private void toolStripButton_Stop_Click(object sender, EventArgs e)
{
FilterAPI.StopFilter();
toolStripButton_StartFilter.Enabled = true;
toolStripButton_Stop.Enabled = false;
}
private static void ProcessFileControlTest()
{
try
{
FilterAPI.ResetConfigData();
//
//File access control test for process, to test block the new file creation for current process
//
string fileName = "test.txt";
uint currentPid = FilterAPI.GetCurrentProcessId();
uint accessFlag = FilterAPI.ALLOW_MAX_RIGHT_ACCESS & (uint)~FilterAPI.AccessFlag.ALLOW_OPEN_WITH_CREATE_OR_OVERWRITE_ACCESS;
if (!FilterAPI.AddFileControlToProcessById(currentPid, 2, "*", accessFlag))
{
AppendUnitTestResult("AddFileControlToProcessById failed:" + FilterAPI.GetLastErrorMessage(), Color.Red);
return;
}
try
{
File.AppendAllText(fileName, "This is test file content");
AppendUnitTestResult("File access control test for current process failed, can't block the new creation.", Color.Red);
}
catch (Exception ex)
{
AppendUnitTestResult("File access control flag ALLOW_OPEN_WITH_CREATE_OR_OVERWRITE_ACCESS test for current process passed", Color.Green);
}
}
catch (Exception ex)
{
AppendUnitTestResult("File access control test for current process failed," + ex.Message, Color.Red);
}
}
private void getEncryptedFileIVTagToolStripMenuItem_Click(object sender, EventArgs e)
{
InputForm inputForm = new InputForm("Input file name", "Plase input file name", "");
if (inputForm.ShowDialog() == System.Windows.Forms.DialogResult.OK)
{
string fileName = inputForm.InputText;
//by default we set the custom tag data with iv data
byte[] iv = new Byte[16];
uint ivLength = (uint)iv.Length;
bool retVal = FilterAPI.GetAESTagData(fileName, ref ivLength, iv);
if (!retVal)
{
MessageBoxHelper.PrepToCenterMessageBoxOnForm(this);
MessageBox.Show("GetAESTagData failed with error " + FilterAPI.GetLastErrorMessage(), "GetAESTagData", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
MessageBoxHelper.PrepToCenterMessageBoxOnForm(this);
MessageBox.Show("Get encrypted file " + fileName + " tag data succeeded.", "IV Tag", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
}
private static void ProcessFileIOCallbackTest()
{
try
{
FilterAPI.ResetConfigData();
//
//monitor and control IO callback notification test for current process
//
string fileName = GlobalConfig.AssemblyPath + "\\test.txt";
uint currentPid = FilterAPI.GetCurrentProcessId();
uint accessFlag = FilterAPI.ALLOW_MAX_RIGHT_ACCESS;
string currentProcessName = GlobalConfig.AssemblyName;
if (!FilterAPI.AddFileControlToProcessByName((uint)currentProcessName.Length * 2, currentProcessName, (uint)fileName.Length * 2, fileName, accessFlag))
{
AppendUnitTestResult("AddFileControlToProcessByName failed:" + FilterAPI.GetLastErrorMessage(), Color.Red);
return;
}
if (!FilterAPI.AddFileCallbackIOToProcessByName((uint)currentProcessName.Length * 2, currentProcessName, (uint)fileName.Length * 2, fileName,
(uint)FilterAPI.MessageType.POST_CREATE, (uint)FilterAPI.MessageType.PRE_CREATE, 0, 0, 0))
{
AppendUnitTestResult("AddFileControlToProcessByName failed:" + FilterAPI.GetLastErrorMessage(), Color.Red);
return;
}
try
{
File.AppendAllText(fileName, "This is test file content");
Thread.Sleep(2000);
if (monitorIONotification)
{
AppendUnitTestResult("Register monitor IO callback for current process test passed.", Color.Green);
}
else
{
AppendUnitTestResult("File monitor IO callback test failed, no monitor callback.", Color.Red);
}
if (controlIONotification)
{
AppendUnitTestResult("Register control IO callback for current process test passed.", Color.Green);
}
else
{
AppendUnitTestResult("File control IO callback test failed, no monitor callback.", Color.Red);
}
}
catch (Exception ex)
{
AppendUnitTestResult("Register monitor/control IO callback for current process failed." + ex.Message, Color.Red);
}
}
catch (Exception ex)
{
AppendUnitTestResult("File access control test for current process failed," + ex.Message, Color.Red);
}
}
public static bool StartService()
{
//Purchase a license key with the link: http://www.easefilter.com/Order.htm
//Email us to request a trial key: [email protected] //free email is not accepted.
