* feat : 파일 반출 시 분선 불가 파일도 반출 안되도록 수정
- EXE_eCrmHomeEdition, KvCttSch - 검사 불가 파일이 아닌 검출 결과가 없는 경우도 차단되는 경우 수정 * feat : 프로세스 실행 차단 기능 수정 - bs1flt - 부모 프로세스 명 추가하여 비교 차단 할 수 있도록 수정 * feat : UsbPort 차단 시 UsbReStart 할 수 있도록 수정 - EXE_eCrmHomeEdition * feat : 프로세스 종료 방지 해제 기능 추가(트레이 아이콘) - EXE_eCrmHomeEdition * feat : Uninstall시 에이전트가 안죽는 부분 수정 - 복구 기능 제거를 위한 Recovsvc 객체에 대해 참조 오류 수정 - 커널 드라이버 bs1flt 가 Unload 되지 않는 현상 수정 * feat : USB 차단 시 예외 시 보안 영역이 허용안되는 현상 수정 - 보안영역의 경우 별도의 VID, PID가 없어 예외 할 수 없어 일반 영역에 대해 예외 조건이 있을 경우 보안영역을 무조건으로 예외 할 수 있도록 수정 * feat : 개인정보 자가 검사, 캠패인 검사시 검출 오류에 대한 파일에 대한 수정 - 로그 & 원본 파일도 남길 수 있도록 수정 - 압축 파일의 경우 zip, gz, 7z, tar 라이브러리 사용하도록 수정
This commit is contained in:
mgkim
parent
6bf6ea6bb6
commit
631dfd9f5b
|
|
@ -636,8 +636,9 @@ begin
|
||||||
hProcess := OpenProcess(PROCESS_TERMINATE, false, dwPid);
|
hProcess := OpenProcess(PROCESS_TERMINATE, false, dwPid);
|
||||||
if hProcess = 0 then
|
if hProcess = 0 then
|
||||||
begin
|
begin
|
||||||
if bForce then
|
OutputDebugString(Pchar(Format('[MGKIM] TerminateProcess .. OpenProcess fail : %d, %d', [dwPid, GetLastError])));
|
||||||
begin
|
// if bForce then
|
||||||
|
// begin
|
||||||
// 윈도우 11에서는 관리자 권한이 있어도 OpenProcess(PROCESS_TERMINATE...) 권한 획득에 실패하는 경우가 있다. (서비스)
|
// 윈도우 11에서는 관리자 권한이 있어도 OpenProcess(PROCESS_TERMINATE...) 권한 획득에 실패하는 경우가 있다. (서비스)
|
||||||
// 이 경우 아래처럼 하면 해결되어서 추가함 22_1208 09:39:42 kku
|
// 이 경우 아래처럼 하면 해결되어서 추가함 22_1208 09:39:42 kku
|
||||||
var ss: TStringStream;
|
var ss: TStringStream;
|
||||||
|
|
@ -645,15 +646,21 @@ begin
|
||||||
GetCmdTextToStream(Format('taskkill.exe /f /pid %d', [dwPid]), '', ss, 5000);
|
GetCmdTextToStream(Format('taskkill.exe /f /pid %d', [dwPid]), '', ss, 5000);
|
||||||
var sData: String := UpperCase(ss.DataString);
|
var sData: String := UpperCase(ss.DataString);
|
||||||
Result := (Pos('성공', sData) > 0) or (Pos('SUCCESS', sData) > 0);
|
Result := (Pos('성공', sData) > 0) or (Pos('SUCCESS', sData) > 0);
|
||||||
end;
|
OutputDebugString(Pchar(Format('[MGKIM] TerminateProcessByPid .. taskkill : %s', [sData])));
|
||||||
|
// end;
|
||||||
exit;
|
exit;
|
||||||
|
end
|
||||||
|
else
|
||||||
|
begin
|
||||||
|
try
|
||||||
|
Result := TerminateProcess(hProcess, 0);
|
||||||
|
if not Result then
|
||||||
|
OutputDebugString(Pchar(Format('[MGKIM] TerminateProcess .. fail : %d', [GetLastError])));
|
||||||
|
finally
|
||||||
|
CloseHandle(hProcess);
|
||||||
|
end;
|
||||||
end;
|
end;
|
||||||
|
|
||||||
try
|
|
||||||
Result := TerminateProcess(hProcess, 0);
|
|
||||||
finally
|
|
||||||
CloseHandle(hProcess);
|
|
||||||
end;
|
|
||||||
end;
|
end;
|
||||||
|
|
||||||
function TerminateProcessByName(sPName: String; dwIgrPid: DWORD = 0): Boolean;
|
function TerminateProcessByName(sPName: String; dwIgrPid: DWORD = 0): Boolean;
