EaseFilter Demo Project
CommonObjects/FilterMessage.cs
Go to the documentation of this file.
1 //
3 // (C) Copyright 2011 EaseFilter Technologies Inc.
4 // All Rights Reserved
5 //
6 // This software is part of a licensed software product and may
7 // only be used or copied in accordance with the terms of that license.
8 //
10 
11 using System;
12 using System.Collections.Generic;
13 using System.ComponentModel;
14 using System.Data;
15 using System.Drawing;
16 using System.Text;
17 using System.Windows.Forms;
18 using System.Runtime.InteropServices;
19 using System.Security.Principal;
20 using System.IO;
21 using System.Threading;
22 using System.Reflection;
23 
24 namespace EaseFilter.CommonObjects
25 {
26  public class ByteArrayComparer : IEqualityComparer<byte[]>
27  {
28  public bool Equals(byte[] left, byte[] right)
29  {
30  if (left == null || right == null)
31  {
32  return left == right;
33  }
34  if (left.Length != right.Length)
35  {
36  return false;
37  }
38  for (int i = 0; i < left.Length; i++)
39  {
40  if (left[i] != right[i])
41  {
42  return false;
43  }
44  }
45  return true;
46  }
47 
48  public int GetHashCode(byte[] key)
49  {
50  if (key == null)
51  throw new ArgumentNullException("key");
52  int sum = 0;
53  foreach (byte cur in key)
54  {
55  sum += cur;
56  }
57  return sum;
58  }
59  }
60 
61  public class FilterMessage : IDisposable
62  {
63  int maxRetry = 3;
64  int waitTimeout = 2000; //2seconds
65  Dictionary<string, int> retryFiles = new Dictionary<string, int>();
66 
67  ListView listView_Message = null;
68  Thread messageThread = null;
69  Queue<FilterAPI.MessageSendData> messageQueue = new Queue<FilterAPI.MessageSendData>();
70 
71  AutoResetEvent autoEvent = new AutoResetEvent(false);
72  bool disposed = false;
73 
74 
75  public FilterMessage(ListView lvMessage)
76  {
77  this.listView_Message = lvMessage;
78  InitListView();
79  messageThread = new Thread(new ThreadStart(ProcessMessage));
80  messageThread.Name = "ProcessMessage";
81  messageThread.Start();
82  }
83 
84  public void Dispose()
85  {
86  Dispose(true);
87  GC.SuppressFinalize(this);
88  }
89 
90  private void Dispose(bool disposing)
91  {
92  if (!this.disposed)
93  {
94  }
95 
96  autoEvent.Set();
97  messageThread.Abort();
98  disposed = true;
99  }
100 
101  ~FilterMessage()
102  {
103  Dispose(false);
104  }
105 
106  public void InitListView()
107  {
108  messageQueue.Clear();
109  //init ListView control
110  listView_Message.Clear(); //clear control
111  //create column header for ListView
112  listView_Message.Columns.Add("#", 40, System.Windows.Forms.HorizontalAlignment.Left);
113  listView_Message.Columns.Add("Time", 120, System.Windows.Forms.HorizontalAlignment.Left);
114  listView_Message.Columns.Add("UserName", 150, System.Windows.Forms.HorizontalAlignment.Left);
115  listView_Message.Columns.Add("ProcessName(PID)", 100, System.Windows.Forms.HorizontalAlignment.Left);
116  listView_Message.Columns.Add("ThreadId", 60, System.Windows.Forms.HorizontalAlignment.Left);
117  listView_Message.Columns.Add("I/O Name", 160, System.Windows.Forms.HorizontalAlignment.Left);
118  listView_Message.Columns.Add("FileObject", 100, System.Windows.Forms.HorizontalAlignment.Left);
119  listView_Message.Columns.Add("FileName", 350, System.Windows.Forms.HorizontalAlignment.Left);
120  listView_Message.Columns.Add("FileSize", 70, System.Windows.Forms.HorizontalAlignment.Left);
121  listView_Message.Columns.Add("FileAttributes", 70, System.Windows.Forms.HorizontalAlignment.Left);
