#include "pch.h" CInterface::CInterface() { fltlib_ = NULL; m_hPort = INVALID_HANDLE_VALUE; m_hShProcessTerminate = INVALID_HANDLE_VALUE; } CInterface::~CInterface() { Close(); } BOOL CInterface::NtNameToDosNameW(LPWSTR dosName, SIZE_T size, LPWSTR ntName) { WCHAR drives[1024] = { 0, }; WCHAR deviceName[1024] = { 0, }; WCHAR* name = drives, tmp[3]; int n = GetLogicalDriveStringsW(sizeof(drives), drives); if (n >= sizeof(drives) || n == 0) { return FALSE; } while (*name) { Sleep(1); tmp[0] = name[0]; tmp[1] = name[1]; tmp[2] = L'\0'; if (!QueryDosDeviceW(tmp, deviceName, sizeof(deviceName))) continue; if (wcsncmp(deviceName, ntName, lstrlenW(deviceName)) == 0) { StringCbCopyW(dosName, size, tmp); StringCbCatW(dosName, size, ntName + lstrlenW(deviceName)); return TRUE; } name += lstrlenW(name) + 1; } return FALSE; } BOOL CInterface::DosNameToNtNameW(LPWSTR ntName, SIZE_T size, LPCWSTR dosName) { WCHAR drives[1024] = { 0, }; WCHAR deviceName[1024] = { 0, }; WCHAR* name = drives, tmp[3]; tmp[0] = dosName[0]; tmp[1] = dosName[1]; tmp[2] = _T('\0'); if (!QueryDosDeviceW(tmp, deviceName, 1024)) return FALSE; StringCbCopyW(ntName, size, deviceName); StringCbCatW(ntName, size, dosName + 2); return TRUE; } BOOL CInterface::Open(LPCTSTR name) { HRESULT hr = SEVERITY_SUCCESS; for(DWORD i = 0; i<5; ++i) { hr = pFilterConnectCommunicationPort( name, 0, NULL, 0, NULL, &m_hPort ); if (SUCCEEDED(hr)) { BSONE_DEBUG(L"FilterConnectCommunicationPort fail %x\n", hr); return TRUE; } } return FALSE; } BOOL CInterface::Clear() { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)CLEAR; hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if(IS_ERROR( hResult )) { BSONE_DEBUG(L"FilterSendMessage fail %x %x\n", GetLastError(), CLEAR); return FALSE; } BSONE_DEBUG(_T("CInterface::Clear(), Success\n")); return TRUE; } BOOL CInterface::OpenEx(LPCTSTR name) { HRESULT hr = SEVERITY_SUCCESS; for(DWORD i = 0; i<5; ++i) { hr = pFilterConnectCommunicationPort( name, 0, NULL, 0, NULL, &m_hPort ); if(!SUCCEEDED(hr)) { BSONE_DEBUG(_T("CInterface::OpenEx(), Fail %x\n"), hr); Sleep(200); continue; } else { break; } } if(!SUCCEEDED(hr)) { BSONE_DEBUG(_T("CInterface::OpenEx(), Fail %x\n"), hr); return FALSE; } if(!Clear()) return FALSE; return TRUE; } BOOL CInterface::Close() { if(m_hPort != INVALID_HANDLE_VALUE) { StartAndStop(FALSE); CloseHandle(m_hPort); m_hPort = INVALID_HANDLE_VALUE; } if(fltlib_ != NULL) { ::FreeLibrary(fltlib_); fltlib_ = NULL; } if(m_hShProcessTerminate == INVALID_HANDLE_VALUE) { CloseHandle(m_hShProcessTerminate); m_hShProcessTerminate = INVALID_HANDLE_VALUE; } return TRUE; } BOOL CInterface::Init() { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; WCHAR wszEventName[MAX_PATH] = {0,}; CNullSA sa; fltlib_ = ::LoadLibrary(_T("fltlib.dll")); if(fltlib_ == NULL) { return FALSE; } pFilterConnectCommunicationPort = (fpFilterConnectCommunicationPort)::GetProcAddress(fltlib_, "FilterConnectCommunicationPort"); pFilterSendMessage = (fpFilterSendMessage)::GetProcAddress(fltlib_, "FilterSendMessage"); pFilterReplyMessage = (fpFilterReplyMessage)::GetProcAddress(fltlib_, "FilterReplyMessage"); pFilterGetMessage = (fpFilterGetMessage)::GetProcAddress(fltlib_, "FilterGetMessage"); if(!pFilterConnectCommunicationPort || !pFilterSendMessage || !pFilterReplyMessage || !pFilterGetMessage) { BSONE_DEBUG(L"Invaild Func Adr %x %x %x %x\n", pFilterConnectCommunicationPort, pFilterSendMessage, pFilterReplyMessage, pFilterGetMessage ); return FALSE; } StringCbPrintfW(wszEventName, sizeof(wszEventName), L"Global\\%s", PROCESS_TERMINATE_SHARE_EVENT); m_hShProcessTerminate = CreateEventW(sa, FALSE, FALSE, wszEventName); if(m_hShProcessTerminate == INVALID_HANDLE_VALUE) { BSONE_DEBUG(L"share event fail GL = %d\n", GetLastError()); return FALSE; } // if(!Open(PB_SHARELOCK_PORTNAME)) // { // PB_DEBUG(L"open fail %x %s\n", GetLastError(), PB_SHARELOCK_PORTNAME); // return FALSE; // } // // if(!Clear()) // { // return FALSE; // } // if(!StartAndStop(TRUE)) // return FALSE; // return TRUE; } HRESULT CInterface::SetReplyMessage(LPVOID p, SIZE_T size) { HRESULT hr; hr = pFilterReplyMessage( m_hPort, (PFILTER_REPLY_HEADER) p, (DWORD)size ); if(SUCCEEDED( hr )) { return hr; } BSONE_DEBUGA("Error replying message. Error = 0x%X\n", hr); return hr; } HRESULT CInterface::GetMessage(LPVOID p, SIZE_T size, LPOVERLAPPED lpov) { HRESULT hr; hr = pFilterGetMessage( m_hPort, (PFILTER_MESSAGE_HEADER)p, (DWORD)size, lpov); if(SUCCEEDED( hr )) { return hr; } //PB_DEBUGA("Error GetMessage. Error = 0x%X, %p, %d, %p\n", hr, p, size, lpov); return hr; } HRESULT CInterface::SendMessage(LPVOID inbuff, SIZE_T inbuffsize, LPVOID outbuff, SIZE_T outbuffsize, DWORD *pdwReturnSize) { HRESULT hr; hr = pFilterSendMessage(m_hPort, inbuff, (DWORD)inbuffsize, outbuff, (DWORD)outbuffsize, pdwReturnSize); if(SUCCEEDED( hr )) { return hr; } BSONE_DEBUGA("Error SendMessage. Error = 0x%X", hr); return hr; } BOOL CInterface::SetProtectPath(DWORD dwType, WCHAR * buf, SIZE_T size) { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; WCHAR ntDevicePath[PATH_SIZE] = {0,}; WCHAR dosname[3] = {0,}; if(size >= PATH_SIZE - 10) return FALSE; DosNameToNtNameW(ntDevicePath, sizeof(ntDevicePath), buf); msg.w.file_path_.size = (DWORD)wcslen(ntDevicePath) * (DWORD)sizeof(WCHAR); msg.id_ = (ULONGLONG)SET_PATH; msg.w.file_path_.type = (ULONG)dwType; BSONE_DEBUG(L"SetProtectPath, ntDevicePath(%s) ulType(%d)", ntDevicePath, dwType); StringCbCopyW(msg.w.file_path_.path, sizeof(msg.w.file_path_.path), ntDevicePath); hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(hResult)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } BOOL CInterface::DelProtectPath(DWORD dwType, WCHAR * buf, SIZE_T size) { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; WCHAR ntDevicePath[PATH_SIZE] = {0,}; WCHAR dosname[3] = {0,}; if(buf != NULL) { if(size >= PATH_SIZE - 10) return FALSE; if(!DosNameToNtNameW(ntDevicePath, sizeof(ntDevicePath), buf)) { BSONE_DEBUG(_T("Exist Drive Name\n")); return FALSE; } msg.w.file_path_.size = (DWORD)wcslen(ntDevicePath) * (DWORD)sizeof(WCHAR); msg.id_ = (ULONGLONG)DEL_PATH; msg.w.file_path_.type = (ULONG)dwType; StringCbCopyW(msg.w.file_path_.path, sizeof(msg.w.file_path_.path), ntDevicePath); } else { msg.w.file_path_.size = 0; msg.id_ = (ULONGLONG)DEL_PATH; msg.w.file_path_.type = (ULONG)dwType; } BSONE_DEBUG(_T("dwType(%d), ntDevicePath(%s)\n"), dwType, ntDevicePath); hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(hResult)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } BOOL