#pragma once #define KFILE_PATH 512 #define KFILE_NAME_PATH 100 #define KPROCESS_NAME 100 #define KPROCESS_PATH 1024 #define PATH_SIZE 1024 #define DRIVERNAME L"bs1flt" #define DRIVERNAMEA "bs1flt" #define BS1FLT_PORTNAME L"\\bs1flt" #define LOG_SHARE_EVENT L"{bs1flt-4200-BED2-6B5CD0D88247}" #define PROCESS_TERMINATE_SHARE_EVENT L"{A5F2956A-A68E-4404-BCD6-2A7DF47353E8}" #define OBJECT_ALTITUDE L"380832" #define REG_ALTITUDE L"380831" #define ALTITUDE L"380830" #define ALTITUDE_NAME _T("bs1fltalttude") /// ·¹Áö½ºÆ®¸® º¸È£´ë»ó Á¤ÀÇ #define REG_BS1_REGPATH_KEY_W L"SOFTWARE\\eCrmHomeEdition" #define REG_BS1_REGPATH_KEY_W_64 L"SOFTWARE\\WOW6432NODE\\eCrmHomeEdition" #define REG_MINIMAL_BS1SERVICE_KEY_W L"SYSTEM\\CurrentControlSet\\Services\\SvcCrmHe" //#define REG_MINIMAL_SAFEMODE_BS1SERVICE_KEY_W L"\\CONTROL\\SAFEBOOT\\MINIMAL\\BS1SERVICE" //#define REG_NETWORK_SAFEMODE_BS1SERVICE_KEY_W L"\\CONTROL\\SAFEBOOT\\NETWORK\\BS1SERVICE" //#define REG_MINIMAL_SAFEMODE_BS1FLT_KEY_W L"\\CONTROL\\SAFEBOOT\\MINIMAL\\BS1FLT" //#define REG_NETWORK_SAFEMODE_BS1FLT_KEY_W L"\\CONTROL\\SAFEBOOT\\NETWORK\\BS1FLT" /// ÆÄÀϸí ŸÀÔ #define PG_FILE_UNDEFINED 0 #define PG_FILE_ALLOW 1 typedef struct _BS1FLT_MSG { DWORD type; DWORD pid; WCHAR path[1024]; }BS1FLT_MSG, *PBS1FLT_MSG; /// cds_flt ¿É¼Ç ¼³Á¤///// /// ÇÁ·Î¼¼½º ¾ÆÀ̵ð ŸÀÔ #define PG_PID_UNDEFINED 0 #define PG_PID_ALLOW 1 /// ¸ðµç °æ·Î Á¢±Ù °¡´É ÇÁ·Î¼¼½º #define PG_PID_WHITE 2 /// È­ÀÌÆ® °æ·Î¿¡ ´ëÇÑ Á¢±Ù ÇÁ·Î¼¼½º #define PG_PID_GREEN 4 /// #define PG_PID_BLACK 8 /// Á¢±Ù Â÷´Ü ÇÁ·Î¼¼½º #define PG_PID_GRAY 16 /// PG_PATH_GRAY Çã¿ëµÇ´Â ÇÁ·Î¼¼½º #define PG_PID_BLOCK_RENAME 32 /// À̸§º¯°æ¸¸ Â÷´Ü #define PG_PID_PROTECT 64 /// º¸È£ ÇÁ·Î¼¼½º (Á¾·á ºÒ°¡) /// °æ·Î ŸÀÔ #define PG_PATH_UNDEFINED 0 #define PG_PATH_ALLOW 1 #define PG_PATH_WHITE 2 #define PG_PATH_BLACK 4 #define PG_PATH_NOTIFY 8 #define PG_PATH_GRAY 16 #define PG_PATH_ALL (PG_PATH_ALLOW|PG_PATH_WHITE|PG_PATH_BLACK|PG_PATH_NOTIFY) /// ¸í·É¾î ŸÀÔ #define STATE_SET 0 #define STATE_DEL 1 #define STATE_CLEAR 2 /// ¹ÝÃâ °æ·Î¿¡ ´ëÇÑ cds_flt copy data ¼³Á¤ ±¸Á¶Ã¼ typedef struct _FLT_DIR_SPEC_POLICY { WCHAR dir[MAX_PATH]; DWORD dirtype; DWORD processcnt; WCHAR prcess[50][MAX_PATH]; DWORD type[50]; }FLT_DIR_SPEC_POLICY, * PFLT_DIR_SPEC_POLICY; /// sharelock custom ¼³Á¤ ±¸Á¶Ã¼ typedef struct _FLT_START_FOR_CUSTOM { ///¼³Á¤ °æ·Î WCHAR control_dir[10][MAX_PATH]; ///¼³Á¤ ŸÀÔ ///#define PG_PATH_UNDEFINED 0 ///#define PG_PATH_ALLOW 1 ///#define PG_PATH_WHITE 2 ///#define PG_PATH_BLACK 4 ///#define PG_PATH_NOTIFY 8 ///#define PG_PATH_GRAY 16 DWORD control_type[10]; ///ȯ°æ ¼³Á¤ ÆÄÀÏ WCHAR