122  listView_Message.Columns.Add("LastWriteTime", 120, System.Windows.Forms.HorizontalAlignment.Left);
123  listView_Message.Columns.Add("Return Status", 100, System.Windows.Forms.HorizontalAlignment.Left);
124  listView_Message.Columns.Add("Description", 500, System.Windows.Forms.HorizontalAlignment.Left);
125  }
126 
127  public void AddMessage(FilterAPI.MessageSendData messageSend)
128  {
129  lock (messageQueue)
130  {
131  if (messageQueue.Count > GlobalConfig.MaximumFilterMessages)
132  {
133  messageQueue.Clear();
134  }
135 
136  messageQueue.Enqueue(messageSend);
137  }
138 
139  autoEvent.Set();
140 
141  }
142 
143 
144  void ProcessMessage()
145  {
146 
147  List<ListViewItem> itemList = new List<ListViewItem>();
148 
149  WaitHandle[] waitHandles = new WaitHandle[] { autoEvent, GlobalConfig.stopEvent };
150 
151  while (GlobalConfig.isRunning)
152  {
153  if (messageQueue.Count == 0)
154  {
155  int result = WaitHandle.WaitAny(waitHandles, waitTimeout);
156  if (!GlobalConfig.isRunning)
157  {
158  return;
159  }
160  }
161 
162  while (messageQueue.Count > 0)
163  {
164  FilterAPI.MessageSendData messageSend;
165 
166  lock (messageQueue)
167  {
168  messageSend = (FilterAPI.MessageSendData)messageQueue.Dequeue();
169  }
170 
171  if ( messageSend.MessageType == (uint)FilterAPI.FilterCommand.FILTER_SEND_FILE_CHANGED_EVENT
172  && messageSend.FileName.EndsWith(DigitalRightControl.SECURE_SHARE_FILE_EXTENSION))
173  {
174  ProcessSecuredSharedFile(messageSend);
175  }
176 
177  string[] filterMessages = new string[0];
178  ListViewItem lvItem = GetFilterMessage(messageSend, ref filterMessages);
179 
181  {
182  LogTrasaction(filterMessages);
183  }
184 
186  {
187  itemList.Add(lvItem);
188 
189  if (itemList.Count > GlobalConfig.MaximumFilterMessages/2)
190  {
191  AddItemToList(itemList);
192  itemList.Clear();
193  }
194  }
195  }
196 
197  if (itemList.Count > 0)
198  {
199  AddItemToList(itemList);
200  itemList.Clear();
201  }
202 
203  RetryProcessSecureSharedFiles();
204  }
205 
206 
207  }
208 
210  {
211  if (listView_Message == null)
212  {
213  return;
214  }
215 
216  try
217  {
218  Assembly assembly = System.Reflection.Assembly.GetEntryAssembly();
219  string assemblyPath = Path.GetDirectoryName(assembly.Location);
220 
221  string filterMessageLogName = GlobalConfig.FilterMessageLogName;
222  string logFileName = Path.Combine(assemblyPath, filterMessageLogName);
223 
224  if (!File.Exists(logFileName))
225  {
226  return;
227  }
228 
229  string[] logMessage = File.ReadAllLines(logFileName);
230  List<ListViewItem> itemList = new List<ListViewItem>();
231 
232  foreach(string itemStr in logMessage)
233  {
234  if (itemStr.Trim().Length > 0)
235  {
236  string[] listData = itemStr.Split(new char[] { '|' });
237  if (listData.Length >= listView_Message.Columns.Count)
238  {
239  ListViewItem lvItem = new ListViewItem(listData, 0);
240 
241  uint status = 0;
242  string statusStr = listData[listView_Message.Columns.Count - 2];
243  int index1 = statusStr.IndexOf('(');
244  int index2 = statusStr.IndexOf(')');
245 
246  if (index1 >= 0 && index2 > 2)
247  {
248  statusStr = statusStr.Substring(index1 + 3, index2 - index1 -3 );
249  uint.TryParse(statusStr, System.Globalization.NumberStyles.HexNumber,null, out status);
250 
251  if (status >= (uint)NtStatus.Status.Error)
252  {
253  lvItem.BackColor = Color.LightGray;
254  lvItem.ForeColor = Color.Red;
255  }
256  else if (status > (uint)NtStatus.Status.Warning)
257  {
258  lvItem.BackColor = Color.LightGray;
259  lvItem.ForeColor = Color.Yellow;
260  }
261  }
262 
