382 lines
8.0 KiB
C
382 lines
8.0 KiB
C
#pragma once
|
|
|
|
#define KFILE_PATH 512
|
|
#define KFILE_NAME_PATH 100
|
|
#define KPROCESS_NAME 100
|
|
#define KPROCESS_PATH 1024
|
|
#define PATH_SIZE 1024
|
|
#define DRIVERNAME L"bs1flt"
|
|
#define DRIVERNAMEA "bs1flt"
|
|
#define BS1FLT_PORTNAME L"\\bs1flt"
|
|
#define LOG_SHARE_EVENT L"{bs1flt-4200-BED2-6B5CD0D88247}"
|
|
#define PROCESS_TERMINATE_SHARE_EVENT L"{A5F2956A-A68E-4404-BCD6-2A7DF47353E8}"
|
|
|
|
#define OBJECT_ALTITUDE L"380832"
|
|
#define REG_ALTITUDE L"380831"
|
|
#define ALTITUDE L"380830"
|
|
#define ALTITUDE_NAME _T("bs1fltalttude")
|
|
|
|
|
|
/// 레지스트리 보호대상 정의
|
|
#define REG_BS1_REGPATH_KEY_W L"SOFTWARE\\ECRMHOMEEDITION"
|
|
#define REG_BS1_REGPATH_KEY_W_64 L"SOFTWARE\\WOW6432NODE\\ECRMHOMEEDITION"
|
|
|
|
#define REG_MINIMAL_BS1SERVICE_KEY_W L"SYSTEM\\CurrentControlSet\\Services\\SvcCrmHe"
|
|
//#define REG_MINIMAL_SAFEMODE_BS1SERVICE_KEY_W L"\\CONTROL\\SAFEBOOT\\MINIMAL\\BS1SERVICE"
|
|
//#define REG_NETWORK_SAFEMODE_BS1SERVICE_KEY_W L"\\CONTROL\\SAFEBOOT\\NETWORK\\BS1SERVICE"
|
|
//#define REG_MINIMAL_SAFEMODE_BS1FLT_KEY_W L"\\CONTROL\\SAFEBOOT\\MINIMAL\\BS1FLT"
|
|
//#define REG_NETWORK_SAFEMODE_BS1FLT_KEY_W L"\\CONTROL\\SAFEBOOT\\NETWORK\\BS1FLT"
|
|
|
|
/// 파일명 타입
|
|
#define PG_FILE_UNDEFINED 0
|
|
#define PG_FILE_ALLOW 1
|
|
|
|
|
|
typedef struct _BS1FLT_MSG
|
|
{
|
|
DWORD type;
|
|
DWORD pid;
|
|
WCHAR path[1024];
|
|
|
|
}BS1FLT_MSG, *PBS1FLT_MSG;
|
|
|
|
|
|
/// cds_flt 옵션 설정/////
|
|
|
|
/// 프로세스 아이디 타입
|
|
#define PG_PID_UNDEFINED 0
|
|
#define PG_PID_ALLOW 1 /// 모든 경로 접근 가능 프로세스
|
|
#define PG_PID_WHITE 2 /// 화이트 경로에 대한 접근 프로세스
|
|
#define PG_PID_GREEN 4 ///
|
|
#define PG_PID_BLACK 8 /// 접근 차단 프로세스
|
|
#define PG_PID_GRAY 16 /// PG_PATH_GRAY 허용되는 프로세스
|
|
#define PG_PID_BLOCK_RENAME 32 /// 이름변경만 차단
|
|
#define PG_PID_PROTECT 64 /// 보호 프로세스 (종료 불가)
|
|
|
|
|
|
/// 경로 타입
|
|
#define PG_PATH_UNDEFINED 0
|
|
#define PG_PATH_ALLOW 1
|
|
#define PG_PATH_WHITE 2
|
|
#define PG_PATH_BLACK 4
|
|
#define PG_PATH_NOTIFY 8
|
|
#define PG_PATH_GRAY 16
|
|
|
|
#define PG_PATH_ALL (PG_PATH_ALLOW|PG_PATH_WHITE|PG_PATH_BLACK|PG_PATH_NOTIFY)
|
|
|
|
/// 명령어 타입
|
|
#define STATE_SET 0
|
|
#define STATE_DEL 1
|
|
#define STATE_CLEAR 2
|
|
|
|
/// 반출 경로에 대한 cds_flt copy data 설정 구조체
|
|