inidir[MAX_PATH]; }FLT_START_FOR_CUSTOM, * PFLT_START_FOR_CUSTOM; ////////////////////////////////////////////////////////////////////////////////////////////////////////////// //ÀåÄ¡º° ŸÀÔ enum enum_devicetype { BDC_UNKNOWN_DEV = 0, BDC_CDROM, BDC_FLOOPY, BDC_USB_DISK, BDC_LOCAL_DISK, BDC_NETWORKDRIVEOUT, BDC_EXTERNALHDD, BDC_NETWORKDRIVEIN, BDC_NETWORKSHAREOUT, BDC_USB, // USB Port(HID, Hub Á¦¿Ü) BDC_USB_NET, BDC_USB_HID, BDC_1394, BDC_SERIAL, BDC_PARALLEL, BDC_PCMCIA, BDC_PCMCIA_NET, BDC_IRDA, BDC_MODEM, BDC_BLUETOOTH, BDC_BLUETOOTH_FILE, BDC_WIBRO, BDC_TLOGIN, BDC_ACTIVE_SYNC, BDC_WIRELESS, BDC_LGMODEM, BDC_TETHERING, BDC_SDCARD, BDC_PORTABLE_STORAGE, BDC_WEBCAM, BDC_MTP, BDC_MAX_DEVICE_TYPE }; enum enum_devicestate { ENABLE = 0, DISABLE, READONLY }; enum enum_pb_kernel_comunicationid { START = 0x1, STOP, CLEAR, GET_LOG, SET_POLICY, SET_PATH, DEL_PATH, SET_PROCESSNAME, SET_FILENAME, GET_CLOSE_PATH, GET_CLOSE_PATH_INFO, SET_PID, REMOVE_PID, START_FOLDER_PROTECT, START_IS_SHARE_FOLDER_WATCHE, START_DEVICE_PROTECT, GET_PROCESS_NOTIFY_STATUS, GET_PID, SET_DEBUG_LEVEL, SET_DELETE_FILE, SET_TERMINATE_PROCESS, SET_SDIST_CUSTOM_POLICY, DEL_PROCESSNAME, SET_WRITE_RENAME_PROTECT_FILEPATH, SET_HOOK, SET_REG_PROTECT, SET_REG_KEY, DEL_REG_KEY, SET_PROCESS_PROTECT, SET_PROCESS_PROTECT_PID, DEL_PROCESS_PROTECT_PID, SET_PROCESS_PROTECT_PROCESSNAME, DEL_PROCESS_PROTECT_PROCESSNAME, SET_USB_DISK_EXCEPT, SET_USB_PORT_EXCEPT, SET_LOG_TYPE, START_PROCESS_CREATE, SET_PROCESS_CREATE_BLOCK_RULE, //ÇÁ·Î¼¼½º Â÷´Ü ±ÔÄ¢ (ÇÁ·Î¼¼½º¸í + ÆĶó¹ÌÅÍ) CLEAR_PROCESS_CREATE_BLOCK_RULE }; typedef struct _LOG_MSG_DATA { WCHAR time[50]; UCHAR log_type_; UCHAR device_type_; UCHAR state_; ULONG processid_; WCHAR process_name_[50]; WCHAR path_[1024]; }LOG_MSG_DATA, * PLOG_MSG_DATA; typedef struct _REPORT_DESC { ULONGLONG time; ULONG pid; ULONG code; ULONG a0; ULONG a1; ULONG a2; WCHAR ProcessName[KPROCESS_NAME]; WCHAR path[KFILE_PATH]; WCHAR renamepath[KFILE_PATH]; }REPORT_DESC, * PREPORT_DESC; typedef struct _LOG_NOTIFICATION { ULONG count; REPORT_DESC desc[1]; }LOG_NOTIFICATION, * PLOG_NOTIFICATION; enum enum_logcode { LOG_CONNECT = 1 << 0, // 0x01 LOG_DISCONNECT = 1 << 1, // 0x02 LOG_POLICY = 1 << 2, // 0x04 LOG_DEBUG_ = 1 << 3, // 0x08 LOG_PROCESS = 1 << 4, // 0x10 LOG_PROCESS_PROTECT = 1 << 5, // 0x20 LOG_PROCESS_MONITOR = 1 << 6, // 0x40 LOG_PROCESS_BLOCK = 1 << 7, // 0x80 LOG_ALL = 0xFF }; typedef struct _EXIT_PID { ULONG ulCnt; ULONG ulPid[100]; }EXIT_PID, *PEXIT_PID; typedef struct _BS1FLT_REPLY { BOOLEAN SafeToOpen; }BS1FLT_REPLY, *PBS1FLT_REPLY; typedef struct _BS1FLT_SET_PROCESS_PATH { ULONG type; ULONG size; WCHAR