string registerKey = GlobalConfig.registerKey;
bool ret = false;
try
{
string lastError = string.Empty;
EventManager.WriteMessage(37, "StartFilter", EventLevel.Information, "Starting filter service.....");
ret = FilterAPI.StartFilter((int)GlobalConfig.FilterConnectionThreads
, registerKey
, new FilterAPI.FilterDelegate(FilterCallback)
, new FilterAPI.DisconnectDelegate(DisconnectCallback)
, ref lastError);
if (!ret)
{
EventManager.WriteMessage(43, "StartFilter", EventLevel.Error, "Start filter service failed with error " + lastError);
return(ret);
}
GlobalConfig.SendConfigSettingsToFilter();
EventManager.WriteMessage(102, "StartFilter", EventLevel.Information, "Start filter service succeeded.");
}
catch (Exception ex)
{
EventManager.WriteMessage(104, "StartFilter", EventLevel.Error, "Start filter service failed with error " + ex.Message);
}
return(ret);
}
private void button_StartToDecrypt_Click(object sender, EventArgs e)
{
try
{
string fileName = textBox_FileNameToDecrypt.Text;
string passwordPhrase = textBox_PasswordToDecrypt.Text;
byte[] key = Utils.GetKeyByPassPhrase(passwordPhrase);
if (!FilterAPI.AESEncryptFile(fileName, (uint)key.Length, key, (uint)FilterAPI.DEFAULT_IV_TAG.Length, FilterAPI.DEFAULT_IV_TAG, false))
{
string lastError = "Decrypt file " + fileName + " failed with error:" + FilterAPI.GetLastErrorMessage();
ShowMessage(lastError, MessageBoxIcon.Error);
}
else
{
string lastError = "Decrypt file " + fileName + " succeeded.";
ShowMessage(lastError, MessageBoxIcon.Information);
}
}
catch (Exception ex)
{
string lastError = "Decrypt file failed with error:" + ex.Message;
ShowMessage(lastError, MessageBoxIcon.Error);
}
}
public static bool StopService()
{
FilterAPI.StopFilter();
GlobalConfig.Stop();
return(true);
}
private void toolStripButton_StartFilter_Click(object sender, EventArgs e)
{
try
{
string lastError = string.Empty;
bool ret = FilterAPI.StartFilter((int)GlobalConfig.FilterConnectionThreads
, registerKey
, new FilterAPI.FilterDelegate(FilterCallback)
, new FilterAPI.DisconnectDelegate(DisconnectCallback)
, ref lastError);
if (!ret)
{
MessageBoxHelper.PrepToCenterMessageBoxOnForm(this);
MessageBox.Show("Start filter failed." + lastError);
return;
}
toolStripButton_StartFilter.Enabled = false;
toolStripButton_Stop.Enabled = true;
GlobalConfig.SendConfigSettingsToFilter();
EventManager.WriteMessage(102, "StartFilter", EventLevel.Information, "Start filter service succeeded.");
}
catch (Exception ex)
{
EventManager.WriteMessage(104, "StartFilter", EventLevel.Error, "Start filter service failed with error " + ex.Message);
}
}
private void exitToolStripMenuItem_Exit_Click(object sender, EventArgs e)
{
GlobalConfig.Stop();
FilterAPI.StopFilter();
Application.Exit();
}
private void RegMonForm_FormClosing(object sender, FormClosingEventArgs e)
{
FilterAPI.ResetConfigData();
FilterAPI.StopFilter();
GlobalConfig.Stop();
Application.Exit();
}
static WebAPIServices()
{
if (accountName.Trim().Length == 0)
{
accountName = "testaccount." + Environment.MachineName + "." + Guid.NewGuid().ToString();
GlobalConfig.AccountName = accountName;
}
accountName = FilterAPI.AESEncryptDecryptStr(accountName, FilterAPI.EncryptType.Encryption);
}
public ListViewItem FormatRegistryMessage(FilterAPI.MessageSendData messageSend)
{
ListViewItem lvItem = new ListViewItem();
try
{
string userName = string.Empty;
string processName = string.Empty;
FilterAPI.DecodeUserName(messageSend.Sid, out userName);
FilterAPI.DecodeProcessName(messageSend.ProcessId, out processName);
string[] listData = new string[listView_Message.Columns.Count];
int col = 0;
listData[col++] = messageSend.MessageId.ToString();
listData[col++] = FormatDateTime(messageSend.TransactionTime);
