public void GetRequest_ReturnsCorrectRequest()
{
var expectedRequest = new ACCESS_REQUEST {
MessageId = 1, AccessType = ACCESS_TYPE.REGISTRY, Operation = 133, Path = "SomePath", ProcessID = 10, ReplyLength = 11, RuleID = 122
};
fltLib.SetGetMessageReturn(0, expectedRequest);
driver.Start();
var actualRequest = driver.GetRequest();
Assert.AreEqual(expectedRequest, actualRequest);
}
public void GetMessage_SetGetMessageReturn()
{
var expectedData = new ACCESS_REQUEST();
expectedData.ReplyLength = (uint)Marshal.SizeOf(typeof(ACCESS_REQUEST));
expectedData.MessageId = 10;
expectedData.ProcessID = 11;
expectedData.AccessType = ACCESS_TYPE.REGISTRY;
expectedData.RuleID = 144;
expectedData.Path = "HKCU\\USER\\SOMEKEY";
stub.SetGetMessageReturn(-125, expectedData);
var request = new ACCESS_REQUEST();
var hr = stub.FilterGetMessage(IntPtr.Zero, ref request, 0, IntPtr.Zero);
Assert.AreNotSame(expectedData, request);
Assert.AreEqual(-125, hr);
Assert.AreEqual(expectedData.ReplyLength, request.ReplyLength);
Assert.AreEqual(expectedData.MessageId, request.MessageId);
Assert.AreEqual(expectedData.ProcessID, request.ProcessID);
Assert.AreEqual(expectedData.AccessType, request.AccessType);
Assert.AreEqual(expectedData.RuleID, request.RuleID);
Assert.AreEqual(expectedData.Path, request.Path);
}
public void WaitRequest_AllowRule()
{
// Arrange
AddRule(ruleset, RuleAction.Allow, "c:\\test.txt");
core.Start(ruleset, serviceInterface, null);
var ExpectedRequest = new ACCESS_REQUEST {
Path = "c:\\test.txt", MessageId = 333
};
fltLib.SetGetMessageReturn(0, ExpectedRequest);
// Act
core.WaitRequest();
// Assert
Assert.AreEqual((ulong)333, fltLib.LastAllowedMessageID);
}