|
||||||
|
|
@ -669,7 +676,10 @@ begin
|
||||||
|
|
||||||
hSnapProc := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
|
hSnapProc := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
|
||||||
if hSnapProc = INVALID_HANDLE_VALUE then
|
if hSnapProc = INVALID_HANDLE_VALUE then
|
||||||
|
begin
|
||||||
|
OutputDebugString(Pchar(Format('[MGKIM] TerminateProcessByName .. CreateToolhelp32Snapshot fail : %d', [GetLastError])));
|
||||||
exit;
|
exit;
|
||||||
|
end;
|
||||||
|
|
||||||
sPName := UpperCase(sPName);
|
sPName := UpperCase(sPName);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -340,6 +340,7 @@ begin
|
||||||
if not gAppHook.Helper.CtrlOpt.bWriteBlock and (sExt = 'CRSWAP') then
|
if not gAppHook.Helper.CtrlOpt.bWriteBlock and (sExt = 'CRSWAP') then
|
||||||
exit;
|
exit;
|
||||||
end;
|
end;
|
||||||
|
|
||||||
end;
|
end;
|
||||||
|
|
||||||
if gAppHook.Helper.CurAppType = catWebb then
|
if gAppHook.Helper.CurAppType = catWebb then
|
||||||
|
|
@ -361,6 +362,14 @@ begin
|
||||||
begin
|
begin
|
||||||
exit;
|
exit;
|
||||||
end;
|
end;
|
||||||
|
|
||||||
|
if (dwDesiredAccess = $80000000) and // GENERIC_READ
|
||||||
|
(dwShareMode = 3) and // FILE_SHARE_READ | FILE_SHARE_WRITE
|
||||||
|
(dwFlagsAndAttributes = 0) then
|
||||||
|
begin
|
||||||
|
exit;
|
||||||
|
end;
|
||||||
|
|
||||||
end;
|
end;
|
||||||
end;
|
end;
|
||||||
end;
|
end;
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ begin
|
||||||
if not gdebug_ then
|
if not gdebug_ then
|
||||||
Exit;
|
Exit;
|
||||||
|
|
||||||
Header:= '[BSONE]';
|
Header:= '[MGKIM]';
|
||||||
|
|
||||||
// TimeStamp := Format('[%08d:%08d] %s ',
|
// TimeStamp := Format('[%08d:%08d] %s ',
|
||||||
// [GetCurrentProcessId(),
|
// [GetCurrentProcessId(),
|
||||||
|
|
|
||||||
Binary file not shown.
|
|
@ -10,7 +10,7 @@ ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2} ;This value is determine
|
||||||
;Class = "ActivityMonitor"
|
;Class = "ActivityMonitor"
|
||||||
;ClassGuid = {AE71EC8D-C1FD-4564-8AA9-D56ADE722321}
|
;ClassGuid = {AE71EC8D-C1FD-4564-8AA9-D56ADE722321}
|
||||||
Provider = %ManufacturerName%
|
Provider = %ManufacturerName%
|
||||||
DriverVer = 02/25/2026,13.4.22.947
|
DriverVer = 03/03/2026,16.39.0.536
|
||||||
CatalogFile = bs1flt.cat
|
CatalogFile = bs1flt.cat
|
||||||
PnpLockdown = 1
|
PnpLockdown = 1
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2} ;This value is determine
|
||||||
;Class = "ActivityMonitor"
|
;Class = "ActivityMonitor"
|
||||||
;ClassGuid = {AE71EC8D-C1FD-4564-8AA9-D56ADE722321}
|
;ClassGuid = {AE71EC8D-C1FD-4564-8AA9-D56ADE722321}
|
||||||
Provider = %ManufacturerName%
|
Provider = %ManufacturerName%
|
||||||
DriverVer = 02/25/2026,13.4.22.947
|