listData[col++] = userName;
listData[col++] = processName + " (" + messageSend.ProcessId + ")";
listData[col++] = messageSend.ThreadId.ToString();
listData[col++] = GetRegCallbackClassName(messageSend);
listData[col++] = messageSend.FileName;
listData[col++] = FilterMessage.FormatStatus(messageSend.Status);
listData[col++] = RegistryHandler.FormatDescription(messageSend);
lvItem = new ListViewItem(listData, 0);
if (messageSend.Status >= (uint)NtStatus.Status.Error)
{
lvItem.BackColor = Color.LightGray;
lvItem.ForeColor = Color.Red;
}
else if (messageSend.Status > (uint)NtStatus.Status.Warning)
{
lvItem.BackColor = Color.LightGray;
lvItem.ForeColor = Color.Yellow;
}
if (GlobalConfig.EnableLogTransaction)
{
FilterMessage.LogTrasaction(listData);
}
AddItemToList(lvItem);
}
catch (Exception ex)
{
EventManager.WriteMessage(445, "GetFilterMessage", EventLevel.Error, "Add callback message failed." + ex.Message);
lvItem = null;
}
return(lvItem);
}
public void StartFilterUnitTest()
{
try
{
FilterAPI.ResetConfigData();
RegistryUnitTest.RegistryFilterUnitTest(richTextBox_TestResult);
GlobalConfig.Load();
}
catch (Exception ex)
{
richTextBox_TestResult.Text = "Filter test exception:" + ex.Message;
}
}
private void ProtectorForm_FormClosed(object sender, FormClosedEventArgs e)
{
MessageBoxHelper.PrepToCenterMessageBoxOnForm(this);
if (MessageBox.Show("Do you want to minimize to system tray?", "Close", MessageBoxButtons.YesNo, MessageBoxIcon.Question) == System.Windows.Forms.DialogResult.Yes)
{
}
else
{
FilterAPI.StopFilter();
GlobalConfig.Stop();
Application.Exit();
}
}
private void DisplayInfo()
{
bool retVal = false;
string myComputerId = string.Empty;
string lastError = string.Empty;
retVal = FilterAPI.GetUniqueComputerId(ref myComputerId, ref lastError);
string version = System.Reflection.Assembly.GetExecutingAssembly().GetName().Version.ToString();
if (retVal)
{
this.Text += " ComputerId: " + myComputerId + " Version: " + version;
}
}
private void toolStripButton_StartFilter_Click(object sender, EventArgs e)
{
try
{
string lastError = string.Empty;
//Test();
//return;
bool ret = FilterAPI.StartFilter((int)GlobalConfig.FilterConnectionThreads
, registerKey
, new FilterAPI.FilterDelegate(FilterCallback)
, new FilterAPI.DisconnectDelegate(DisconnectCallback)
, ref lastError);
if (!ret)
{
MessageBoxHelper.PrepToCenterMessageBoxOnForm(this);
MessageBox.Show("Start filter failed." + lastError);
return;
}
toolStripButton_StartFilter.Enabled = false;
toolStripButton_Stop.Enabled = true;
if (GlobalConfig.FilterRules.Count == 0 && null != sender)
{
FilterRule filterRule = new FilterRule();
filterRule.IncludeFileFilterMask = "c:\\test\\*";
filterRule.ExcludeFileFilterMasks = "c:\\windows*";
filterRule.EventType = (uint)(FilterAPI.EVENTTYPE.WRITTEN | FilterAPI.EVENTTYPE.CREATED | FilterAPI.EVENTTYPE.DELETED | FilterAPI.EVENTTYPE.RENAMED);
filterRule.AccessFlag = (uint)FilterAPI.ALLOW_MAX_RIGHT_ACCESS;
GlobalConfig.FilterRules.Add(filterRule.IncludeFileFilterMask, filterRule);
MessageBoxHelper.PrepToCenterMessageBoxOnForm(this);
MessageBox.Show("You don't have any monitor folder setup, add c:\\test\\* as your default test folder, I/Os from c:\\test\\* will show up in the console.");
}
GlobalConfig.SendConfigSettingsToFilter();
EventManager.WriteMessage(102, "StartFilter", EventLevel.Information, "Start filter service succeeded.");
}
catch (Exception ex)
{
EventManager.WriteMessage(104, "StartFilter", EventLevel.Error, "Start filter service failed with error " + ex.Message);
}
}
public bool StartService(ref string lastError)
{
//Purchase a license key with the link: http://www.easefilter.com/Order.htm
//Email us to request a trial key: [email protected] //free email is not accepted.