263  itemList.Add(lvItem);
264  }
265  }
266  }
267 
268  if (itemList.Count > 0)
269  {
270  listView_Message.Items.Clear();
271  AddItemToList(itemList);
272  }
273 
274  }
275  catch (Exception ex)
276  {
277  EventManager.WriteMessage(265, "LoadLogMessage", EventLevel.Error, "Load log message failed with error " + ex.Message);
278  }
279  }
280 
281  private void LogTrasaction(string[] filterMessages)
282  {
283  try
284  {
285  Assembly assembly = System.Reflection.Assembly.GetEntryAssembly();
286  string assemblyPath = Path.GetDirectoryName(assembly.Location);
287 
288  string filterMessageLogName = GlobalConfig.FilterMessageLogName;
289 
290  string logFileName = Path.Combine(assemblyPath, filterMessageLogName);
291  string logFolder = Path.GetDirectoryName(logFileName);
292 
293  if (!Directory.Exists(logFolder))
294  {
295  Directory.CreateDirectory(logFolder);
296  }
297 
298  string logMessage = string.Empty;
299 
300  for (int i = 0; i < filterMessages.Length; i++)
301  {
302  logMessage += filterMessages[i].Trim() + "|";
303  }
304 
305  if (logMessage.Length > 0)
306  {
307  File.AppendAllText(logFileName, logMessage + "\r\n");
308 
309  FileInfo fileInfo = new FileInfo(logFileName);
310 
311  if (fileInfo.Length > GlobalConfig.FilterMessageLogFileSize)
312  {
313  File.Delete(logFileName + ".bak");
314  File.Move(logFileName, logFileName + ".bak");
315  }
316  }
317  }
318  catch (Exception ex)
319  {
320  EventManager.WriteMessage(172, "LogTrasaction", EventLevel.Error, "Log filter message failed with error " + ex.Message);
321  }
322 
323  }
324 
325 
326  void AddItemToList(List<ListViewItem> itemList)
327  {
328  if (itemList.Count < 1)
329  {
330  return;
331  }
332 
333  if (listView_Message.InvokeRequired)
334  {
335  listView_Message.Invoke(new MethodInvoker(delegate { AddItemToList(itemList); }));
336  }
337  else
338  {
339 
340  while (listView_Message.Items.Count > 0 && listView_Message.Items.Count + itemList.Count > GlobalConfig.MaximumFilterMessages)
341  {
342  //the message records in the list view reached to the maximum value, remove the first one till the record less than the maximum value.
343  listView_Message.Items.Clear();
344  }
345 
346 
347  if (itemList.Count > 0)
348  {
349  listView_Message.Items.AddRange(itemList.ToArray());
350  listView_Message.EnsureVisible(listView_Message.Items.Count - 1);
351 
352  itemList.Clear();
353 
354  }
355  }
356  }
357 
358 
359  string FormatDescription(FilterAPI.MessageSendData messageSend)
360  {
361 
362  string message = string.Empty;
363  try
364  {
365  if (messageSend.MessageType == (uint)FilterAPI.FilterCommand.FILTER_SEND_FILE_CHANGED_EVENT
366  && messageSend.InfoClass == (uint)FilterAPI.EVENTTYPE.RENAMED)
367  {
368  string newFileName = string.Empty;
369 
370  if (messageSend.DataBufferLength > 0)
371  {
372  byte[] buffer = new byte[messageSend.DataBufferLength];
373  Array.Copy(messageSend.DataBuffer, buffer, buffer.Length);
374  newFileName = Encoding.Unicode.GetString(buffer);
375  }
376 
377  message = "File " + messageSend.FileName + " was renamed to " + newFileName;
378  return message;
379  }
380 
381  switch ((FilterAPI.MessageType)messageSend.MessageType)
382  {
383 
384  case FilterAPI.MessageType.POST_CREATE:
385  {
386  if ((messageSend.CreateOptions & (uint)WinData.CreateOptions.FILE_DELETE_ON_CLOSE) > 0)
387  {
388  message = "file was marked as deleted.";
389  }
390 
391  if (messageSend.Status == (uint)NtStatus.Status.Success)
392  {
393  //the create status is meaningful only when the status is succeeded.
