Boolean FilterCallback(IntPtr sendDataPtr, IntPtr replyDataPtr) { Boolean ret = true; try { FilterAPI.MessageSendData messageSend = (FilterAPI.MessageSendData)Marshal.PtrToStructure(sendDataPtr, typeof(FilterAPI.MessageSendData)); if (FilterAPI.MESSAGE_SEND_VERIFICATION_NUMBER != messageSend.VerificationNumber) { MessageBoxHelper.PrepToCenterMessageBoxOnForm(this); MessageBox.Show("Received message corrupted.Please check if the MessageSendData structure is correct."); EventManager.WriteMessage(139, "FilterCallback", EventLevel.Error, "Received message corrupted.Please check if the MessageSendData structure is correct."); return(false); } EventManager.WriteMessage(149, "FilterCallback", EventLevel.Verbose, "Received message Id#" + messageSend.MessageId + " type:" + messageSend.MessageType + " CreateOptions:" + messageSend.CreateOptions.ToString("X") + " infoClass:" + messageSend.InfoClass + " fileName:" + messageSend.FileName); filterMessage.AddMessage(messageSend); FileProtectorUnitTest.FileIOEventHandler(messageSend); if (replyDataPtr.ToInt64() != 0) { FilterAPI.MessageReplyData messageReply = (FilterAPI.MessageReplyData)Marshal.PtrToStructure(replyDataPtr, typeof(FilterAPI.MessageReplyData)); //if (messageSend.MessageType == (uint)FilterAPI.FilterCommand.FILTER_SEND_PROCESS_TERMINATION_INFO) //{ // //the process termination callback, you can get the notification if you register the callback setting of the process filter. //} if (messageSend.MessageType == (uint)FilterAPI.FilterCommand.FILTER_SEND_PROCESS_CREATION_INFO) { //this is new process creation, you can block it here by returning the STATUS_ACCESS_DENIED, below is the process information FilterAPI.PROCESS_INFO processInfo = (FilterAPI.PROCESS_INFO)Marshal.PtrToStructure(sendDataPtr, typeof(FilterAPI.PROCESS_INFO)); messageReply.ReturnStatus = processInfo.Status; Marshal.StructureToPtr(messageReply, replyDataPtr, true); } else if (messageSend.MessageType == (uint)FilterAPI.FilterCommand.FILTER_REQUEST_ENCRYPTION_IV_AND_KEY) { //this is encryption filter rule with boolean config "REQUEST_ENCRYPT_KEY_AND_IV_FROM_SERVICE" enabled. //the filter driver request the IV and key to open or create the encrypted file. //if you want to deny the file open or creation, you set the value as below: //messageReply.ReturnStatus = (uint)FilterAPI.NTSTATUS.STATUS_ACCESS_DENIED; //messageReply.FilterStatus = (uint)FilterAPI.FilterStatus.FILTER_COMPLETE_PRE_OPERATION; EventManager.WriteMessage(200, "filtercallback", EventLevel.Verbose, messageSend.FileName + " FILTER_REQUEST_ENCRYPTION_IV_AND_KEY"); //Here we return the test iv and key to the filter driver, you need to replace with you own iv and key in your code. AESDataBuffer aesData = new AESDataBuffer(); aesData.AccessFlags = FilterAPI.ALLOW_MAX_RIGHT_ACCESS; aesData.IV = FilterAPI.DEFAULT_IV_TAG; aesData.IVLength = (uint)aesData.IV.Length; aesData.EncryptionKey = Utils.GetKeyByPassPhrase(DigitalRightControl.PassPhrase); aesData.EncryptionKeyLength = (uint)aesData.EncryptionKey.Length; byte[] aesDataArray = DigitalRightControl.ConvertAESDataToByteArray(aesData); messageReply.DataBufferLength = (uint)aesDataArray.Length; Array.Copy(aesDataArray, messageReply.DataBuffer, aesDataArray.Length); messageReply.ReturnStatus = (uint)FilterAPI.NTSTATUS.STATUS_SUCCESS; } else if (messageSend.MessageType == (uint)FilterAPI.FilterCommand.FILTER_REQUEST_ENCRYPTION_IV_AND_KEY_AND_TAGDATA) { //this is encryption filter rule with boolean config "REQUEST_ENCRYPT_KEY_IV_AND_TAGDATA_FROM_SERVICE" enabled. //the filter driver request the IV and key to open or create the encrypted file. //if you want to deny the file open or creation, you set the value as below: //messageReply.ReturnStatus = (uint)FilterAPI.NTSTATUS.STATUS_ACCESS_DENIED; //messageReply.FilterStatus = (uint)FilterAPI.FilterStatus.FILTER_COMPLETE_PRE_OPERATION; if (messageSend.DataBufferLength > 0) { //this is the tag data which attached to the encrypted file . string tagDataStr = Encoding.Unicode.GetString(messageSend.DataBuffer); EventManager.WriteMessage(235, "filtercallback", EventLevel.Verbose, "EncryptedFile:" + messageSend.FileName + ",tagData:" + tagDataStr); } //Here we return the test iv ,key and tag data to the filter driver, you need to replace with you own iv and key in your code. AESDataBuffer aesData = new AESDataBuffer(); aesData.AccessFlags = FilterAPI.ALLOW_MAX_RIGHT_ACCESS; aesData.IV = FilterAPI.DEFAULT_IV_TAG; aesData.IVLength = (uint)aesData.IV.Length; aesData.EncryptionKey = Utils.GetKeyByPassPhrase(DigitalRightControl.PassPhrase); aesData.EncryptionKeyLength = (uint)aesData.EncryptionKey.Length; aesData.TagData = Encoding.Unicode.GetBytes("TagData:" + messageSend.FileName); aesData.TagDataLength = (uint)aesData.TagData.Length; byte[] aesDataArray = DigitalRightControl.ConvertAESDataToByteArray(aesData); messageReply.DataBufferLength = (uint)aesDataArray.Length; Array.Copy(aesDataArray, messageReply.DataBuffer, aesDataArray.Length); messageReply.ReturnStatus = (uint)FilterAPI.NTSTATUS.STATUS_SUCCESS; } else { //this is for control filter driver when the pre-IO was registered. //here you can control the IO behaviour and modify the data. if (!FileProtectorUnitTest.UnitTestCallbackHandler(messageSend) || !FilterService.AuthorizeFileAccess(messageSend, ref messageReply)) { //to comple the PRE_IO messageReply.ReturnStatus = (uint)FilterAPI.NTSTATUS.STATUS_ACCESS_DENIED; messageReply.FilterStatus = (uint)FilterAPI.FilterStatus.FILTER_COMPLETE_PRE_OPERATION; EventManager.WriteMessage(160, "FilterCallback", EventLevel.Error, "Return error for I/O request:" + ((FilterAPI.MessageType)messageSend.MessageType).ToString() + ",fileName:" + messageSend.FileName); } else { messageReply.MessageId = messageSend.MessageId; messageReply.MessageType = messageSend.MessageType; messageReply.ReturnStatus = (uint)FilterAPI.NTSTATUS.STATUS_SUCCESS; } } Marshal.StructureToPtr(messageReply, replyDataPtr, true); } return(ret); } catch (Exception ex) { EventManager.WriteMessage(134, "FilterCallback", EventLevel.Error, "filter callback exception." + ex.Message); return(false); } }
private void ProtectorUnitTest() { FileProtectorUnitTest fileProtectorUnitTest = new FileProtectorUnitTest(); fileProtectorUnitTest.ShowDialog(); }
Boolean FilterCallback(IntPtr sendDataPtr, IntPtr replyDataPtr) { Boolean ret = true; try { FilterAPI.MessageSendData messageSend = (FilterAPI.MessageSendData)Marshal.PtrToStructure(sendDataPtr, typeof(FilterAPI.MessageSendData)); if (FilterAPI.MESSAGE_SEND_VERIFICATION_NUMBER != messageSend.VerificationNumber) { MessageBoxHelper.PrepToCenterMessageBoxOnForm(this); MessageBox.Show("Received message corrupted.Please check if the MessageSendData structure is correct."); EventManager.WriteMessage(139, "FilterCallback", EventLevel.Error, "Received message corrupted.Please check if the MessageSendData structure is correct."); return(false); } EventManager.WriteMessage(149, "FilterCallback", EventLevel.Verbose, "Received message Id#" + messageSend.MessageId + " type:" + messageSend.MessageType + " CreateOptions:" + messageSend.CreateOptions.ToString("X") + " infoClass:" + messageSend.InfoClass + " fileName:" + messageSend.FileName); filterMessage.AddMessage(messageSend); FileProtectorUnitTest.FileIOEventHandler(messageSend); if (replyDataPtr.ToInt64() != 0) { FilterAPI.MessageReplyData messageReply = (FilterAPI.MessageReplyData)Marshal.PtrToStructure(replyDataPtr, typeof(FilterAPI.MessageReplyData)); //here you can control the IO behaviour and modify the data. if (!FileProtectorUnitTest.UnitTestCallbackHandler(messageSend) || !FilterService.IOAccessControl(messageSend, ref messageReply)) { //to comple the PRE_IO messageReply.ReturnStatus = (uint)FilterAPI.NTSTATUS.STATUS_ACCESS_DENIED; messageReply.FilterStatus = (uint)FilterAPI.FilterStatus.FILTER_COMPLETE_PRE_OPERATION; EventManager.WriteMessage(160, "FilterCallback", EventLevel.Error, "Return error for I/O request:" + ((FilterAPI.MessageType)messageSend.MessageType).ToString() + ",fileName:" + messageSend.FileName); } else { messageReply.MessageId = messageSend.MessageId; messageReply.MessageType = messageSend.MessageType; messageReply.ReturnStatus = (uint)FilterAPI.NTSTATUS.STATUS_SUCCESS; } Marshal.StructureToPtr(messageReply, replyDataPtr, true); } string info = "FileProtector process request " + FilterMessage.FormatIOName(messageSend) + ",pid:" + messageSend.ProcessId + " ,filename:" + messageSend.FileName + ",return status:" + FilterMessage.FormatStatus(messageSend.Status); if (messageSend.Status == (uint)NtStatus.Status.Success) { ret = false; EventManager.WriteMessage(98, "FilterCallback", EventLevel.Verbose, info); } else { ret = true; EventManager.WriteMessage(98, "FilterCallback", EventLevel.Error, info); } return(ret); } catch (Exception ex) { EventManager.WriteMessage(134, "FilterCallback", EventLevel.Error, "filter callback exception." + ex.Message); return(false); } }