path[PATH_SIZE]; }BS1FLT_SET_PROCESS_PATH, *PBS1FLT_SET_PROCESS_PATH; typedef struct _BS1FLT_SET_PATH { ULONG type; ULONG size; WCHAR path[PATH_SIZE]; }BS1FLT_SET_PATH, *PBS1FLT_SET_PATH; typedef struct _BS1FLT_REG_KEY { ULONG type; ULONG size; WCHAR regkey[PATH_SIZE]; }BS1FLT_REG_KEY, * PBS1FLT_REG_KEY; typedef struct _BS1FLT_USB_DISK_EXCEPT { ULONG device_type; char vendorid[20]; char productid[20]; char productrevisionlevel[20]; char vendorspecific[20]; }BS1FLT_USB_DISK_EXCEPT, * PBS1FLT_USB_DISK_EXCEPT; typedef struct _BS1FLT_USB_PORT_EXCEPT { ULONG devicetype; ULONG vendorid; ULONG productid; ULONG bcddevice; WCHAR serial[100]; }BS1FLT_USB_PORT_EXCEPT, * PBS1FLT_USB_PORT_EXCEPT; typedef struct _BS1FLT_SET_PID { ULONG type; ULONG pid; }BS1FLT_SET_PID, *PBS1FLT_SET_PID; #pragma pack(push, 1) typedef struct _FILE_OBJECT_DESC { ULONG pid; ULONG type; ULONG size; WCHAR path[PATH_SIZE]; }FILE_OBJECT_DESC, *PFILE_OBJECT_DESC; #pragma pack(pop) typedef struct _FILE_OBJECT_DESC_INFO { ULONG pid; ULONG ulRequeredSize; }FILE_OBJECT_DESC_INFO, *PFILE_OBJECT_DESC_INFO; typedef struct _HOST_ADDRESS_MANAGER { ULONG ulLen; WCHAR wszHost[260]; }HOST_ADDRESS_MANAGER, * PHOST_ADDRESS_MANAGER; typedef struct _IPADDRESS_MANAGER { ULONG ulStartIP; ULONG ulEndIP; }IPADDRESS_MANAGER, * PIPADDRESS_MANAGER; #define SDIST_PROCESS_NAME_LEN 50 #define SDIST_EXTENSION_CNT 50 #define SDIST_EXTENSION_LEN 10 typedef struct _SDIST_CUSTOM_PROCESS_POLICY { WCHAR process[SDIST_PROCESS_NAME_LEN]; WCHAR extenstion[SDIST_EXTENSION_CNT][SDIST_EXTENSION_LEN]; }SDIST_CUSTOM_PROCESS_POLICY, *PSDIST_CUSTOM_PROCESS_POLICY; typedef struct _BS1FLT_PROCESS_CREATE_BLOCK_RULE { WCHAR ProcessName[260]; // ´ë»ó ÇÁ·Î¼¼½º À̸§ (¿¹: cmd.exe) WCHAR CommandLine[512]; // Æ÷ÇԵǸé Â÷´ÜÇÒ ÆĶó¹ÌÅÍ ¹®ÀÚ¿­ (¿¹: /c del) WCHAR ParentProcessName[50]; // ºÎ¸ð ÇÁ·Î¼¼½º À̸§ (¿¹: powershell.exe) } BS1FLT_PROCESS_CREATE_BLOCK_RULE, * PBS1FLT_PROCESS_CREATE_BLOCK_RULE; #pragma pack(push, 1) typedef struct _DEVICE_POLICY { enum enum_devicetype device_type; enum enum_devicestate state; ULONG islog; }DEVICE_POLICY, * PDEVICE_POLICY; #pragma pack(pop) typedef struct _BS1FLT_MESSAGE { ULONG ReplyLength_; ULONGLONG id_; ULONG pid_; ULONG type_; ULONG state_; DEVICE_POLICY device_policy_; union { // ÆÄÀÏ Æнº °ü·Ã ±¸Á¶Ã¼ struct _BS1FLT_SET_PATH file_path_; // ÇÁ·Î¼¼½º À̸§ °ü·Ã ±¸Á¶Ã¼ struct _BS1FLT_SET_PROCESS_PATH process_path_; struct _BS1FLT_REG_KEY regkey_; struct _BS1FLT_USB_DISK_EXCEPT usb_except_; struct _BS1FLT_USB_PORT_EXCEPT usb_port_except_; struct _BS1FLT_PROCESS_CREATE_BLOCK_RULE process_create_block_rule_; }w; }BS1FLT_MESSAGE , *PBS1FLT_MESSAGE;