394  message += "CreateStatus:" + ((WinData.CreateStatus)messageSend.CreateStatus).ToString();
395  }
396 
397  message += " DesiredAccess:" + FormatDesiredAccess(messageSend.DesiredAccess);
398  message += " Disposition:" + ((WinData.Disposition)messageSend.Disposition).ToString();
399  message += " ShareAccess:" + ((WinData.ShareAccess)messageSend.SharedAccess).ToString();
400  message += " CreateOptions:" + FormatCreateOptions(messageSend.CreateOptions);
401 
402  break;
403 
404  }
405 
406  case FilterAPI.MessageType.POST_CACHE_READ:
407  case FilterAPI.MessageType.POST_FASTIO_READ:
408  case FilterAPI.MessageType.POST_NOCACHE_READ:
409  case FilterAPI.MessageType.POST_PAGING_IO_READ:
410  {
411  message = "read offset:" + messageSend.Offset + " length:" + messageSend.Length;
412  //read data is here
413  //messageSend.DataBufferLength, messageSend.DataBuffer
414 
415  break;
416  }
417 
418  case FilterAPI.MessageType.POST_CACHE_WRITE:
419  case FilterAPI.MessageType.POST_FASTIO_WRITE:
420  case FilterAPI.MessageType.POST_NOCACHE_WRITE:
421  case FilterAPI.MessageType.POST_PAGING_IO_WRITE:
422  {
423  message = "write offset:" + messageSend.Offset + " length:" + messageSend.Length;
424  //written data is here
425  //messageSend.DataBufferLength, messageSend.DataBuffer
426 
427  break;
428  }
429  case FilterAPI.MessageType.POST_SET_INFORMATION:
430  {
431  message = FormatInformationDataBuffer((WinData.FileInfomationClass)messageSend.InfoClass, messageSend.DataBufferLength, messageSend.DataBuffer);
432 
433  break;
434  }
435  case FilterAPI.MessageType.POST_QUERY_INFORMATION:
436  {
437  message = FormatInformationDataBuffer((WinData.FileInfomationClass)messageSend.InfoClass, messageSend.DataBufferLength, messageSend.DataBuffer);
438 
439  break;
440  }
441  case FilterAPI.MessageType.POST_SET_SECURITY:
442  {
443  message = "set security with information class:" + FormatSecurityInfoClass(messageSend.InfoClass);
444  break;
445  }
446  case FilterAPI.MessageType.POST_QUERY_SECURITY:
447  {
448  message = "query security with information class:" + FormatSecurityInfoClass(messageSend.InfoClass);
449  break;
450  }
451  case FilterAPI.MessageType.POST_DIRECTORY:
452  {
453  message = "browse directory with information class:" + ((WinData.FileInfomationClass)messageSend.InfoClass).ToString();
454  break;
455  }
456  case FilterAPI.MessageType.POST_CLEANUP:
457  {
458  message = "all file handles to fileObject " + messageSend.FileObject.ToString("X") + " were closed.";
459  break;
460  }
461  case FilterAPI.MessageType.POST_CLOSE:
462  {
463  message = "all system references to fileObject " + messageSend.FileObject.ToString("X") + " were closed.";
464  break;
465  }
466  }
467  }
468  catch (Exception ex)
469  {
470  EventManager.WriteMessage(318, "FormatDescription", EventLevel.Error, "Format description failed with error " + ex.Message);
471  }
472 
473 
474  return message;
475  }
476 
477 
482  private void ProcessSecuredSharedFile(FilterAPI.MessageSendData messageSend)
483  {
484 
485  string lastError = string.Empty;
486 
487  if (!DigitalRightControl.ProcessSecureShareFile(messageSend.FileName, out lastError))
488  {
489  if (!retryFiles.ContainsKey(messageSend.FileName))
490  {
491  retryFiles.Add(messageSend.FileName, 0);
492  }
493 
494  EventManager.WriteMessage(147, "ProcessSecureShareFile", EventLevel.Error, lastError);
495  }
496  else
497  {
498  EventManager.WriteMessage(159, "ProcessSecureShareFile", EventLevel.Verbose, "Process secure file " + messageSend.FileName + " succeeded.");
499  }
500  }
501 
502  private void RetryProcessSecureSharedFiles()
503  {
504 
505  try
506  {
507  if (retryFiles.Count > 0)