typedef struct _FLT_DIR_SPEC_POLICY
|
|
{
|
|
WCHAR dir[MAX_PATH];
|
|
DWORD dirtype;
|
|
DWORD processcnt;
|
|
WCHAR prcess[50][MAX_PATH];
|
|
DWORD type[50];
|
|
}FLT_DIR_SPEC_POLICY, * PFLT_DIR_SPEC_POLICY;
|
|
|
|
/// sharelock custom 설정 구조체
|
|
typedef struct _FLT_START_FOR_CUSTOM
|
|
{
|
|
///설정 경로
|
|
WCHAR control_dir[10][MAX_PATH];
|
|
///설정 타입
|
|
///#define PG_PATH_UNDEFINED 0
|
|
///#define PG_PATH_ALLOW 1
|
|
///#define PG_PATH_WHITE 2
|
|
///#define PG_PATH_BLACK 4
|
|
///#define PG_PATH_NOTIFY 8
|
|
///#define PG_PATH_GRAY 16
|
|
DWORD control_type[10];
|
|
///환경 설정 파일
|
|
WCHAR inidir[MAX_PATH];
|
|
|
|
}FLT_START_FOR_CUSTOM, * PFLT_START_FOR_CUSTOM;
|
|
//////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
|
|
//장치별 타입
|
|
enum enum_devicetype
|
|
{
|
|
BDC_UNKNOWN_DEV = 0,
|
|
BDC_CDROM,
|
|
BDC_FLOOPY,
|
|
BDC_USB_DISK,
|
|
BDC_LOCAL_DISK,
|
|
BDC_NETWORKDRIVEOUT,
|
|
BDC_EXTERNALHDD,
|
|
BDC_NETWORKDRIVEIN,
|
|
BDC_NETWORKSHAREOUT,
|
|
BDC_USB, // USB Port(HID, Hub 제외)
|
|
BDC_USB_NET,
|
|
BDC_USB_HID,
|
|
BDC_1394,
|
|
BDC_SERIAL,
|
|
BDC_PARALLEL,
|
|
BDC_PCMCIA,
|
|
BDC_PCMCIA_NET,
|
|
BDC_IRDA,
|
|
BDC_MODEM,
|
|
BDC_BLUETOOTH,
|
|
BDC_BLUETOOTH_FILE,
|
|
BDC_WIBRO,
|
|
BDC_TLOGIN,
|
|
BDC_ACTIVE_SYNC,
|
|
BDC_WIRELESS,
|
|
BDC_LGMODEM,
|
|
BDC_TETHERING,
|
|
BDC_SDCARD,
|
|
BDC_PORTABLE_STORAGE,
|
|
BDC_WEBCAM,
|
|
BDC_MTP,
|
|
BDC_MAX_DEVICE_TYPE
|
|
|
|
};
|
|
|
|
enum enum_devicestate
|
|
{
|
|
ENABLE = 0,
|
|
DISABLE,
|
|
READONLY
|
|
};
|
|
|
|
enum enum_pb_kernel_comunicationid
|
|
{
|
|
START = 0x1,
|
|
STOP,
|
|
CLEAR,
|
|
GET_LOG,
|
|
SET_POLICY,
|
|
SET_PATH,
|
|
DEL_PATH,
|
|
SET_PROCESSNAME,
|
|
SET_FILENAME,
|
|
GET_CLOSE_PATH,
|
|
GET_CLOSE_PATH_INFO,
|
|
SET_PID,
|
|
REMOVE_PID,
|
|
START_FOLDER_PROTECT,
|
|
START_IS_SHARE_FOLDER_WATCHE,
|
|
START_DEVICE_PROTECT,
|
|
GET_PROCESS_NOTIFY_STATUS,
|
|
GET_PID,
|
|
SET_DEBUG_LEVEL,
|
|
SET_DELETE_FILE,
|
|
SET_TERMINATE_PROCESS,
|
|
SET_SDIST_CUSTOM_POLICY,
|
|
DEL_PROCESSNAME,
|
|
SET_WRITE_RENAME_PROTECT_FILEPATH,
|
|
|
|
SET_HOOK,
|
|
|
|
SET_REG_PROTECT,
|
|
SET_REG_KEY,
|
|
DEL_REG_KEY,
|
|
|
|
SET_PROCESS_PROTECT,
|
|
SET_PROCESS_PROTECT_PID,
|
|
DEL_PROCESS_PROTECT_PID,
|
|
SET_PROCESS_PROTECT_PROCESSNAME,
|
|
DEL_PROCESS_PROTECT_PROCESSNAME,
|
|
|
|
