168 lines
4.6 KiB
C++
168 lines
4.6 KiB
C++
|
|
#ifndef _INTERFACE_H
|
|
#define _INTERFACE_H
|
|
|
|
|
|
#include "fltuser.h"
|
|
|
|
|
|
|
|
|
|
typedef HRESULT (WINAPI * fpFilterConnectCommunicationPort)(LPCWSTR, DWORD, LPCVOID, WORD, LPSECURITY_ATTRIBUTES, HANDLE);
|
|
typedef HRESULT (WINAPI * fpFilterSendMessage)( HANDLE, LPVOID, DWORD, LPVOID, DWORD, LPDWORD );
|
|
typedef HRESULT (WINAPI * fpFilterReplyMessage)( HANDLE, PFILTER_REPLY_HEADER, DWORD );
|
|
typedef HRESULT (WINAPI * fpFilterGetMessage)( HANDLE, PFILTER_MESSAGE_HEADER, DWORD, LPOVERLAPPED);
|
|
|
|
typedef struct _PROCESS_MESSAGE {
|
|
ULONG ProcessId;
|
|
WCHAR ProcessName[260];
|
|
WCHAR ProcessPath[512];
|
|
} PROCESS_MESSAGE, * PPROCESS_MESSAGE;
|
|
|
|
typedef struct _SCANNER_MESSAGE {
|
|
|
|
//
|
|
// Required structure header.
|
|
//
|
|
|
|
FILTER_MESSAGE_HEADER MessageHeader;
|
|
|
|
//
|
|
// Private scanner-specific fields begin here.
|
|
//
|
|
|
|
PROCESS_MESSAGE Notification;
|
|
|
|
//
|
|
// Overlapped structure: this is not really part of the message
|
|
// However we embed it here so that when we get pOvlp in
|
|
// GetQueuedCompletionStatus(...), we can restore the message
|
|
// via CONTAINING_RECORD macro.
|
|
//
|
|
|
|
OVERLAPPED Ovlp;
|
|
|
|
} SCANNER_MESSAGE, * PSCANNER_MESSAGE;
|
|
|
|
#define SCANNER_MESSAGE_SIZE (sizeof(FILTER_MESSAGE_HEADER) + sizeof(PROCESS_MESSAGE))
|
|
|
|
typedef BOOL(WINAPI* fnNotifyCallBack)(BOOL bCreate, DWORD dwPid, LPWSTR Path, DWORD PathLen);
|
|
|
|
#pragma warning(disable: 6248)
|
|
class CNullSA
|
|
{
|
|
public:
|
|
SECURITY_DESCRIPTOR m_sd;
|
|
SECURITY_ATTRIBUTES m_sa;
|
|
|
|
CNullSA()
|
|
{
|
|
InitializeSecurityDescriptor(&m_sd, SECURITY_DESCRIPTOR_REVISION);
|
|
SetSecurityDescriptorDacl(
|
|
&m_sd, // addr of SD
|
|
TRUE, // TRUE=DACL present
|
|
NULL, // ... but it's empty (wide open)
|
|
FALSE); // DACL explicitly set, not defaulted
|
|
|
|
ZeroMemory(&m_sa, sizeof m_sa);
|
|
|
|
m_sa.bInheritHandle = FALSE;
|
|
m_sa.nLength = sizeof m_sa;
|
|
m_sa.lpSecurityDescriptor = &m_sd;
|
|
}
|
|
|
|
operator PSECURITY_ATTRIBUTES ()
|
|
{
|
|
return &m_sa;
|
|
}
|
|
};
|
|
|
|
class CInterface
|
|
{
|
|
|
|
public:
|
|
HANDLE m_hPort;
|
|
HMODULE fltlib_;
|
|
HANDLE m_hShProcessTerminate;
|
|
DWORD m_dwProcessNotify;
|
|
|
|
fpFilterSendMessage pFilterSendMessage;
|
|
fpFilterConnectCommunicationPort pFilterConnectCommunicationPort;
|
|
fpFilterReplyMessage pFilterReplyMessage;
|
|
fpFilterGetMessage pFilterGetMessage;
|
|
|
|
BOOL m_bOnce;
|
|
HANDLE m_hThread;
|
|
HANDLE m_hQuit;
|
|
DWORD m_nEnumInterval;
|
|