508  {
509  List<string> itemsToDelete = new List<string>();
510  foreach (KeyValuePair<string, int> entry in retryFiles)
511  {
512  if (entry.Value > 0 && entry.Value < maxRetry)
513  {
514  string lastError = string.Empty;
515  if (DigitalRightControl.ProcessSecureShareFile(entry.Key, out lastError) || entry.Value == maxRetry - 1)
516  {
517  EventManager.WriteMessage(176, "ProcessSecureShareFile", EventLevel.Verbose, "Process secure file " + entry.Key + " succeeded,maxRetry:" + entry.Value);
518  itemsToDelete.Add(entry.Key);
519  }
520  else
521  {
522  retryFiles[entry.Key] = entry.Value + 1;
523  }
524  }
525  }
526 
527  foreach (string item in itemsToDelete)
528  {
529  retryFiles.Remove(item);
530  }
531 
532  }
533  }
534  catch (Exception ex)
535  {
536  EventManager.WriteMessage(176, "RetryProcessSecureSharedFiles", EventLevel.Verbose, "RetryProcessSecureSharedFiles failed with error: " + ex.Message);
537  }
538  }
539 
540  public static string FormatIOName(FilterAPI.MessageSendData messageSend)
541  {
542  string ioName = string.Empty;
543 
544  if (messageSend.MessageType == (uint)FilterAPI.FilterCommand.FILTER_SEND_FILE_CHANGED_EVENT)
545  {
546  foreach (FilterAPI.EVENTTYPE eventType in Enum.GetValues(typeof(FilterAPI.EVENTTYPE)))
547  {
548  if (eventType != FilterAPI.EVENTTYPE.NONE && ( (messageSend.InfoClass & (uint)eventType) > 0) )
549  {
550  if (ioName.Length > 0)
551  {
552  ioName = ioName + " ," + eventType.ToString();
553  }
554  else
555  {
556  ioName = eventType.ToString();
557  }
558  }
559  }
560 
561  }
562  else if (messageSend.MessageType == (uint)FilterAPI.FilterCommand.FILTER_REQUEST_USER_PERMIT
563  || messageSend.MessageType == (uint)FilterAPI.FilterCommand.FILTER_REQUEST_ENCRYPTION_IV_AND_KEY)
564  {
565  ioName = "REQUEST_ACCESS_PERMISSION";
566  }
567  else
568  {
569  ioName = ((FilterAPI.MessageType)messageSend.MessageType).ToString();
570  }
571 
572  return ioName;
573  }
574 
575  ListViewItem GetFilterMessage(FilterAPI.MessageSendData messageSend, ref string[] filterMessages)
576  {
577  ListViewItem lvItem = new ListViewItem();
578 
579  try
580  {
581 
582  string userName = string.Empty;
583  string processName = string.Empty;
584 
585  FilterAPI.DecodeUserName(messageSend.Sid, out userName);
586  FilterAPI.DecodeProcessName(messageSend.ProcessId, out processName);
587 
588  if ((messageSend.CreateOptions & (uint)WinData.CreateOptions.FO_REMOTE_ORIGIN) > 0)
589  {
590  //this is the request comes from remote server
591  userName += ",remote access from network.";
592  }
593 
594  string[] listData = new string[listView_Message.Columns.Count];
595  int col = 0;
596  listData[col++] = messageSend.MessageId.ToString();
597  listData[col++] = FormatDateTime(messageSend.TransactionTime);
598  listData[col++] = userName;
599  listData[col++] = processName + " (" + messageSend.ProcessId + ")";
600  listData[col++] = messageSend.ThreadId.ToString();
601  listData[col++] = FormatIOName(messageSend);
602  listData[col++] = messageSend.FileObject.ToString("X");
603  listData[col++] = messageSend.FileName;
604  listData[col++] = messageSend.FileSize.ToString();
605  listData[col++] = ((FileAttributes)messageSend.FileAttributes).ToString();
606  listData[col++] = FormatDateTime(messageSend.LastWriteTime);
607  listData[col++] = FormatStatus(messageSend.Status);
608  listData[col++] = FormatDescription(messageSend);
609 
610  filterMessages = listData;
611 
612  lvItem = new ListViewItem(listData, 0);
613 
614  if (messageSend.Status >= (uint)NtStatus.Status.Error)
615  {
616  lvItem.BackColor = Color.LightGray;
617  lvItem.ForeColor = Color.Red;
618  }
619  else if (messageSend.Status > (uint)NtStatus.Status.Warning)
620  {
621  lvItem.BackColor = Color.LightGray;
622  lvItem.ForeColor = Color.Yellow;
623  }
624 
625 
626  }
627  catch (Exception ex)
628  {
629  EventManager.WriteMessage(445, "GetFilterMessage", EventLevel.Error, "Add callback message failed." + ex.Message);
630  lvItem = null;
631  }
632 
633  return lvItem;
634  }
635 
636 
637  string FormatDesiredAccess(uint desiredAccess)
638  {
639  string ret = string.Empty;
640 
641  foreach (WinData.DisiredAccess access in Enum.GetValues(typeof(WinData.DisiredAccess)))
642  {
643  if (access == (WinData.DisiredAccess)((uint)access & desiredAccess))
644  {
645  ret += access.ToString() + "; ";
646  }
647  }
648 
649  return ret;
650  }
651 
652  string FormatCreateOptions(uint createOptions)
653  {
654  string ret = string.Empty;
655 
656  foreach (WinData.CreateOptions option in Enum.GetValues(typeof(WinData.CreateOptions)))
657  {
658  if (option == (WinData.CreateOptions)((uint)option & createOptions))
659  {
660  ret += option.ToString() + "; ";
661  }
662  }
663 
664  if (string.IsNullOrEmpty(ret))
665  {
666  ret = "(0x)" + createOptions.ToString("X");
667  }
668 
669  return ret;
670  }
671 
672  string FormatDateTime(long lDateTime)
673  {
674  try
675  {
676  if (0 == lDateTime)
677  {
678  return "0";
679  }
680 
681  DateTime dateTime = DateTime.FromFileTime(lDateTime);
682  string ret = dateTime.ToShortDateString() + " " + dateTime.ToShortTimeString();
683  return ret;
684  }
685  catch (Exception ex)
686  {
687  EventManager.WriteMessage(502, "FormatDateTime", EventLevel.Error, "FormatDateTime :" + lDateTime.ToString() + " failed." + ex.Message);
688  return ex.Message;
689  }
690  }
691 
692  string FormatInformationDataBuffer(WinData.FileInfomationClass infoClass, uint dataLength, byte[] data)
693  {
694  string retValue = string.Empty;
695 
696  try
697  {
698  switch (infoClass)
699  {
700  case WinData.FileInfomationClass.FileRenameInformation:
701  {
702  //destination name
703  retValue = "file was renamed to " + Encoding.Unicode.GetString(data);
704  break;
705  }
706  case WinData.FileInfomationClass.FileDispositionInformation:
707  {
708  //the deletion only complete in the post_cleanup I/O
709  retValue = "file was marked as deleted.";
710  break;
711  }
712  case WinData.FileInfomationClass.FileEndOfFileInformation:
713  {
714  long newFileSize = BitConverter.ToInt64(data, 0);
715  retValue = "file size was changed to:" + newFileSize.ToString();
716  break;
717  }
718  case WinData.FileInfomationClass.FileBasicInformation:
719  {
720  WinData.FileBasicInformation basiInfo = new WinData.FileBasicInformation();
721  GCHandle pinnedPacket = GCHandle.Alloc(data, GCHandleType.Pinned);
722  basiInfo = (WinData.FileBasicInformation)Marshal.PtrToStructure(
723  pinnedPacket.AddrOfPinnedObject(), typeof(WinData.FileBasicInformation));
724  pinnedPacket.Free();
725 
726  retValue = "FileBasicInformation result,creation time:" + FormatDateTime(basiInfo.CreationTime) + " ";
727  retValue += "last access time:" + FormatDateTime(basiInfo.LastAccessTime) + " ";
728  retValue += "last write time:" + FormatDateTime(basiInfo.LastWriteTime) + " ";
729  retValue += "file attributes:" + ((FileAttributes)basiInfo.FileAttributes).ToString();
730  break;
731  }
732 
733  case WinData.FileInfomationClass.FileStandardInformation:
734  {
735  WinData.FileStandardInformation standardInfo = new WinData.FileStandardInformation();
736  GCHandle pinnedPacket = GCHandle.Alloc(data, GCHandleType.Pinned);
737  standardInfo = (WinData.FileStandardInformation)Marshal.PtrToStructure(
738  pinnedPacket.AddrOfPinnedObject(), typeof(WinData.FileStandardInformation));