SET_USB_DISK_EXCEPT,
|
|
SET_USB_PORT_EXCEPT,
|
|
SET_LOG_TYPE,
|
|
|
|
START_PROCESS_CREATE,
|
|
SET_PROCESS_CREATE_BLOCK_RULE, //프로세스 차단 규칙 (프로세스명 + 파라미터)
|
|
CLEAR_PROCESS_CREATE_BLOCK_RULE
|
|
};
|
|
|
|
typedef struct _LOG_MSG_DATA
|
|
{
|
|
WCHAR time[50];
|
|
UCHAR log_type_;
|
|
UCHAR device_type_;
|
|
UCHAR state_;
|
|
ULONG processid_;
|
|
WCHAR process_name_[50];
|
|
WCHAR path_[1024];
|
|
|
|
}LOG_MSG_DATA, * PLOG_MSG_DATA;
|
|
|
|
typedef struct _REPORT_DESC
|
|
{
|
|
|
|
ULONGLONG time;
|
|
ULONG pid;
|
|
ULONG code;
|
|
ULONG a0;
|
|
ULONG a1;
|
|
ULONG a2;
|
|
WCHAR ProcessName[KPROCESS_NAME];
|
|
WCHAR path[KFILE_PATH];
|
|
WCHAR renamepath[KFILE_PATH];
|
|
}REPORT_DESC, * PREPORT_DESC;
|
|
|
|
typedef struct _LOG_NOTIFICATION {
|
|
|
|
ULONG count;
|
|
REPORT_DESC desc[1];
|
|
|
|
}LOG_NOTIFICATION, * PLOG_NOTIFICATION;
|
|
|
|
enum enum_logcode
|
|
{
|
|
LOG_CONNECT = 1 << 0, // 0x01
|
|
LOG_DISCONNECT = 1 << 1, // 0x02
|
|
LOG_POLICY = 1 << 2, // 0x04
|
|
LOG_DEBUG_ = 1 << 3, // 0x08
|
|
LOG_PROCESS = 1 << 4, // 0x10
|
|
LOG_PROCESS_PROTECT = 1 << 5, // 0x20
|
|
LOG_PROCESS_MONITOR = 1 << 6, // 0x40
|
|
LOG_PROCESS_BLOCK = 1 << 7, // 0x80
|
|
LOG_ALL = 0xFF
|
|
};
|
|
|
|
typedef struct _EXIT_PID
|
|
{
|
|
ULONG ulCnt;
|
|
ULONG ulPid[100];
|
|
|
|
}EXIT_PID, *PEXIT_PID;
|
|
|
|
|
|
typedef struct _BS1FLT_REPLY {
|
|
|
|
BOOLEAN SafeToOpen;
|
|
|
|
}BS1FLT_REPLY, *PBS1FLT_REPLY;
|
|
|
|
typedef struct _BS1FLT_SET_PROCESS_PATH
|
|
{
|
|
ULONG type;
|
|
ULONG size;
|
|
WCHAR path[PATH_SIZE];
|
|
|
|
}BS1FLT_SET_PROCESS_PATH, *PBS1FLT_SET_PROCESS_PATH;
|
|
|
|
typedef struct _BS1FLT_SET_PATH
|
|
{
|
|
ULONG type;
|
|
ULONG size;
|
|
WCHAR path[PATH_SIZE];
|
|
|
|
}BS1FLT_SET_PATH, *PBS1FLT_SET_PATH;
|
|
|
|
typedef struct _BS1FLT_REG_KEY
|
|
{
|
|
ULONG type;
|
|
ULONG size;
|
|
WCHAR regkey[PATH_SIZE];
|
|
}BS1FLT_REG_KEY, * PBS1FLT_REG_KEY;
|
|
|
|
typedef struct _BS1FLT_USB_DISK_EXCEPT
|
|
{
|
|
ULONG device_type;
|
|
char vendorid[20];
|
|
char productid[20];
|
|
char productrevisionlevel[20];
|
|
char vendorspecific[20];
|
|
|
|
}BS1FLT_USB_DISK_EXCEPT, * PBS1FLT_USB_DISK_EXCEPT;
|
|
|
|
typedef struct _BS1FLT_USB_PORT_EXCEPT
|
|
{
|
|
ULONG devicetype;
|
|
ULONG vendorid;
|
|
ULONG productid;
|
|
ULONG bcddevice;
|
|
WCHAR serial[100];
|
|
