{
EventManager.WriteMessage(445, "GetFilterMessage", EventLevel.Error, "Add callback message failed." + ex.Message);
lvItem = null;
}
return(lvItem);
}
Boolean FilterCallback(IntPtr sendDataPtr, IntPtr replyDataPtr)
{
Boolean ret = true;
try
{
FilterAPI.MessageSendData messageSend = (FilterAPI.MessageSendData)Marshal.PtrToStructure(sendDataPtr, typeof(FilterAPI.MessageSendData));
if (FilterAPI.MESSAGE_SEND_VERIFICATION_NUMBER != messageSend.VerificationNumber)
{
MessageBoxHelper.PrepToCenterMessageBoxOnForm(this);
MessageBox.Show("Received message corrupted.Please check if the MessageSendData structure is correct.");
EventManager.WriteMessage(139, "FilterCallback", EventLevel.Error, "Received message corrupted.Please check if the MessageSendData structure is correct.");
return(false);
}
filterMessage.AddMessage(messageSend);
MonitorDemo.UnitTestCallbackHandler(messageSend);
string info = "FileMonitor process request " + FilterMessage.FormatIOName(messageSend) + ",pid:" + messageSend.ProcessId +
" ,filename:" + messageSend.FileName + ",return status:" + FilterMessage.FormatStatus(messageSend.Status);
if (messageSend.Status == (uint)NtStatus.Status.Success)
{
ret = false;
EventManager.WriteMessage(98, "FilterCallback", EventLevel.Verbose, info);
}
else
{
ret = true;
EventManager.WriteMessage(98, "FilterCallback", EventLevel.Error, info);
}
return(ret);
}
catch (Exception ex)
{
EventManager.WriteMessage(134, "FilterCallback", EventLevel.Error, "filter callback exception." + ex.Message);
return(false);
}
}
Boolean FilterCallback(IntPtr sendDataPtr, IntPtr replyDataPtr)
{
Boolean ret = true;
try
{
FilterAPI.MessageSendData messageSend = (FilterAPI.MessageSendData)Marshal.PtrToStructure(sendDataPtr, typeof(FilterAPI.MessageSendData));
if (FilterAPI.MESSAGE_SEND_VERIFICATION_NUMBER != messageSend.VerificationNumber)
{
MessageBoxHelper.PrepToCenterMessageBoxOnForm(this);
MessageBox.Show("Received message corrupted.Please check if the MessageSendData structure is correct.");
EventManager.WriteMessage(139, "FilterCallback", EventLevel.Error, "Received message corrupted.Please check if the MessageSendData structure is correct.");
return(false);
}
EventManager.WriteMessage(149, "FilterCallback", EventLevel.Verbose, "Received message Id#" + messageSend.MessageId + " type:" + messageSend.MessageType
+ " CreateOptions:" + messageSend.CreateOptions.ToString("X") + " infoClass:" + messageSend.InfoClass + " fileName:" + messageSend.FileName);
filterMessage.AddMessage(messageSend);
FileProtectorUnitTest.FileIOEventHandler(messageSend);
if (replyDataPtr.ToInt64() != 0)
{
FilterAPI.MessageReplyData messageReply = (FilterAPI.MessageReplyData)Marshal.PtrToStructure(replyDataPtr, typeof(FilterAPI.MessageReplyData));
//here you can control the IO behaviour and modify the data.
if (!FileProtectorUnitTest.UnitTestCallbackHandler(messageSend) || !FilterService.IOAccessControl(messageSend, ref messageReply))
{
//to comple the PRE_IO
messageReply.ReturnStatus = (uint)FilterAPI.NTSTATUS.STATUS_ACCESS_DENIED;
messageReply.FilterStatus = (uint)FilterAPI.FilterStatus.FILTER_COMPLETE_PRE_OPERATION;
EventManager.WriteMessage(160, "FilterCallback", EventLevel.Error, "Return error for I/O request:" + ((FilterAPI.MessageType)messageSend.MessageType).ToString() +
",fileName:" + messageSend.FileName);
}
else
{
messageReply.MessageId = messageSend.MessageId;
messageReply.MessageType = messageSend.MessageType;
messageReply.ReturnStatus = (uint)FilterAPI.NTSTATUS.STATUS_SUCCESS;
}
Marshal.StructureToPtr(messageReply, replyDataPtr, true);
}
string info = "FileProtector process request " + FilterMessage.FormatIOName(messageSend) + ",pid:" + messageSend.ProcessId +
" ,filename:" + messageSend.FileName + ",return status:" + FilterMessage.FormatStatus(messageSend.Status);
if (messageSend.Status == (uint)NtStatus.Status.Success)
{
ret = false;
EventManager.WriteMessage(98, "FilterCallback", EventLevel.Verbose, info);
}
else
{
ret = true;
EventManager.WriteMessage(98, "FilterCallback", EventLevel.Error, info);
}
return(ret);
}
catch (Exception ex)
{
EventManager.WriteMessage(134, "FilterCallback", EventLevel.Error, "filter callback exception." + ex.Message);
return(false);
}
}