EaseFilter Demo Project
FilterMessage.cpp
Go to the documentation of this file.
1 //
3 // (C) Copyright 2011 EaseFilter Technologies Inc.
4 // All Rights Reserved
5 //
6 // This software is part of a licensed software product and may
7 // only be used or copied in accordance with the terms of that license.
8 //
10 
11 #include "stdafx.h"
12 #include "Tools.h"
13 #include "FilterAPI.h"
14 #include "UnitTest.h"
15 
16 #define PrintMessage wprintf //ToDebugger
17 
18 //
19 //Here displays the I/O information from filter driver for monitor filter driver and control filter driver
20 //For every I/O callback data, you always can get this information:
21 //
22 //The file related information: file name,file size, file attributes, file time.
23 //The user information who initiated the I/O: user name, user SID.
24 //The process information which initiated the I/O: process name, process Id, thread Id.
25 //The I/O result for post I/O requests: sucess code or the error code.
26 
27 VOID
29 {
30  WCHAR userName[MAX_PATH];
31  WCHAR domainName[MAX_PATH];
32 
33  int userNameSize = MAX_PATH;
34  int domainNameSize = MAX_PATH;
35  SID_NAME_USE snu;
36 
37  __try
38  {
39  BOOL ret = LookupAccountSid( NULL,
40  pSendMessage->Sid,
41  userName,
42  (LPDWORD)&userNameSize,
43  domainName,
44  (LPDWORD)&domainNameSize,
45  &snu);
46 
47  if( pSendMessage->Status > STATUS_ERROR )
48  {
49  ChangeColour(FOREGROUND_RED);
50  }
51  else if ( pSendMessage->Status > STATUS_WARNING )
52  {
53  ChangeColour(FOREGROUND_RED|FOREGROUND_GREEN);
54  }
55 
56 
57  PrintMessage( L"\nId# %d MessageType:0X%0x UserName:%ws\\%ws\nProcessId:%d ThreadId:%d Return Status:%0x\nFileSize:%I64d Attributes:%0x FileName:%ws\n"
58  ,pSendMessage->MessageId,pSendMessage->MessageType,domainName,userName
59  ,pSendMessage->ProcessId,pSendMessage->ThreadId,pSendMessage->Status
60  ,pSendMessage->FileSize,pSendMessage->FileAttributes,pSendMessage->FileName);
61 
62 
63  ChangeColour(FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
64 
65  switch( pSendMessage->MessageType )
66  {
67 
68  case PRE_CREATE:
69  case POST_CREATE:
70  {
71  //for Disposition,ShareAccess,DesiredAccess,CreateOptions Please reference Winddows API CreateFile
72  //http://msdn.microsoft.com/en-us/library/aa363858%28v=vs.85%29.aspx
73 
74  PrintMessage( L"CreateRequest DesiredAccess=%d Disposition=%d ShareAccess=%d CreateOptions=0x%0x CreateStatus = %d fileName:%ws\n"
75  ,pSendMessage->DesiredAccess,pSendMessage->Disposition,pSendMessage->ShareAccess,pSendMessage->CreateOptions,pSendMessage->CreateStatus,pSendMessage->FileName);
76 
77 
78  //SendMessage->CreateStatus is create status,it is only valid in post create,the possible value is:
79  //FILE_SUPERSEDED = 0x00000000,
80  //FILE_OPENED = 0x00000001,
81  //FILE_CREATED = 0x00000002,
82  //FILE_OVERWRITTEN = 0x00000003,
83  //FILE_EXISTS = 0x00000004,
84  //FILE_DOES_NOT_EXIST = 0x00000005,
85 
86 
88  //HANDLE hFile = INVALID_HANDLE_VALUE;
89 
91  //ret = GetFileHandleInFilter(pSendMessage->FileName,GENERIC_READ|GENERIC_WRITE,&hFile);
92 
93  //if(!ret)
94  //{
95  // PrintLastErrorMessage(L"GetFileHandleInFilter failed.");
96  // break;
97  //}
98  //else
99  //{
100  // PrintMessage( L"Get File Hanle:%p\n"
101  // ,hFile);
102 
103  //}
104 
105  //if( INVALID_HANDLE_VALUE != hFile)
106  //{
107  // CloseHandle(hFile);
108  //}
109 
110  break;
111  }
112 
115  case PRE_SET_INFORMATION:
117  {
118  //FltQueryInformationFile API,http://msdn.microsoft.com/en-us/library/windows/hardware/ff543439%28v=vs.85%29.aspx
119  //FltSetInformationFile API,http://msdn.microsoft.com/en-us/library/windows/hardware/ff544516%28v=VS.85%29.aspx
120  PrintMessage( L"Query/Set information request FileInformationClass = %d oldName:%ws newname:%ws\n"
121  ,pSendMessage->InfoClass,pSendMessage->FileName,pSendMessage->DataBuffer);
122 
123  //for POST_QUERY_INFORMATION request, the pSendMessage->DataBuffer contains the data which return from the file system.
124  //for PRE_SET_INFORMATION request, the pSendMessage->DataBuffer contains the data which will write down to the file system.
125 
126  break;
127  }
128 
129  case PRE_QUERY_SECURITY:
130  case POST_QUERY_SECURITY:
131  case PRE_SET_SECURITY:
132  case POST_SET_SECURITY:
133  {
134  //FltQuerySecurityObject API,http://msdn.microsoft.com/en-us/library/windows/hardware/ff543441%28v=vs.85%29.aspx
135  //FltSetSecurityObject API,http://msdn.microsoft.com/en-us/library/ff544538
136  PrintMessage( L"Query/Set information request SecurityInformation = %d \n",pSendMessage->InfoClass);
137 
138  /* LPWSTR strDacl;
139  ULONG length = 0;
140  BOOL ret = ConvertSecurityDescriptorToStringSecurityDescriptor(pSendMessage->DataBuffer, SDDL_REVISION_1,DACL_SECURITY_INFORMATION, &strDacl, &length);
141  DWORD errorCode = 0;
142  if(!ret)
143  {
144  errorCode = GetLastError();
145  }
146  PrintMessage( L"ret:%d %ws length:%d errorCode:%d\n",ret,strDacl,length,errorCode);
147  LocalFree(strDacl);*/
148 
149  //for POST_QUERY_SECURITY request, the pSendMessage->DataBuffer contains the data which return from the file system.
150  //for PRE_SET_SECURITY request, the pSendMessage->DataBuffer contains the data which will write down to the file system.
151 
152  break;
153  }
154 
155 
156  case PRE_DIRECTORY:
157  case POST_DIRECTORY:
158  {
159  //FltQueryDirectoryFile API,http://msdn.microsoft.com/en-us/library/windows/hardware/ff543433%28v=vs.85%29.aspx
160  PrintMessage( L"Browse directory request, DataBuffer:%0x FileInformationClass = %d \n" ,pSendMessage->DataBuffer,pSendMessage->InfoClass);
161 
162  //for POST_DIRECTORY request, the pSendMessage->DataBuffer contains the data which return from the file system.
163 
164  break;
165  }
166 
167  case PRE_FASTIO_READ:
168  case POST_FASTIO_READ:
169  case PRE_CACHE_READ:
170  case POST_CACHE_READ:
171  case PRE_NOCACHE_READ:
172  case POST_NOCACHE_READ:
173  case PRE_PAGING_IO_READ:
174  case POST_PAGING_IO_READ:
175  {
176  //FltReadFile API,http://msdn.microsoft.com/en-us/library/windows/hardware/ff544286%28v=vs.85%29.aspx
177  PrintMessage( L"Id#:%d Read requst, Offset = %I64d Length = %d returnLength = %d \n"
178  ,pSendMessage->MessageId,pSendMessage->Offset,pSendMessage->Length,pSendMessage->DataBufferLength);
179 
180  //display the read data return from file system.
181  //printf("data:%s",pSendMessage->DataBuffer); //it is ansi code characters
182  //wprintf("data:%ws",pSendMessage->DataBuffer); //it is unicode characters
183 
184  //for post read request, the pSendMessage->DataBuffer contains the data which return from the file system.
185 
186  break;
187  }
188 
189  case PRE_FASTIO_WRITE:
190  case POST_FASTIO_WRITE:
191  case PRE_CACHE_WRITE:
192  case POST_CACHE_WRITE:
193  case PRE_NOCACHE_WRITE:
194  case POST_NOCACHE_WRITE:
195  case PRE_PAGING_IO_WRITE:
197  {
198  //FltWriteFile API,http://msdn.microsoft.com/en-us/library/windows/hardware/ff544610%28v=vs.85%29.aspx
199  PrintMessage( L"WRITE requst, Offset = %I64d Length = %d returnLength = %d \n"
200  ,pSendMessage->Offset,pSendMessage->Length,pSendMessage->DataBufferLength);
201 
202  //display the write data to file system.
203  //printf("data:%s",pSendMessage->DataBuffer); //it is ansi code characters
204  //wprintf("data:%ws",pSendMessage->DataBuffer); //it is unicode characters
205 
206  //for pre write request, the pSendMessage->DataBuffer contains the data which will write down to the file system.
207 
208  break;
209  }
210 
211  default: break;
212  }
213 
214  }
215  __except( EXCEPTION_EXECUTE_HANDLER )
216  {
217  PrintErrorMessage( L"DisplayFilterMessageInfo failed.",GetLastError());
218  }
219 
220 return ;
221 
222 }
WCHAR * userName
Definition: FilterAPI.h:604
VOID DisplayFilterMessageInfo(IN PMESSAGE_SEND_DATA pSendMessage)
void PrintErrorMessage(LPWSTR message, DWORD errorCode)
Definition: Tools.cpp:93
#define MAX_PATH
Definition: FilterAPI.h:23
void ChangeColour(WORD theColour)
Definition: Tools.cpp:18
#define PrintMessage
#define STATUS_WARNING
#define STATUS_ERROR

Social Network


Services Overview

Architect, implement and test file system filter drivers for a wide range of functionality. We can offer several levels of assistance to meet your specific.

Contact Us

You are welcome to contact us for salse or partnership.

Sales: sales@easefilter.com
Support: support@easefilter.com
Info: info@easefilter.com