string registerKey = GlobalConfig.registerKey;
bool ret = false;
lastError = string.Empty;
try
{
ret = FilterAPI.StartFilter((int)GlobalConfig.FilterConnectionThreads
, registerKey
, new FilterAPI.FilterDelegate(FilterCallback)
, new FilterAPI.DisconnectDelegate(DisconnectCallback)
, ref lastError);
if (!ret)
{
lastError = "Start filter service failed with error " + lastError;
EventManager.WriteMessage(43, "StartFilter", EventLevel.Error, lastError);
return(ret);
}
if (GlobalConfig.FilterRules.Count == 0)
{
FilterRule filterRule = new FilterRule();
filterRule.IncludeFileFilterMask = "c:\\test\\*";
filterRule.ExcludeFileFilterMasks = "c:\\windows*";
filterRule.EventType = (uint)(FilterAPI.EVENTTYPE.WRITTEN | FilterAPI.EVENTTYPE.CREATED | FilterAPI.EVENTTYPE.DELETED | FilterAPI.EVENTTYPE.RENAMED);
filterRule.AccessFlag = (uint)FilterAPI.ALLOW_MAX_RIGHT_ACCESS;
GlobalConfig.FilterRules.Add(filterRule.IncludeFileFilterMask, filterRule);
MessageBox.Show("You don't have any monitor folder setup, add c:\\test\\* as your default test folder, I/Os from c:\\test\\* will show up in the console.");
}
GlobalConfig.SendConfigSettingsToFilter();
EventManager.WriteMessage(102, "StartFilter", EventLevel.Information, "Start filter service succeeded.");
}
catch (Exception ex)
{
lastError = "Start filter service failed with error " + ex.Message;
EventManager.WriteMessage(104, "StartFilter", EventLevel.Error, lastError);
}
return(ret);
}
FileEvent DecodeFilterMessage(FilterAPI.MessageSendData messageSend)
{
try
{
string userName = string.Empty;
string processName = string.Empty;
string fileName = messageSend.FileName;
string description = string.Empty;
FileAttributes fileAttributes = (FileAttributes)messageSend.FileAttributes;
DateTime timestamp = DateTime.FromFileTime(messageSend.TransactionTime);
FileEventResult result = (messageSend.Status == (uint)FilterAPI.NTSTATUS.STATUS_SUCCESS) ? FileEventResult.SUCCESS : FileEventResult.FAILURE;
FilterAPI.DecodeUserName(messageSend.Sid, out userName);
FilterAPI.DecodeProcessName(messageSend.ProcessId, out processName);
FilterAPI.EVENTTYPE eventType = (FilterAPI.EVENTTYPE)messageSend.InfoClass;
if ((eventType & FilterAPI.EVENTTYPE.RENAMED) == FilterAPI.EVENTTYPE.RENAMED)
{
description = "file was renamed to " + Encoding.Unicode.GetString(messageSend.DataBuffer);
description = description.Substring(0, description.IndexOf('\0'));
}
if (eventType != FilterAPI.EVENTTYPE.NONE)
{
FileEvent fileEvent = new FileEvent();
fileEvent.User = userName;
fileEvent.Process = processName;
fileEvent.Resource = fileName;
fileEvent.Result = result;
fileEvent.Timestamp = timestamp;
fileEvent.Type = eventType;
fileEvent.Description = description;
fileEvent.Attributes = fileAttributes;
return(fileEvent);
}
}
catch (Exception ex)
{
EventManager.WriteMessage(296, "DecodeFilterMessage", EventLevel.Error, "Decode filter message failed because of error:" + ex.Message);
}
return(null);
}
public ListViewItem FormatProcessInfo(FilterAPI.PROCESS_INFO processInfo)
{
ListViewItem lvItem = new ListViewItem();
try
{
string userName = string.Empty;
FilterAPI.DecodeUserName(processInfo.Sid, out userName);
string[] listData = new string[listView_Message.Columns.Count];
int col = 0;
listData[col++] = processInfo.MessageId.ToString();
listData[col++] = ((FilterAPI.FilterCommand)processInfo.MessageType).ToString();
listData[col++] = userName;
listData[col++] = processInfo.ImageFileName + " (" + processInfo.ProcessId + ")";
listData[col++] = processInfo.ThreadId.ToString();
listData[col++] = FormatDescription(processInfo);
lvItem = new ListViewItem(listData, 0);
if (processInfo.Status >= (uint)NtStatus.Status.Error)
{
lvItem.BackColor = Color.LightGray;
lvItem.ForeColor = Color.Red;
}
else if (processInfo.Status > (uint)NtStatus.Status.Warning)
{
lvItem.BackColor = Color.LightGray;
lvItem.ForeColor = Color.Yellow;
}
if (GlobalConfig.EnableLogTransaction)
{
FilterMessage.LogTrasaction(listData);
}
AddItemToList(lvItem);
}
catch (Exception ex)
{
EventManager.WriteMessage(445, "GetFilterMessage", EventLevel.Error, "Add callback message failed." + ex.Message);
lvItem = null;
}
return(lvItem);
}
private void toolStripButton_StartFilter_Click(object sender, EventArgs e)
{
try
{
string lastError = string.Empty;
bool ret = FilterAPI.StartFilter((int)GlobalConfig.FilterConnectionThreads
, registerKey
, new FilterAPI.FilterDelegate(FilterCallback)
, new FilterAPI.DisconnectDelegate(DisconnectCallback)
, ref lastError);
if (!ret)
{
MessageBoxHelper.PrepToCenterMessageBoxOnForm(this);
MessageBox.Show("Start filter failed." + lastError);
return;
}
toolStripButton_StartFilter.Enabled = false;
toolStripButton_Stop.Enabled = true;
if (GlobalConfig.RegistryFilterRules.Count == 0 && null != sender)
{
RegistryFilterRule regFilterRule = new RegistryFilterRule();
regFilterRule.ProcessNameFilterMask = "*";
regFilterRule.AccessFlag = FilterAPI.MAX_REGITRY_ACCESS_FLAG;
regFilterRule.RegCallbackClass = 93092006832128;
GlobalConfig.AddRegistryFilterRule(regFilterRule);
MessageBoxHelper.PrepToCenterMessageBoxOnForm(this);
MessageBox.Show("You didn't setup any filtere rule, by defult it will monitor all registry access.");
}
GlobalConfig.SendConfigSettingsToFilter();
EventManager.WriteMessage(102, "StartFilter", EventLevel.Information, "Start filter service succeeded.");
}
catch (Exception ex)
{
EventManager.WriteMessage(104, "StartFilter", EventLevel.Error, "Start filter service failed with error " + ex.Message);
}
}
private static void NewProcessCallbackTest()
{
try
{
FilterAPI.ResetConfigData();
//
//Process control flag test, new process creation notification.