DriverVer = 03/03/2026,16.39.0.536
|
||||||
CatalogFile = bs1flt.cat
|
CatalogFile = bs1flt.cat
|
||||||
PnpLockdown = 1
|
PnpLockdown = 1
|
||||||
|
|
||||||
|
|
|
||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -16,6 +16,10 @@ const
|
||||||
LOG_DISCONNECT = $2;
|
LOG_DISCONNECT = $2;
|
||||||
LOG_POLICY = $4;
|
LOG_POLICY = $4;
|
||||||
LOG_DEBUG_ = $8;
|
LOG_DEBUG_ = $8;
|
||||||
|
LOG_PROCESS = $10;
|
||||||
|
LOG_PROCESS_PROTECT = $20;
|
||||||
|
LOG_PROCESS_MONITOR = $40;
|
||||||
|
LOG_PROCESS_BLOCK = $80;
|
||||||
LOG_ALL = $FF;
|
LOG_ALL = $FF;
|
||||||
|
|
||||||
type
|
type
|
||||||
|
|
@ -106,7 +110,7 @@ type
|
||||||
TfpBs1fltSetLogType = function(logtype: DWORD): DWORD; stdcall;
|
TfpBs1fltSetLogType = function(logtype: DWORD): DWORD; stdcall;
|
||||||
|
|
||||||
TfpBs1fltProcessCreate = function(enable : DWORD ): DWORD; stdcall;
|
TfpBs1fltProcessCreate = function(enable : DWORD ): DWORD; stdcall;
|
||||||
TfpBs1fltSetProcessCreateBlockRule = function(name: LPCWSTR; cmd: LPCWSTR ): DWORD; stdcall;
|
TfpBs1fltSetProcessCreateBlockRule = function(name: LPCWSTR; cmd: LPCWSTR; parentName: LPCWSTR ): DWORD; stdcall;
|
||||||
TfpBs1fltClearProcessCreateBlockRule = function():DWORD stdcall;
|
TfpBs1fltClearProcessCreateBlockRule = function():DWORD stdcall;
|
||||||
{ TBs1fltControl Class }
|
{ TBs1fltControl Class }
|
||||||
TBs1fltControl = class
|
TBs1fltControl = class
|
||||||
|
|
@ -201,7 +205,7 @@ type
|
||||||
//프로세스 생성 감지 기능 ON/OFF
|
//프로세스 생성 감지 기능 ON/OFF
|
||||||
function ProcessCreate(enable: DWORD): DWORD;
|
function ProcessCreate(enable: DWORD): DWORD;
|
||||||
//프로세스 생성 차단 정책 설정
|
//프로세스 생성 차단 정책 설정
|
||||||
function SetProcessCreateBlockRule(name, cmd: LPCWSTR): DWORD;
|
function SetProcessCreateBlockRule(name, cmd, parentName: LPCWSTR): DWORD;
|
||||||
//프로세스 생성 차단 정책 초기화
|
//프로세스 생성 차단 정책 초기화
|
||||||
function ClearProcessCreateBlockRule: DWORD;
|
function ClearProcessCreateBlockRule: DWORD;
|
||||||
end;
|
end;
|
||||||
|
|
@ -354,7 +358,10 @@ begin
|
||||||
if Result = 0 then
|
if Result = 0 then
|
||||||
begin
|
begin
|
||||||
FBs1FltSetPid(PG_PID_ALLOW, GetCurrentProcessId());
|
FBs1FltSetPid(PG_PID_ALLOW, GetCurrentProcessId());
|
||||||
// SetLogTYpe(LOG_CONNECT);
|
|
||||||
|
|
||||||
|
SetLogTYpe(LOG_PROCESS_BLOCK or LOG_CONNECT);
|
||||||
|
// SetLogTYpe(LOG_ALL);
|
||||||
end;
|
end;
|
||||||
end;
|
end;
|
||||||
|
|
||||||
|
|
@ -519,9 +526,9 @@ begin
|
||||||
if Assigned(FBs1fltProcessCreate) then Result := FBs1fltProcessCreate(enable) else Result := BS1FLT_ERR_NOT_LOADED;
|
if Assigned(FBs1fltProcessCreate) then Result := FBs1fltProcessCreate(enable) else Result := BS1FLT_ERR_NOT_LOADED;
|
||||||
end;
|
end;
|
||||||
|
|
||||||
function TBs1fltControl.SetProcessCreateBlockRule(name: LPCWSTR; cmd: LPCWSTR ): DWORD;