}BS1FLT_USB_PORT_EXCEPT, * PBS1FLT_USB_PORT_EXCEPT;
|
|
|
|
typedef struct _BS1FLT_SET_PID
|
|
{
|
|
ULONG type;
|
|
ULONG pid;
|
|
|
|
}BS1FLT_SET_PID, *PBS1FLT_SET_PID;
|
|
|
|
#pragma pack(push, 1)
|
|
typedef struct _FILE_OBJECT_DESC
|
|
{
|
|
ULONG pid;
|
|
ULONG type;
|
|
ULONG size;
|
|
WCHAR path[PATH_SIZE];
|
|
|
|
}FILE_OBJECT_DESC, *PFILE_OBJECT_DESC;
|
|
#pragma pack(pop)
|
|
|
|
typedef struct _FILE_OBJECT_DESC_INFO
|
|
{
|
|
ULONG pid;
|
|
ULONG ulRequeredSize;
|
|
|
|
}FILE_OBJECT_DESC_INFO, *PFILE_OBJECT_DESC_INFO;
|
|
|
|
typedef struct _HOST_ADDRESS_MANAGER
|
|
{
|
|
ULONG ulLen;
|
|
WCHAR wszHost[260];
|
|
}HOST_ADDRESS_MANAGER, * PHOST_ADDRESS_MANAGER;
|
|
|
|
typedef struct _IPADDRESS_MANAGER
|
|
{
|
|
ULONG ulStartIP;
|
|
ULONG ulEndIP;
|
|
}IPADDRESS_MANAGER, * PIPADDRESS_MANAGER;
|
|
|
|
#define SDIST_PROCESS_NAME_LEN 50
|
|
#define SDIST_EXTENSION_CNT 50
|
|
#define SDIST_EXTENSION_LEN 10
|
|
|
|
typedef struct _SDIST_CUSTOM_PROCESS_POLICY
|
|
{
|
|
|
|
WCHAR process[SDIST_PROCESS_NAME_LEN];
|
|
WCHAR extenstion[SDIST_EXTENSION_CNT][SDIST_EXTENSION_LEN];
|
|
|
|
}SDIST_CUSTOM_PROCESS_POLICY, *PSDIST_CUSTOM_PROCESS_POLICY;
|
|
|
|
typedef struct _BS1FLT_PROCESS_CREATE_BLOCK_RULE
|
|
{
|
|
WCHAR ProcessName[260]; // 대상 프로세스 이름 (예: cmd.exe)
|
|
WCHAR CommandLine[512]; // 포함되면 차단할 파라미터 문자열 (예: /c del)
|
|
WCHAR ParentProcessName[50]; // 부모 프로세스 이름 (예: powershell.exe)
|
|
} BS1FLT_PROCESS_CREATE_BLOCK_RULE, * PBS1FLT_PROCESS_CREATE_BLOCK_RULE;
|
|
|
|
#pragma pack(push, 1)
|
|
typedef struct _DEVICE_POLICY
|
|
{
|
|
enum enum_devicetype device_type;
|
|
enum enum_devicestate state;
|
|
ULONG islog;
|
|
}DEVICE_POLICY, * PDEVICE_POLICY;
|
|
#pragma pack(pop)
|
|
|
|
typedef struct _BS1FLT_MESSAGE
|
|
{
|
|
ULONG ReplyLength_;
|
|
ULONGLONG id_;
|
|
ULONG pid_;
|
|
ULONG type_;
|
|
ULONG state_;
|
|
DEVICE_POLICY device_policy_;
|
|
|
|
union
|
|
{
|
|
// 파일 패스 관련 구조체
|
|
struct _BS1FLT_SET_PATH file_path_;
|
|
// 프로세스 이름 관련 구조체
|
|
struct _BS1FLT_SET_PROCESS_PATH process_path_;
|
|
struct _BS1FLT_REG_KEY regkey_;
|
|
struct _BS1FLT_USB_DISK_EXCEPT usb_except_;
|
|
struct _BS1FLT_USB_PORT_EXCEPT usb_port_except_;
|
|
struct _BS1FLT_PROCESS_CREATE_BLOCK_RULE process_create_block_rule_;
|
|
}w;
|
|
|
|
}BS1FLT_MESSAGE , *PBS1FLT_MESSAGE; |