//
string processName = "cmd.exe";
uint controlFlag = (uint)FilterAPI.ProcessControlFlag.PROCESS_CREATION_NOTIFICATION;
if (!FilterAPI.AddProcessFilterRule((uint)processName.Length * 2, processName, controlFlag, 0))
{
AppendUnitTestResult("AddProcessFilterRule failed:" + FilterAPI.GetLastErrorMessage(), Color.Red);
return;
}
try
{
//start new process should be fine
var proc = System.Diagnostics.Process.Start(processName);
proc.Kill();
Thread.Sleep(1000);
if (newProcessCreationNotification)
{
AppendUnitTestResult("PROCESS_CREATION_NOTIFICATION control flag test passed.", Color.Green);
}
else
{
AppendUnitTestResult("PROCESS_CREATION_NOTIFICATION test failed, didn't receive the new process creation notification.", Color.Red);
}
}
catch (Exception ex)
{
AppendUnitTestResult("PROCESS_CREATION_NOTIFICATION failed," + ex.Message, Color.Red);
}
}
catch (Exception ex)
{
AppendUnitTestResult("PROCESS_CREATION_NOTIFICATION failed," + ex.Message, Color.Red);
}
}
static bool ConvertSidToUserNameAndStringSid(IntPtr sidBuffer, out string userName, out string userSid)
{
bool ret = true;
IntPtr sidStringPtr = IntPtr.Zero;
string sidString = string.Empty;
userName = string.Empty;
userSid = string.Empty;
try
{
if (FilterAPI.ConvertSidToStringSid(sidBuffer, out sidStringPtr))
{
sidString = Marshal.PtrToStringAuto(sidStringPtr);
SecurityIdentifier secIdentifier = new SecurityIdentifier(sidString);
IdentityReference reference = secIdentifier.Translate(typeof(NTAccount));
userName = reference.Value;
userSid = secIdentifier.ToString();
}
else
{
string errorMessage = "Convert sid to sid string failed, error code:" + Marshal.GetLastWin32Error();
Console.WriteLine(errorMessage);
}
}
catch (Exception ex)
{
string errorMessage = string.Format("Convert sid to user name got exception:{0}", ex.Message);
Console.WriteLine(errorMessage);
userName = errorMessage;
ret = false;
}
finally
{
if (sidStringPtr != null && sidStringPtr != IntPtr.Zero)
{
IntPtr res = FilterAPI.LocalFree(sidStringPtr);
}
}
return(ret);
}
private void getEncryptedFileIVTagToolStripMenuItem_Click(object sender, EventArgs e)
{
InputForm inputForm = new InputForm("Input file name", "Plase input file name", "");
if (inputForm.ShowDialog() == System.Windows.Forms.DialogResult.OK)
{
string fileName = inputForm.InputText;
byte[] iv = null;
string lastError = string.Empty;
if (FilterAPI.GetIVTag(fileName, ref iv, out lastError))
{
MessageBoxHelper.PrepToCenterMessageBoxOnForm(this);
MessageBox.Show("Get encrypted file " + fileName + " iv tag:" + Utils.ByteArrayToHexStr(iv), "IV Tag", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
{
MessageBoxHelper.PrepToCenterMessageBoxOnForm(this);
MessageBox.Show("Get encrypted file " + fileName + " iv tag failed with error " + lastError, "IV Tag", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
private void button_GetComputerId_Click(object sender, EventArgs e)
{
bool retVal = false;
string myComputerId = string.Empty;
string lastError = string.Empty;
retVal = FilterAPI.GetUniqueComputerId(ref myComputerId, ref lastError);
if (retVal)
{
textBox_IncludeComputerIds.Text = myComputerId;
MessageBoxHelper.PrepToCenterMessageBoxOnForm(this);
MessageBox.Show("This is your local computer unique id:\r\n\r\n" + myComputerId, "Get computer info", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
{
MessageBoxHelper.PrepToCenterMessageBoxOnForm(this);
MessageBox.Show(lastError, "Get computer info", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
return;
}
private static void DenyNewProcessTest()
{
try
{
FilterAPI.ResetConfigData();
//
//Process control flag test,deny new process creation.
//
uint controlFlag = (uint)FilterAPI.ProcessControlFlag.DENY_NEW_PROCESS_CREATION;
//start new process should be fine
string processName = "cmd.exe";
var proc = System.Diagnostics.Process.Start(processName);
proc.Kill();
if (!FilterAPI.AddProcessFilterRule((uint)processName.Length * 2, processName, controlFlag, 0))
{
AppendUnitTestResult("AddProcessFilterRule failed:" + FilterAPI.GetLastErrorMessage(), Color.Red);
return;
}
try
{
proc = System.Diagnostics.Process.Start(processName);
proc.Kill();
AppendUnitTestResult("DENY_NEW_PROCESS_CREATION control flag test failed, denied process launch was failed.", Color.Red);
}
catch (Exception ex)
{
AppendUnitTestResult("DENY_NEW_PROCESS_CREATION control flag test passed.", Color.Green);
}
}
catch (Exception ex)
{
AppendUnitTestResult("DENY_NEW_PROCESS_CREATION failed, return error:" + ex.Message, Color.Red);
}
}
private void button_StartToEncrypt_Click(object sender, EventArgs e)
{
try
{
string fileName = textBox_EncryptSourceName.Text;
string targetFileName = textBox_EncryptTargetName.Text;
byte[] key = Utils.GetKeyByPassPhrase(GlobalConfig.MasterPassword, 32);
bool retVal = false;
byte[] iv = Utils.GetIVByPassPhrase(GlobalConfig.MasterPassword);
if (fileName.Equals(targetFileName, StringComparison.CurrentCulture))
{
retVal = FilterAPI.AESEncryptFileWithTag(fileName, (uint)key.Length, key, (uint)iv.Length, iv, (uint)iv.Length, iv);
}
else
{
retVal = FilterAPI.AESEncryptFileToFileWithTag(fileName, targetFileName, (uint)key.Length, key, (uint)iv.Length, iv, (uint)iv.Length, iv);
}
if (!retVal)
{
string lastError = "Encrypt file " + targetFileName + " failed with error:" + FilterAPI.GetLastErrorMessage();
ShowMessage(lastError, MessageBoxIcon.Error);
}
else
{
string lastError = "Encrypt file " + fileName + " to " + targetFileName + " succeeded.";
ShowMessage(lastError, MessageBoxIcon.Information);
}
}
catch (Exception ex)
{
string lastError = "Encrypt file failed with error:" + ex.Message;
ShowMessage(lastError, MessageBoxIcon.Error);
}
}
public ActionResult <IEnumerable <Product> > GetFilteredProducts([FromBody] FilterAPI filter)
{
var prods = _context.Products.Include(r => r.Category).Include(r => r.Brand).AsEnumerable();
if (prods == null)
{
return(Ok(prods));
}
if (filter.categoryId != Guid.Empty)
{
prods = prods.Where(x => x.CategoryId == filter.categoryId);
}
if (filter.brandId != Guid.Empty)
{
prods = prods.Where(x => x.BrandId == filter.brandId);
}
if (filter.text != null)
{
prods = prods.Where(x => x.Name.Contains(filter.text, StringComparison.OrdinalIgnoreCase) || x.Description.Contains(filter.text, StringComparison.OrdinalIgnoreCase));
}
return(Ok(prods));
}
public static bool IOAccessControl(FilterAPI.MessageSendData messageSend, ref FilterAPI.MessageReplyData messageReply)
{
bool ret = true;
try
{
messageReply.MessageId = messageSend.MessageId;
messageReply.MessageType = messageSend.MessageType;
//
//here you can control all the registered IO requests,block the access or modify the I/O data base on the file IO information from MessageSend struture
//
//
//if you don't want to change anything to this IO request, just let it pass through as below setting:
//messageReply.FilterStatus = 0;
//messageReply.ReturnStatus = (uint)NtStatus.Status.Success;
//if you want to block the access this IO request before it goes down to the file system, you can return the status as below,
//it is only for pre IO requests, it means the user IO reuqests will be completed here instead of going down to the file system.
//messageReply.FilterStatus = (uint)FilterAPI.FilterStatus.FILTER_COMPLETE_PRE_OPERATION;
//messageReply.ReturnStatus = (uint)NtStatus.Status.AccessDenied;
//if you want to modify the IO data and complete the pre IO with your own data, you can return status as below:
// messageReply.FilterStatus = (uint)FilterAPI.FilterStatus.FILTER_COMPLETE_PRE_OPERATION | (uint)FilterAPI.FilterStatus.FILTER_DATA_BUFFER_IS_UPDATED;
// messageReply.DataBufferLength = the return data buffer length.
// messageReply.DataBuffer = the data you want to return.