|
function TBs1fltControl.SetProcessCreateBlockRule(name: LPCWSTR; cmd: LPCWSTR; parentName: LPCWSTR): DWORD;
|
||||||
begin
|
begin
|
||||||
if Assigned(FBs1fltSetProcessCreateBlockRule) then Result := FBs1fltSetProcessCreateBlockRule(name, cmd) else Result := BS1FLT_ERR_NOT_LOADED;
|
if Assigned(FBs1fltSetProcessCreateBlockRule) then Result := FBs1fltSetProcessCreateBlockRule(name, cmd, parentName) else Result := BS1FLT_ERR_NOT_LOADED;
|
||||||
end;
|
end;
|
||||||
|
|
||||||
function TBs1fltControl.ClearProcessCreateBlockRule(): DWORD;
|
function TBs1fltControl.ClearProcessCreateBlockRule(): DWORD;
|
||||||
|
|
|
||||||
|
|
@ -513,14 +513,14 @@ begin
|
||||||
|
|
||||||
_Trace('[BS1] .... 3');
|
_Trace('[BS1] .... 3');
|
||||||
|
|
||||||
{
|
|
||||||
if not SetupDiCallClassInstaller(DIF_REMOVE, hDevInfo, pDevInfoData) then
|
if not SetupDiCallClassInstaller(DIF_REMOVE, hDevInfo, @DevInfoData) then
|
||||||
begin
|
begin
|
||||||
ShowDebug(Format('restart_device, SetupDiCallClassInstaller(DIF_REMOVE) Fail(%d)', [GetLastError]));
|
_Trace(Format('[BS1] SetupDiCallClassInstaller(DIF_REMOVE) Fail(%d)', [GetLastError]));
|
||||||
Result := False;
|
Result := False;
|
||||||
Exit;
|
Exit;
|
||||||
end;
|
end;
|
||||||
}
|
|
||||||
|
|
||||||
_Trace('[BS1] .... 4');
|
_Trace('[BS1] .... 4');
|
||||||
|
|
||||||
|
|
@ -558,7 +558,6 @@ begin
|
||||||
DeviceInfoData.cbSize := SizeOf(TSPDevInfoData);
|
DeviceInfoData.cbSize := SizeOf(TSPDevInfoData);
|
||||||
devInfoListDetail.cbSize := SizeOf(TSPDevInfoListDetailData);
|
devInfoListDetail.cbSize := SizeOf(TSPDevInfoListDetailData);
|
||||||
|
|
||||||
// 리스트 상세 정보 (C++ 코드에 있었으나 실제 로직에선 사용 안됨, 호출만 유지)
|
|
||||||
SetupDiGetDeviceInfoListDetail(hDevInfo, @devInfoListDetail);
|
SetupDiGetDeviceInfoListDetail(hDevInfo, @devInfoListDetail);
|
||||||
|
|
||||||
devIndex := 0;
|
devIndex := 0;
|
||||||
|
|
@ -582,8 +581,8 @@ begin
|
||||||
begin
|
begin
|
||||||
_Trace('[BS1] PASS~!');
|
_Trace('[BS1] PASS~!');
|
||||||
// 원본 로직: Disable 수행
|
// 원본 로직: Disable 수행
|
||||||
SetDeviceState(hDevInfo, DeviceInfoData, True);
|
//SetDeviceState(hDevInfo, DeviceInfoData, True);
|
||||||
// restart_device(hDevInfo, @DeviceInfoData); // 원본 주석 처리됨
|
RestartDevice(hDevInfo, DeviceInfoData); // 원본 주석 처리됨
|
||||||
|
|
||||||
Inc(devIndex);
|
Inc(devIndex);
|
||||||
Continue;
|
Continue;
|
||||||
|
|
@ -609,7 +608,7 @@ begin
|
||||||
end;
|
end;
|
||||||
|
|
||||||
// 하드웨어 변경 사항 검색
|
// 하드웨어 변경 사항 검색
|
||||||
// ScanForHardwareChanges();
|
ScanForHardwareChanges();
|
||||||
|
|
||||||
finally
|
finally
|
||||||
SetupDiDestroyDeviceInfoList(hDevInfo);
|
SetupDiDestroyDeviceInfoList(hDevInfo);
|
||||||
|
|
|
||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue