public void PathsRow_ExpandedPath()
{
var ruleset = new Ruleset();
var PathRow = ruleset.Paths.AddPathsRow("%windir%\\testpath.txt");
Assert.AreEqual(1, PathRow.ExpandedPaths.Length);
Assert.AreEqual(PathRow.ExpandedPaths[0], AdvEnvironment.ExpandEnvironmentVariables("%windir%\\testpath.txt"));
}
private static string[] ExpandFSPaths(Ruleset.PathsRow path)
{
var Result = new List <string>();
if (!AdvRegistry.IsRegistryPath(path.Path))
{
Result.Add(AdvEnvironment.ExpandEnvironmentVariables(path.Path));
}
return(Result.ToArray());
}
public void FilterSendMessage_AddExpandPaths()
{
var c = new COMMAND {
CommandType = COMMAND_TYPE.ADD, ID = 1, Path = "%windir%\\testfile.txt"
};
uint returnedBytes;
stub.FilterSendMessage(IntPtr.Zero, ref c, 0, IntPtr.Zero, 0, out returnedBytes);
var expectedPath = AdvEnvironment.ExpandEnvironmentVariables("%windir%\\testfile.txt").ToUpper();
Assert.IsTrue(stub.Paths.ContainsKey(expectedPath));
}
public void AddEqualPathWillNotAddSamePath()
{
// Arrange
var expectedPath = AdvEnvironment.ExpandEnvironmentVariables("%WINDIR%\\TEST.txt").ToUpper();
core.Start(ruleset, serviceInterface, null);
core.Ruleset.Paths.AddPathsRow("%WINDIR%\\TEST.txt");
core.Ruleset.Paths.AddPathsRow("%SystemRoot%\\TEST.txt");
Assert.AreEqual(1, fltLib.Paths.Count);
Assert.IsTrue(fltLib.Paths.ContainsKey(expectedPath));
}
public void AddRelativePath()
{
// Arrange
core.Start(ruleset, serviceInterface, null);
// Act
var ExpectedPath = "%windir%\\mytestpath.txt";
var ExpectedPathID = (uint)core.Ruleset.Paths.AddPathsRow(ExpectedPath).ID;
// Assert
ExpectedPath = AdvEnvironment.ExpandEnvironmentVariables(ExpectedPath).ToUpper();
Assert.AreEqual(ExpectedPathID, fltLib.Paths[ExpectedPath]);
}
public void Paths_ExpandedPath_HKCU()
{
var ExpectedList = new List <string>();
foreach (var sid in AdvEnvironment.GetAllUserSIDs())
{
ExpectedList.Add(@"\REGISTRY\USER\" + sid + @"\Software");
}
var TestRow = new Ruleset().Paths.AddPathsRow("123");
TestRow.Path = @"HKCU\Software";
CollectionAssert.AreEquivalent(ExpectedList, TestRow.ExpandedPaths);
TestRow.Path = @"HKEY_CURRENT_USER\Software";
CollectionAssert.AreEquivalent(ExpectedList, TestRow.ExpandedPaths);
}
public void EditRelativePath()
{
// Arrange
core.Start(ruleset, serviceInterface, null);
var ExpectedPath = "%tmp%\\mytestpath.txt";
var ExpectedPathID = core.Ruleset.Paths.AddPathsRow(ExpectedPath).ID;
// Act
var NewExpectedPath = "%windir%\\newpath.txt";
core.Ruleset.Paths[ExpectedPathID].Path = NewExpectedPath;
// Assert
NewExpectedPath = AdvEnvironment.ExpandEnvironmentVariables(NewExpectedPath).ToUpper();
Assert.AreEqual((uint)ExpectedPathID, fltLib.Paths[NewExpectedPath]);
}
public void Start_MustAddPathsToDriver_IncludingRelative()
{
// Arange
var AbsolutePath = "C:\\absolute_filesys_path.txt".ToUpper();
var AbsolutePathID = (uint)ruleset.Paths.AddPathsRow(AbsolutePath).ID;
var RelativePath = "%windir%\\relative_filesys_path.txt";
var RelativePathID = (uint)ruleset.Paths.AddPathsRow(RelativePath).ID;
// Act
core.Start(ruleset, serviceInterface, null);
// Assert
var ExpandedPath = AdvEnvironment.ExpandEnvironmentVariables(RelativePath).ToUpper();
Assert.AreEqual(AbsolutePathID, fltLib.Paths[AbsolutePath]);
Assert.AreEqual(RelativePathID, fltLib.Paths[ExpandedPath]);
}
public override int FilterSendMessage(IntPtr hPort, ref COMMAND lpInBuffer, uint dwInBufferSize, IntPtr lpOutBuffer, uint dwOutBufferSize, out uint lpBytesReturned)
{
if (lpInBuffer.CommandType == COMMAND_TYPE.ADD)
{
// Original FilterSendMessage returns this HRESULT when adding equal objects.
if (Paths.ContainsKey(AdvEnvironment.ExpandEnvironmentVariables(lpInBuffer.Path).ToUpper()))
{
lpBytesReturned = 0;
unchecked
{
return((int)0xC000022B); //NT_STATUS_DUPLICATE_OBJECTID
}
}
Paths.Add(AdvEnvironment.ExpandEnvironmentVariables(lpInBuffer.Path).ToUpper(), lpInBuffer.ID);
}
else
{
var ToDelete = new List <string>();
foreach (var key in Paths.Keys)
{
if (lpInBuffer.ID == Paths[key])
{
ToDelete.Add(key);
}
}
unchecked
{
if (ToDelete.Count == 0)
{
throw new COMException("(Exception from HRESULT: 0x80070490)", (int)0x80070490);
}
}
foreach (var key in ToDelete)
{
Paths.Remove(key);
}
}
lpBytesReturned = 0;
return(FilterSendMessageReturnCode);
}