// messageReply.ReturnStatus = (uint)NtStatus.Status.Success;
FilterAPI.MessageType messageType = (FilterAPI.MessageType)messageSend.MessageType;
WinData.FileInfomationClass infoClass = (WinData.FileInfomationClass)messageSend.InfoClass;
uint dataLength = messageSend.DataBufferLength;
byte[] data = messageSend.DataBuffer;
//here is some IO information for your reference:
if ((messageSend.CreateOptions & (uint)WinData.CreateOptions.FO_REMOTE_ORIGIN) > 0)
{
//this is file access request comes from remote network server
}
//you can check the file create option with this data:
//"DesiredAccess: messageSend.DesiredAccess
//"Disposition:" + ((WinData.Disposition)messageSend.Disposition).ToString();
//"ShareAccess:" + ((WinData.ShareAccess)messageSend.SharedAccess).ToString();
//"CreateOptions:"messageSend.CreateOptions
//Here is the demo to copy file content before it was deleted.-----------------------------------------------
bool isFileDeleted = false;
if (messageSend.Status == (uint)NtStatus.Status.Success)
{
if (messageType == FilterAPI.MessageType.POST_CREATE)
{
if ((messageSend.CreateOptions & (uint)WinData.CreateOptions.FILE_DELETE_ON_CLOSE) > 0)
{
isFileDeleted = true;
}
}
else if (messageType == FilterAPI.MessageType.POST_SET_INFORMATION)
{
if (infoClass == WinData.FileInfomationClass.FileDispositionInformation)
{
isFileDeleted = true;
}
}
if (isFileDeleted)
{
IntPtr fileHandle = IntPtr.Zero;
bool retVal = FilterAPI.GetFileHandleInFilter(messageSend.FileName, (uint)FileAccess.Read, ref fileHandle);
if (retVal)
{
SafeFileHandle sHandle = new SafeFileHandle(fileHandle, true);
FileStream fileStream = new FileStream(sHandle, FileAccess.Read);
//copy your data here...
fileStream.Close();
}
}
}
//End -----------------------------------------------
switch (messageType)
{
case FilterAPI.MessageType.PRE_CREATE:
{
//here you reparse the file open to another new file name
//string newReparseFileName = "\\??\\c:\\myNewFile.txt";
//byte[] returnData = Encoding.Unicode.GetBytes(newReparseFileName);
//Array.Copy(returnData, messageReply.DataBuffer, returnData.Length);
//messageReply.DataBufferLength = (uint)returnData.Length;
//messageReply.FilterStatus = (uint)FilterAPI.FilterStatus.FILTER_COMPLETE_PRE_OPERATION;
//messageReply.ReturnStatus = (uint)NtStatus.Status.Reparse;
break;
}
case FilterAPI.MessageType.PRE_CACHE_READ:
case FilterAPI.MessageType.POST_CACHE_READ:
case FilterAPI.MessageType.PRE_NOCACHE_READ:
case FilterAPI.MessageType.POST_NOCACHE_READ:
case FilterAPI.MessageType.PRE_PAGING_IO_READ:
case FilterAPI.MessageType.POST_PAGING_IO_READ:
case FilterAPI.MessageType.PRE_CACHE_WRITE:
case FilterAPI.MessageType.POST_CACHE_WRITE:
case FilterAPI.MessageType.PRE_NOCACHE_WRITE:
case FilterAPI.MessageType.POST_NOCACHE_WRITE:
case FilterAPI.MessageType.PRE_PAGING_IO_WRITE:
case FilterAPI.MessageType.POST_PAGING_IO_WRITE:
{
//byte[] returnData = //new data you want to modify the read/write data;
//Array.Copy(returnData, messageReply.DataBuffer, returnData.Length);
//messageReply.DataBufferLength = (uint)returnData.Length;
////for pre IO,use this one
//// messageReply.FilterStatus = (uint)FilterAPI.FilterStatus.FILTER_COMPLETE_PRE_OPERATION | (uint)FilterAPI.FilterStatus.FILTER_DATA_BUFFER_IS_UPDATED;
// messageReply.FilterStatus = (uint)FilterAPI.FilterStatus.FILTER_DATA_BUFFER_IS_UPDATED;
// messageReply.ReturnStatus = (uint)NtStatus.Status.Success;
break;
}
case FilterAPI.MessageType.PRE_SET_INFORMATION:
case FilterAPI.MessageType.POST_SET_INFORMATION:
case FilterAPI.MessageType.PRE_QUERY_INFORMATION:
case FilterAPI.MessageType.POST_QUERY_INFORMATION:
{
ret = true;
switch (infoClass)
{
case WinData.FileInfomationClass.FileRenameInformation:
{
//you can block file rename as below
//messageReply.FilterStatus = (uint)FilterAPI.FilterStatus.FILTER_COMPLETE_PRE_OPERATION;
//messageReply.ReturnStatus = (uint)NtStatus.Status.AccessDenied;
break;
}
case WinData.FileInfomationClass.FileDispositionInformation:
{
//you can block file delete as below
//messageReply.FilterStatus = (uint)FilterAPI.FilterStatus.FILTER_COMPLETE_PRE_OPERATION;
//messageReply.ReturnStatus = (uint)NtStatus.Status.AccessDenied;
break;
}
case WinData.FileInfomationClass.FileEndOfFileInformation:
{
//change file size
break;
}
case WinData.FileInfomationClass.FileBasicInformation:
{
//file basic information
break;
}
case WinData.FileInfomationClass.FileStandardInformation:
{
//file standard information
break;
}
case WinData.FileInfomationClass.FileNetworkOpenInformation:
{
//file network information
break;
}
case WinData.FileInfomationClass.FileInternalInformation:
{
//file internal inofrmation
break;
}
default:
{
ret = false;
break;
}
}
break;
}
}
}
catch (Exception ex)
{
EventManager.WriteMessage(174, "IOAccessControl", EventLevel.Error, "IOAccessControl failed." + ex.Message);
}
return(ret);
}
private void uninstallDriverToolStripMenuItem_Click(object sender, EventArgs e)
{
FilterAPI.UnInstallDriver();
}
/// <summary>
/// The main entry point for the application.
/// </summary>
static void Main(string[] args)
{
bool mutexCreated = false;
System.Threading.Mutex mutex = new System.Threading.Mutex(true, "EaseFilter", out mutexCreated);
try
{
if (!mutexCreated)
{
Console.WriteLine("There are another EaseFilter service instance running, can't start the second one.");
return;
}
Utils.CopyOSPlatformDependentFiles();
if (Environment.UserInteractive)
{
if (args.Length > 0)
{
string command = args[0];
switch (command.ToLower())
{
case "-installdriver":
{
bool ret = FilterAPI.InstallDriver();
if (!ret)
{
Console.WriteLine("Install driver failed:" + FilterAPI.GetLastErrorMessage());
}
else
{
Console.WriteLine("Install driver succeeded.");
}
break;
}
case "-uninstalldriver":
{
FilterAPI.StopFilter();
bool ret = FilterAPI.UnInstallDriver();
if (!ret)
{
Console.WriteLine("UnInstall driver failed:" + FilterAPI.GetLastErrorMessage());
}
else
{
Console.WriteLine("UnInstall driver succeeded.");
}
break;
}
case "-installservice":
{
try
{
ManagedInstallerClass.InstallHelper(new string[] { Assembly.GetExecutingAssembly().Location });
}
catch (Exception ex)
{
Console.WriteLine("Install service failed:" + ex.Message);
}
break;
}
case "-uninstallservice":
{
try
{
ManagedInstallerClass.InstallHelper(new string[] { "/u", Assembly.GetExecutingAssembly().Location });
}
catch (Exception ex)
{
Console.WriteLine("UnInstall service failed:" + ex.Message);
}
break;
}
case "-console":
{
try
{
Console.WriteLine("Starting FileProtectorCS console application...");
GlobalConfig.EventLevel = EventLevel.Trace;
GlobalConfig.EventOutputType = EventOutputType.Console;
FilterWorker.StartService();
Console.WriteLine("\n\nPress any key to stop program");
Console.Read();
FilterWorker.StopService();
}
catch (Exception ex)
{
Console.WriteLine("Start FileProtectorCS service failed:" + ex.Message);
}
break;
}
case "-enable":
{
try
{
Console.WriteLine("Enable FileProtectorCS service...");
GlobalConfig.EventLevel = EventLevel.Trace;
GlobalConfig.EventOutputType = EventOutputType.Console;
FilterAPI.UnInstallDriver();
bool ret = FilterAPI.InstallDriver();
if (!ret)
{
Console.WriteLine("Install driver failed:" + FilterAPI.GetLastErrorMessage());
}
else
{
Console.WriteLine("Install driver succeeded.");
}
FilterWorker.StartService();
FilterWorker.StopService();
Console.WriteLine("Enable FileProtectorCS completed.");
}
catch (Exception ex)
{
Console.WriteLine("Start FileProtectorCS service failed:" + ex.Message);
}
break;
}
case "-disable":
{
try
{
FilterAPI.ResetConfigData();
Console.WriteLine("Disable FileProtectorCS completed.");
}
catch (Exception ex)
{
Console.WriteLine("Disable FileProtectorCS service failed:" + ex.Message);
}
break;
}
default: Console.WriteLine("The command " + command + " doesn't exist"); PrintUsage(); break;
}
}
else
{
PrintUsage();
}
}
else
{
Console.WriteLine("Starting EaseFilter windows service...");
EaseFilterService service = new EaseFilterService();
ServiceBase.Run(service);
}
}
catch (Exception ex)
{
EventManager.WriteMessage(132, "EaseFilterService", EventLevel.Error, "EaseFilter failed with error " + ex.Message);
}
finally
{
Console.WriteLine("Exiting EaseFilter service.");
GlobalConfig.Stop();
mutex.Close();
}
}