BOOL m_bNotifyCurrent;
|
|
|
|
fpCallBack m_cb;
|
|
|
|
static DWORD WINAPI GetMessageThread(LPVOID pArg);
|
|
DWORD GetMessageProc();
|
|
BOOL StartGetMessageThread(DWORD nEnumInterval, BOOL bNotifyCurrent, fpCallBack cb, BOOL bOnce);
|
|
|
|
public:
|
|
CInterface();
|
|
~CInterface();
|
|
|
|
BOOL DosNameToNtNameW(LPWSTR ntName, SIZE_T size, LPCWSTR dosName);
|
|
BOOL NtNameToDosNameW(LPWSTR dosName, SIZE_T size, LPWSTR ntName);
|
|
|
|
BOOL Open(LPCTSTR name);
|
|
BOOL Close();
|
|
BOOL Init();
|
|
BOOL Clear();
|
|
BOOL OpenEx(LPCTSTR name);
|
|
|
|
HRESULT GetMessage(LPVOID p, SIZE_T size, LPOVERLAPPED lpov);
|
|
HRESULT SetReplyMessage(LPVOID p, SIZE_T size);
|
|
HRESULT SendMessage(LPVOID inbuff, SIZE_T inbuffsize, LPVOID outbuff, SIZE_T outbuffsize, DWORD *pdwReturnSize);
|
|
|
|
BOOL SetProtectPath(DWORD dwType, WCHAR * buf, SIZE_T size);
|
|
BOOL DelProtectPath(DWORD dwType, WCHAR * buf, SIZE_T size);
|
|
|
|
BOOL SetProcessPath(DWORD dwType, WCHAR * buf, SIZE_T size);
|
|
BOOL DelProcessPath(DWORD dwType, WCHAR * buf, SIZE_T size);
|
|
|
|
BOOL SetPid(DWORD dwType, DWORD dwProcessId);
|
|
BOOL RemovePid(DWORD dwProcessId);
|
|
BOOL StartAndStop(DWORD flags);
|
|
BOOL SetFolderProtect(BOOL enable);
|
|
BOOL SetShareWatch(BOOL watch);
|
|
BOOL SetFileName(DWORD dwType, WCHAR * buf, SIZE_T size);
|
|
DWORD GetProcessNotifyStatus();
|
|
|
|
BOOL Debug(DWORD dwFlag);
|
|
|
|
BOOL SetProtectFilePath(PWCHAR lpwPath);
|
|
|
|
BOOL SetTerminiateProcess(DWORD dwProcessId);
|
|
BOOL SetDeleteFile(WCHAR * buf);
|
|
|
|
BOOL SetHook(DWORD type, BOOL enable);
|
|
HRESULT GetLog(LPVOID outbuff, SIZE_T outbuffsize, DWORD* pdwReturnSize);
|
|
BOOL SetDeviceProtect(DWORD enable);
|
|
BOOL SetPolicy(enum_devicetype devcie_type, enum_devicestate state, BOOL islog);
|
|
|
|
BOOL SetProcessProtect(BOOL enable);
|
|
BOOL SetProcessProtectName(DWORD type, LPCWSTR name);
|
|
BOOL DelProcessProtectName(DWORD type, LPCWSTR name);
|
|
BOOL SetProcessProtectId(DWORD type, DWORD pid);
|
|
BOOL DelProcessProtectId(DWORD type, DWORD pid);
|
|
|
|
BOOL SetRegProtect(BOOL enable);
|
|
BOOL SetRegProtectName(LPCWSTR regkey);
|
|
BOOL DelRegProtectName(LPCWSTR regkey);
|
|
|
|
BOOL SetUsbDiskException(DWORD state, LPCWSTR vid, LPCWSTR pid, LPCWSTR productrevisionlevel, LPCWSTR vendorspecific);
|
|
BOOL SetUsbPortException(DWORD state, DWORD vid, DWORD pid, DWORD bcddevice, LPCWSTR serial);
|
|
BOOL SetLogtype(DWORD type);
|
|
|
|
BOOL SetProcessCreate(BOOL enable);
|
|
BOOL SetProcessCreateBlockRule(DWORD state, LPCWSTR name, LPCWSTR cmd, LPCWSTR parentName);
|
|
};
|
|
|
|
|
|
#endif |