CInterface::SetFileName(DWORD dwType, WCHAR * buf, SIZE_T size) { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; WCHAR ntDevicePath[PATH_SIZE] = {0,}; WCHAR dosname[3] = {0,}; if(size >= PATH_SIZE - 10) return FALSE; msg.w.file_path_.size = (DWORD)wcslen(buf) * (DWORD)sizeof(WCHAR); msg.id_ = (ULONGLONG)SET_FILENAME; msg.w.file_path_.type = (ULONG)dwType; StringCbCopyW(msg.w.file_path_.path, sizeof(msg.w.file_path_.path), buf); hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(hResult)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } BOOL CInterface::SetPid(DWORD dwType, DWORD dwProcessId) { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)SET_PID; msg.type_ = dwType; msg.pid_ = dwProcessId; hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(hResult)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } BOOL CInterface::RemovePid(DWORD dwProcessId) { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; DWORD dwType = 0; msg.id_ = (ULONGLONG)REMOVE_PID; msg.pid_ = dwProcessId; hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), &dwType, sizeof(DWORD), &dwRet); if (IS_ERROR(hResult)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } BOOL CInterface::SetProcessPath(DWORD dwType, WCHAR * buf, SIZE_T size) { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; WCHAR ntDevicePath[PATH_SIZE] = {0,}; WCHAR dosname[3] = {0,}; if(size >= sizeof(ntDevicePath) - 10) { BSONE_DEBUG(L"size fail %x,%x\n", size, (DWORD)(sizeof(ntDevicePath) - 10)); return FALSE; } WCHAR *ptr = wcsrchr(buf, '\\'); if(ptr) { DosNameToNtNameW(ntDevicePath, sizeof(ntDevicePath), buf); } else StringCbCopyW(ntDevicePath, sizeof(ntDevicePath), buf); msg.id_ = (ULONGLONG)SET_PROCESSNAME; msg.w.process_path_.type = (ULONG)dwType; msg.w.process_path_.size = (DWORD)wcslen(ntDevicePath) * (DWORD)sizeof(WCHAR); StringCbCopyW(msg.w.process_path_.path, sizeof(msg.w.process_path_.path), ntDevicePath); BSONE_DEBUG(L"path(%s) size(%d)", msg.w.process_path_.path, size); hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(hResult)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } BOOL CInterface::DelProcessPath(DWORD dwType, WCHAR * buf, SIZE_T size) { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; WCHAR ntDevicePath[PATH_SIZE] = {0,}; WCHAR dosname[3] = {0,}; if(buf != NULL) { if (size >= sizeof(ntDevicePath) - 10) { BSONE_DEBUG(L"size fail %x,%x\n", size, (DWORD)(sizeof(ntDevicePath) - 10)); return FALSE; } WCHAR *ptr = wcsrchr(buf, '\\'); if(ptr) { if(!DosNameToNtNameW(ntDevicePath, sizeof(ntDevicePath), buf)) { BSONE_DEBUG(_T("Exist Drive Name\n")); return FALSE; } } else { StringCbCopyW(ntDevicePath, sizeof(ntDevicePath), buf); } msg.w.process_path_.size = (DWORD)wcslen(ntDevicePath) * (DWORD)sizeof(WCHAR); msg.id_ = (ULONGLONG)DEL_PROCESSNAME; msg.w.process_path_.type = (ULONG)dwType; StringCbCopyW(msg.w.process_path_.path, sizeof(msg.w.process_path_.path), ntDevicePath); } else { msg.w.process_path_.size = 0; msg.id_ = (ULONGLONG)DEL_PROCESSNAME; msg.w.process_path_.type = (ULONG)dwType; } BSONE_DEBUG(_T("dwType(%d), ntDevicePath(%s)\n"), dwType, ntDevicePath); hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if(IS_ERROR( hResult )) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } BOOL CInterface::StartAndStop(DWORD flags) { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; if( flags ) { msg.id_ = (ULONGLONG)START; } else { msg.id_ = (ULONGLONG)STOP; } hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(hResult)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } BOOL CInterface::SetFolderProtect(BOOL enable) { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)START_FOLDER_PROTECT; msg.state_ = (ULONG)enable; hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if(IS_ERROR( hResult )) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } DWORD CInterface::GetProcessNotifyStatus() { HRESULT hr; BS1FLT_MESSAGE msg = {0,}; DWORD dwReturnSize; m_dwProcessNotify = 1; msg.id_ = GET_PROCESS_NOTIFY_STATUS; hr = pFilterSendMessage(m_hPort, &msg, sizeof(msg), &m_dwProcessNotify, sizeof(m_dwProcessNotify), &dwReturnSize); BSONE_DEBUG(_T("status = %x\n"), m_dwProcessNotify); if(SUCCEEDED( hr )) { return m_dwProcessNotify; } return 0; } BOOL CInterface::SetShareWatch(BOOL bIsWatch) { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)START_IS_SHARE_FOLDER_WATCHE; msg.state_ = (ULONG)bIsWatch; hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if(IS_ERROR( hResult )) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } BOOL CInterface::Debug(DWORD dwFlag) { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)SET_DEBUG_LEVEL; msg.pid_ = (ULONG)dwFlag; hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if(IS_ERROR( hResult )) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } BOOL CInterface::SetTerminiateProcess(DWORD dwProcessId) { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)SET_TERMINATE_PROCESS; msg.pid_ = dwProcessId; hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if(IS_ERROR( hResult )) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } BOOL CInterface::SetDeleteFile(WCHAR * buf) { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; WCHAR dosname[3] = {0,}; WCHAR delpath[PATH_SIZE] = L"\\??\\"; // if(size >= 1024 - 30) // { // return FALSE; // } StringCbCatW(delpath, sizeof(delpath), buf); msg.id_ = (ULONGLONG)SET_DELETE_FILE; msg.w.file_path_.size = (DWORD)wcslen(delpath); StringCbCopyW(msg.w.file_path_.path, ARRAYSIZE(msg.w.file_path_.path), delpath); hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if(IS_ERROR( hResult )) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } BOOL CInterface::SetProtectFilePath(PWCHAR lpwPath) { BS1FLT_MESSAGE msg = {0,}; HRESULT hResult = 0; DWORD dwRet = 0; WCHAR szNtFilePath[PATH_SIZE] = {0,}; if (!DosNameToNtNameW(szNtFilePath, sizeof(szNtFilePath), lpwPath)) { BSONE_DEBUG(_T("DosNameToNtNameW Fail.\n")); return FALSE; } msg.id_ = (ULONGLONG)SET_WRITE_RENAME_PROTECT_FILEPATH; msg.w.file_path_.type = 0; msg.w.file_path_.size = (DWORD)wcslen(szNtFilePath); StringCbCopyW(msg.w.file_path_.path, ARRAYSIZE(msg.w.file_path_.path), szNtFilePath); hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); BSONE_DEBUG(L"FilePath(%s), hResult(%x)\n", lpwPath, hResult); if (IS_ERROR(hResult)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } DWORD CInterface::GetMessageProc() { //PROCESS_MESSAGE msg; DWORD bytesReturned = 0; HRESULT hr = 0; SCANNER_MESSAGE message = { 0, }; //DWORD bufferSize = sizeof(PROCESS_MESSAGE); //PROCESS_MESSAGE* msg = (PROCESS_MESSAGE*)malloc(bufferSize); // µ¿Àû ÇÒ´ç //if (!msg) { // // BSONE_DEBUG(L"Memory allocation failed"); // return 1; //} while (true) { BSONE_DEBUG(L"FilterGetMessage, wait"); hr = pFilterGetMessage(m_hPort, (PFILTER_MESSAGE_HEADER)&message.MessageHeader, SCANNER_MESSAGE_SIZE, NULL); //hr = pFilterGetMessage(m_hPort, (PFILTER_MESSAGE_HEADER)&msg, sizeof(msg), NULL); //if (hr == HRESULT_FROM_WIN32(ERROR_INSUFFICIENT_BUFFER)) //{ // // ¹öÆÛ Å©±â Áõ°¡ ÈÄ ´Ù½Ã ÇÒ´ç // free(msg); // bufferSize = bytesReturned; // msg = (PROCESS_MESSAGE*)malloc(bufferSize); // if (!msg) // { // BSONE_DEBUG(L"Memory allocation failed"); // break; // } // continue; // ´Ù½Ã ½Ãµµ //} //else if (FAILED(hr)) { // BSONE_DEBUG(L"FilterGetMessage, Fail(%x)", hr); // break; //} if (hr == HRESULT_FROM_WIN32(ERROR_OPERATION_ABORTED)) { BSONE_DEBUG(L"FilterGetMessage aborted."); hr = S_OK; break; } else if (FAILED(hr)) { BSONE_DEBUG(L"Failed to get message from the minifilter.(%x)", hr); continue; } if (SUCCEEDED(hr)) { //std::wcout << L"Detected Process: " << msg.ProcessName << L"\n"; //std::wcout << L"Process Path: " << msg.ProcessPath << L"\n"; //std::wcout << L"Process ID: " << msg.ProcessId << L"\n"; BSONE_DEBUG(L"FilterGetMessage, [%d], ProcessName[%s], ProcessPath[%s]", message.Notification.ProcessId, message.Notification.ProcessName, message.Notification.ProcessPath); if (m_cb) { //m_cb(&msg); } //InjectDLL(msg.ProcessId, "C:\\InjectDLL.dll"); } else { BSONE_DEBUG(L"FilterGetMessage, Fail(%x)", hr); } Sleep(500); } return 1; } DWORD WINAPI CInterface::GetMessageThread(LPVOID pArg) { CInterface* pCInterface = reinterpret_cast(pArg); if (!pCInterface) { return ERROR_INVALID_PARAMETER; } BSONE_DEBUG(L"start"); return pCInterface->GetMessageProc(); } BOOL CInterface::StartGetMessageThread(DWORD nEnumInterval, BOOL bNotifyCurrent, fpCallBack cb, BOOL bOnce) { if (m_hThread) return TRUE; if (!m_hQuit) { m_hQuit = CreateEvent(NULL, TRUE, FALSE, NULL); if (!m_hQuit) { BSONE_DEBUG(L"CreateEvent fail ge(%x)\n", GetLastError()); return FALSE; } } m_bOnce = bOnce; m_nEnumInterval = nEnumInterval; m_bNotifyCurrent = bNotifyCurrent; m_cb = cb; DWORD nThreadId = 0; m_hThread = CreateThread(NULL, 0, GetMessageThread, (PVOID)this, 0, &nThreadId); if (!m_hThread) { BSONE_DEBUG(L"CreateThread fail ge(%x)\n", GetLastError()); return FALSE; } return TRUE; } BOOL CInterface::SetHook(DWORD type, BOOL enable) { BS1FLT_MESSAGE msg = { 0, }; HRESULT hResult = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)SET_HOOK; msg.state_ = (ULONG)enable; msg.type_ = type; hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(hResult)) { BSONE_DEBUG(L"FilterSendMessage fail (%x)\n", hResult); return FALSE; } return TRUE; } HRESULT CInterface::GetLog(LPVOID outbuff, SIZE_T outbuffsize, DWORD* pdwReturnSize) { HRESULT hResult; BS1FLT_MESSAGE msg = { 0, }; msg.id_ = GET_LOG; hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), outbuff, (DWORD)outbuffsize, pdwReturnSize); if (SUCCEEDED(hResult)) { return hResult; } BSONE_DEBUG(L"FilterSendMessage fail (%x)\n", hResult); return hResult; } BOOL CInterface::SetDeviceProtect(DWORD enable) { BS1FLT_MESSAGE msg = { 0, }; HRESULT hResult = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)START_DEVICE_PROTECT; msg.state_ = (ULONG)enable; hResult = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(hResult)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", hResult); return FALSE; } return TRUE; } BOOL CInterface::SetUsbDiskException(DWORD state, LPCWSTR vid, LPCWSTR pid, LPCWSTR productrevisionlevel, LPCWSTR vendorspecific) { BS1FLT_MESSAGE msg = { 0, }; HRESULT result = 0; DWORD dwRet = 0; string svid; string spid; string sproductrevisionlevel; string sserial; msg.id_ = (ULONGLONG)SET_USB_DISK_EXCEPT; msg.w.usb_except_.device_type = BDC_USB_DISK; msg.state_ = state; if (msg.state_ != STATE_CLEAR) { convert_unicode_to_ansi_string(svid, vid, wcslen(vid)); convert_unicode_to_ansi_string(spid, pid, wcslen(pid)); svid = ToUpperA(svid); spid = ToUpperA(spid); StringCbCopyA(msg.w.usb_except_.vendorid, sizeof(msg.w.usb_except_.vendorid), svid.c_str()); StringCbCopyA(msg.w.usb_except_.productid, sizeof(msg.w.usb_except_.productid), spid.c_str()); if (productrevisionlevel != NULL && productrevisionlevel[0] != L'\0') { convert_unicode_to_ansi_string(sproductrevisionlevel, productrevisionlevel, wcslen(productrevisionlevel)); sproductrevisionlevel = ToUpperA(sproductrevisionlevel); StringCbCopyA(msg.w.usb_except_.productrevisionlevel, sizeof(msg.w.usb_except_.productrevisionlevel), sproductrevisionlevel.c_str()); } if (vendorspecific != NULL && vendorspecific[0] != L'\0') { convert_unicode_to_ansi_string(sserial, vendorspecific, wcslen(vendorspecific)); sserial = ToUpperA(sserial); StringCbCopyA(msg.w.usb_except_.vendorspecific, sizeof(msg.w.usb_except_.vendorspecific), sserial.c_str()); } } BSONE_DEBUGA("state(%d), vid(%s), pid(%s), serial(%s)\n", msg.state_, msg.w.usb_except_.vendorid, msg.w.usb_except_.productid, msg.w.usb_except_.vendorspecific); result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(result)) { BSONE_DEBUG(L"FilterSendMessage fail (%x)\n", result); return FALSE; } return TRUE; } BOOL CInterface::SetPolicy(enum_devicetype devcie_type, enum_devicestate state, BOOL islog) { BS1FLT_MESSAGE msg = { 0, }; HRESULT result = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)SET_POLICY; msg.device_policy_.device_type = devcie_type; msg.device_policy_.state = state; msg.device_policy_.islog = (ULONG)islog; result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(result)) { BSONE_DEBUG(L"FilterSendMessage fail (%x)\n", result); return FALSE; } return TRUE; } BOOL CInterface::SetProcessProtect(BOOL enable) { BS1FLT_MESSAGE msg = { 0, }; HRESULT result = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)SET_PROCESS_PROTECT; msg.state_ = enable; BSONE_DEBUG(_T("msg.id(%d), msg.folder_protect_(%d)\n"), msg.id_, msg.state_); result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(result)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", result); return FALSE; } return TRUE; } BOOL CInterface::SetProcessProtectName(DWORD type, LPCWSTR name) { BS1FLT_MESSAGE msg = { 0, }; HRESULT result = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)SET_PROCESS_PROTECT_PROCESSNAME; msg.w.process_path_.type = (ULONG)type; msg.w.process_path_.size = (DWORD)wcslen(name) * (DWORD)sizeof(WCHAR); StringCbCopyW(msg.w.process_path_.path, sizeof(msg.w.process_path_.path), name); BSONE_DEBUG(L"type(%d), name(%s)", type, name); result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(result)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", result); return FALSE; } return TRUE; } BOOL CInterface::DelProcessProtectName(DWORD type, LPCWSTR name) { BS1FLT_MESSAGE msg = { 0, }; HRESULT result = 0; DWORD dwRet = 0; if (name != NULL) { msg.w.process_path_.size = (DWORD)wcslen(name) * (DWORD)sizeof(WCHAR); msg.id_ = (ULONGLONG)DEL_PROCESS_PROTECT_PROCESSNAME; msg.w.process_path_.type = (ULONG)type; StringCbCopyW(msg.w.process_path_.path, sizeof(msg.w.process_path_.path), name); BSONE_DEBUG(_T("type(%d), name(%s)\n"), type, name); } else { msg.w.process_path_.size = 0; msg.id_ = (ULONGLONG)DEL_PROCESS_PROTECT_PROCESSNAME; msg.w.process_path_.type = (ULONG)type; BSONE_DEBUG(_T("all delete type(%d), name(%s)\n"), type, name); } result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(result)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", result); return FALSE; } return TRUE; } BOOL CInterface::SetProcessProtectId(DWORD type, DWORD pid) { BS1FLT_MESSAGE msg = { 0, }; HRESULT result = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)SET_PROCESS_PROTECT_PID; msg.type_ = type; msg.pid_ = pid; BSONE_DEBUG(L"type(%d) pid(%d)", type, pid); result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(result)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", result); return FALSE; } return TRUE; } BOOL CInterface::DelProcessProtectId(DWORD type, DWORD pid) { BS1FLT_MESSAGE msg = { 0, }; HRESULT result = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)DEL_PROCESS_PROTECT_PID; msg.type_ = type; msg.pid_ = pid; BSONE_DEBUG(L"type(%d) pid(%d)", type, pid); result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(result)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", result); return FALSE; } return TRUE; } BOOL CInterface::SetRegProtect(BOOL enable) { BS1FLT_MESSAGE msg = { 0, }; HRESULT result = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)SET_REG_PROTECT; msg.state_ = enable; BSONE_DEBUG(_T("msg.id(%d), msg.state_(%d)\n"), msg.id_, msg.state_); result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(result)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", result); return FALSE; } return TRUE; } BOOL CInterface::SetRegProtectName(LPCWSTR regkey) { BS1FLT_MESSAGE msg = { 0, }; HRESULT result = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)SET_REG_KEY; StringCbCopyW(msg.w.regkey_.regkey, sizeof(msg.w.regkey_.regkey), regkey); BSONE_DEBUG(L"regkey(%s)", regkey); result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(result)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", result); return FALSE; } return TRUE; } BOOL CInterface::DelRegProtectName(LPCWSTR regkey) { BS1FLT_MESSAGE msg = { 0, }; HRESULT result = 0; DWORD dwRet = 0; if (regkey != NULL) { msg.w.regkey_.size = (DWORD)wcslen(regkey) * (DWORD)sizeof(WCHAR); msg.id_ = (ULONGLONG)DEL_REG_KEY; StringCbCopyW(msg.w.regkey_.regkey, sizeof(msg.w.regkey_.regkey), regkey); BSONE_DEBUG(_T("regkey(%s)\n"), regkey); } else { msg.w.process_path_.size = 0; msg.id_ = (ULONGLONG)DEL_REG_KEY; BSONE_DEBUG(_T("all delete type\n")); } result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(result)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", result); return FALSE; } return TRUE; } BOOL CInterface::SetUsbPortException(DWORD state, DWORD vid, DWORD pid, DWORD bcddevice, LPCWSTR serial) { BS1FLT_MESSAGE msg = { 0, }; DWORD dwRet = 0; HRESULT result = 0; string svid; string spid; string sproductrevisionlevel; string svendor; msg.id_ = (ULONGLONG)SET_USB_PORT_EXCEPT; msg.state_ = state; msg.w.usb_except_.device_type = BDC_USB; msg.w.usb_port_except_.vendorid = vid; msg.w.usb_port_except_.productid = pid; msg.w.usb_port_except_.bcddevice = bcddevice; StringCbCopyW(msg.w.usb_port_except_.serial, sizeof(msg.w.usb_port_except_.serial), serial); BSONE_DEBUG(L"vid(%x), pid(%x), (%s)\n", vid, pid, serial); result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(result)) { BSONE_DEBUG(L"FilterSendMessage fail (%x)\n", result); return FALSE; } return TRUE; } BOOL CInterface::SetLogtype(DWORD type) { BS1FLT_MESSAGE msg = { 0, }; DWORD dwRet = 0; HRESULT result = 0; msg.id_ = (ULONGLONG)SET_LOG_TYPE; msg.type_ = type; BSONE_DEBUG(L"type(%x)\n", type); result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(result)) { BSONE_DEBUG(L"FilterSendMessage fail (%x)\n", result); return FALSE; } return TRUE; } BOOL CInterface::SetProcessCreate(BOOL enable) { BS1FLT_MESSAGE msg = { 0, }; HRESULT result = 0; DWORD dwRet = 0; msg.id_ = (ULONGLONG)START_PROCESS_CREATE; msg.state_ = enable; BSONE_DEBUG(_T("id(%d), state(%d)\n"), msg.id_, msg.state_); result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(result)) { BSONE_DEBUG(L"FilterSendMessage fail %x\n", result); return FALSE; } return TRUE; } BOOL CInterface::SetProcessCreateBlockRule(DWORD state, LPCWSTR name, LPCWSTR cmd, LPCWSTR parentName) { BS1FLT_MESSAGE msg = { 0, }; HRESULT result = 0; DWORD dwRet = 0; wstring processName; wstring processNameCmd; msg.id_ = (ULONGLONG)SET_PROCESS_CREATE_BLOCK_RULE; msg.state_ = state; if (msg.state_ == STATE_SET) { if (name != NULL && name[0] != 0) { processName = ToUpper(name); StringCbCopyW(msg.w.process_create_block_rule_.ProcessName, sizeof(msg.w.process_create_block_rule_.ProcessName), processName.c_str()); } if (cmd != NULL && cmd[0] != 0) { processNameCmd = ToUpper(cmd); StringCbCopyW(msg.w.process_create_block_rule_.CommandLine, sizeof(msg.w.process_create_block_rule_.CommandLine), processNameCmd.c_str()); } if (parentName != NULL && parentName[0] != 0) { wstring processParentName = ToUpper(parentName); StringCbCopyW(msg.w.process_create_block_rule_.ParentProcessName, sizeof(msg.w.process_create_block_rule_.ParentProcessName), processParentName.c_str()); } BSONE_DEBUGA("state(%d), ProcessName(%s), CommandLine(%s), ParentProcessName(%s)\n", msg.state_, msg.w.process_create_block_rule_.ProcessName, msg.w.process_create_block_rule_.CommandLine, msg.w.process_create_block_rule_.ParentProcessName ); } else { BSONE_DEBUGA("state(%d)\n", msg.state_); } result = pFilterSendMessage(m_hPort, &msg, sizeof(msg), NULL, 0, &dwRet); if (IS_ERROR(result)) { BSONE_DEBUG(L"FilterSendMessage fail (%x)\n", result); return FALSE; } return TRUE; }