739  pinnedPacket.Free();
740 
741  retValue = "FileStandardInformation result, file size:" + standardInfo.EndOfFile.ToString() + " ";
742  retValue += "allocation size:" + standardInfo.AllocationSize.ToString() + " ";
743  retValue += "isDirectory:" + standardInfo.Directory.ToString();
744  break;
745  }
746  case WinData.FileInfomationClass.FileNetworkOpenInformation:
747  {
748  WinData.FileNetworkInformation networkInfo = new WinData.FileNetworkInformation();
749  GCHandle pinnedPacket = GCHandle.Alloc(data, GCHandleType.Pinned);
750  networkInfo = (WinData.FileNetworkInformation)Marshal.PtrToStructure(
751  pinnedPacket.AddrOfPinnedObject(), typeof(WinData.FileNetworkInformation));
752  pinnedPacket.Free();
753 
754  retValue = "FileNetworkOpenInformation result,creation time:" + FormatDateTime(networkInfo.CreationTime) + " ";
755  retValue += "last access time:" + FormatDateTime(networkInfo.LastAccessTime) + " ";
756  retValue += "last write time:" + FormatDateTime(networkInfo.LastWriteTime) + " ";
757  retValue += "file size:" + networkInfo.FileSize.ToString() + " ";
758  retValue += "file attributes:" + ((FileAttributes)networkInfo.FileAttributes).ToString();
759  break;
760  }
761 
762  case WinData.FileInfomationClass.FileInternalInformation:
763  {
764  long fileId = BitConverter.ToInt64(data, 0);
765  retValue = "FileInternalInformation result, fileId: (0x)" + fileId.ToString("X");
766  break;
767  }
768 
769  default:
770  {
771  retValue = infoClass.ToString() + "(" + ((uint)infoClass).ToString("X") + ")";
772  break;
773  }
774  }
775 
776  }
777  catch (Exception ex)
778  {
779  EventManager.WriteMessage(594, "FormatInformationDataBuffer", EventLevel.Error, "Format data failed." + ex.Message);
780  retValue = ex.Message;
781  }
782 
783  return retValue;
784  }
785 
786  public static string FormatStatus(uint status)
787  {
788  string ret = string.Empty;
789 
790  foreach (NtStatus.Status ntStatus in Enum.GetValues(typeof(NtStatus.Status)))
791  {
792  if (status == (uint)ntStatus)
793  {
794  ret = ntStatus.ToString() + "(0x" + status.ToString("X") + ")";
795  }
796  }
797 
798  if (string.IsNullOrEmpty(ret))
799  {
800  ret = "(0x" + status.ToString("X") + ")";
801  }
802 
803  return ret;
804  }
805 
806  string FormatSecurityInfoClass(uint infoClass)
807  {
808  string ret = string.Empty;
809 
810  foreach (WinData.SecurityInformation security in Enum.GetValues(typeof(WinData.SecurityInformation)))
811  {
812  if ((infoClass & (int)security) > 0)
813  {
814  if (ret.Length > 0)
815  {
816  ret += ";";
817  }
818 
819  ret += security.ToString();
820  }
821  }
822 
823  return ret;
824  }
825 
826 
827  }
828 }
WCHAR * userName
Definition: FilterAPI.h:604
static bool ProcessSecureShareFile(string fileName, out string lastError)
Process the encrypted file&#39;s embedded access policy, remove embedded information, add AESTagData to e...
unsigned char key[]
WCHAR * processName
Definition: FilterAPI.h:596
static string FormatIOName(FilterAPI.MessageSendData messageSend)
void AddMessage(FilterAPI.MessageSendData messageSend)
Status
A NT status value.
Definition: NtStatus.cs:23
ULONG eventType
Definition: FilterAPI.h:584
static ManualResetEvent stopEvent
Definition: GlobalConfig.cs:77
LONGLONG data
Definition: FilterAPI.h:521

Social Network


Services Overview

Architect, implement and test file system filter drivers for a wide range of functionality. We can offer several levels of assistance to meet your specific.

Contact Us

You are welcome to contact us for salse or partnership.

Sales: sales@easefilter.com
Support: support@easefilter.com
Info: info@easefilter.com