EaseFilter Demo Project
MessageInfo.cs
Go to the documentation of this file.
1 //
3 // (C) Copyright 2011 EaseFilter Technologies Inc.
4 // All Rights Reserved
5 //
6 // This software is part of a licensed software product and may
7 // only be used or copied in accordance with the terms of that license.
8 //
10 
11 using System;
12 using System.Collections.Generic;
13 using System.ComponentModel;
14 using System.Data;
15 using System.Runtime.InteropServices;
16 using System.Security.Principal;
17 using System.IO;
18 using System.Text;
19 using System.Threading;
20 
21 using EaseFilter.CommonObjects;
22 
23 namespace EaseFltCSConsoleDemo
24 {
25  public static class MessageInfo
26  {
27  static object displayLock = new object();
28 
29  public static void DisplayFilterMessage(FilterAPI.MessageSendData messageSend)
30  {
31  lock (displayLock)
32  {
33  try
34  {
35  string userName = string.Empty;
36  string strSid = string.Empty;
37 
38  IntPtr sidBuffer = Marshal.UnsafeAddrOfPinnedArrayElement(messageSend.Sid, 0);
39  ConvertSidToUserNameAndStringSid(sidBuffer, out userName, out strSid);
40 
41  string processName = string.Empty;
42 
43  try
44  {
45  System.Diagnostics.Process requestProcess = System.Diagnostics.Process.GetProcessById((int)messageSend.ProcessId);
46  processName = requestProcess.ProcessName;
47  }
48  catch (Exception ex)
49  {
50  Console.WriteLine("Convert process id to process name failed." + ex.Message);
51  }
52 
53  Console.WriteLine(string.Format("\r\n\r\nId#{0}", messageSend.MessageId.ToString()));
54  Console.WriteLine(string.Format("TransactionTime:{0}", FormatDateTime(messageSend.TransactionTime)));
55  Console.WriteLine(string.Format("UserName:{0}", userName));
56  Console.WriteLine(string.Format("ProcessName:{0}", processName));
57  Console.WriteLine(string.Format("ProcessId:{0}", messageSend.ProcessId.ToString()));
58  Console.WriteLine(string.Format("ThreadId:{0}", messageSend.ThreadId.ToString()));
59  Console.WriteLine(string.Format("FileObject:{0}", messageSend.FileObject.ToString("X")));
60  Console.WriteLine(string.Format("FsContext:{0}", messageSend.FsContext.ToString("X")));
61  Console.WriteLine(string.Format("MessageType:{0}", ((FilterAPI.MessageType)messageSend.MessageType).ToString()));
62  Console.WriteLine(string.Format("FileName:{0}", messageSend.FileName));
63  Console.WriteLine(string.Format("FileSize:{0}", messageSend.FileSize.ToString()));
64  Console.WriteLine(string.Format("FileAttributes:{0}", ((FileAttributes)messageSend.FileAttributes).ToString()));
65  Console.WriteLine(string.Format("CreationTime:{0}", FormatDateTime(messageSend.CreationTime)));
66  Console.WriteLine(string.Format("LastWriteTime:{0}", FormatDateTime(messageSend.LastWriteTime)));
67 
68  if (((FilterAPI.MessageType)messageSend.MessageType == FilterAPI.MessageType.PRE_CREATE)
69  || ((FilterAPI.MessageType)messageSend.MessageType == FilterAPI.MessageType.POST_CREATE))
70  {
71  Console.WriteLine("---------------Start create I/O related information ---------------");
72  Console.WriteLine(string.Format("DesiredAccess:(0x{0:x}){1}", messageSend.DesiredAccess, FormatDesiredAccess(messageSend.DesiredAccess)));
73  Console.WriteLine(string.Format("Disposition:(0x{0:x}){1}", messageSend.Disposition, ((WinData.Disposition)messageSend.Disposition).ToString()));
74  Console.WriteLine(string.Format("SharedAccess:{0}", ((WinData.ShareAccess)messageSend.SharedAccess).ToString()));
75  Console.WriteLine(string.Format("CreateOptions:(0x{0:x}){1}", messageSend.CreateOptions, FormatCreateOptions(messageSend.CreateOptions)));
76 
77  if (messageSend.Status == (uint)NtStatus.Status.Success
78  && ((FilterAPI.MessageType)messageSend.MessageType == FilterAPI.MessageType.POST_CREATE))
79  {
80  //the create status is meaningful only when the status is succeeded.
81  Console.WriteLine(string.Format("CreateStatus:{0}", ((WinData.CreateStatus)messageSend.CreateStatus).ToString()));
82  }
83 
84  Console.WriteLine("---------------End create I/O related information ---------------");
85  }
86 
87  Console.WriteLine(string.Format("I/O return status:{0}", FormatStatus(messageSend.Status)));
88 
89  if (messageSend.InfoClass > 0)
90  {
91  Console.WriteLine(string.Format("InfoClass:{0}", FormatInfoClass((FilterAPI.MessageType)messageSend.MessageType, messageSend.InfoClass)));
92  }
93 
94  if (messageSend.Length > 0)
95  {
96  Console.WriteLine(string.Format("Read/Write Offset:{0}", messageSend.Offset.ToString()));
97  Console.WriteLine(string.Format("Read/Write Length:{0}", messageSend.Length.ToString()));
98  }
99 
100  if (messageSend.DataBufferLength > 0)
101  {
102  Console.WriteLine(string.Format("Data Buffer Length:{0}", messageSend.DataBufferLength.ToString()));
103  Console.WriteLine(string.Format("Data:{0}", FormatDataBuffer((FilterAPI.MessageType)messageSend.MessageType,
104  (WinData.FileInfomationClass)messageSend.InfoClass,
105  messageSend.DataBufferLength,
106  messageSend.DataBuffer)));
107  }
108 
109  }
110  catch (Exception ex)
111  {
112  Console.WriteLine("DisplayFilterMessage failed." + ex.Message);
113  }
114  }
115 
116  return ;
117  }
118 
119 
120  static bool ConvertSidToUserNameAndStringSid(IntPtr sidBuffer, out string userName, out string userSid)
121  {
122  bool ret = true;
123 
124  IntPtr sidStringPtr = IntPtr.Zero;
125  string sidString = string.Empty;
126 
127  userName = string.Empty;
128  userSid = string.Empty;
129 
130  try
131  {
132  if (FilterAPI.ConvertSidToStringSid(sidBuffer, out sidStringPtr))
133  {
134  sidString = Marshal.PtrToStringAuto(sidStringPtr);
135  SecurityIdentifier secIdentifier = new SecurityIdentifier(sidString);
136  IdentityReference reference = secIdentifier.Translate(typeof(NTAccount));
137  userName = reference.Value;
138  userSid = secIdentifier.ToString();
139  }
140  else
141  {
142  string errorMessage = "Convert sid to sid string failed, error code:" + Marshal.GetLastWin32Error();
143  Console.WriteLine(errorMessage);
144  }
145  }
146  catch (Exception ex)
147  {
148  string errorMessage = string.Format("Convert sid to user name got exception:{0}", ex.Message);
149  Console.WriteLine(errorMessage);
150  userName = errorMessage;
151  ret = false;
152 
153  }
154  finally
155  {
156  if (sidStringPtr != null && sidStringPtr != IntPtr.Zero)
157  {
158  IntPtr res = FilterAPI.LocalFree(sidStringPtr);
159  }
160  }
161 
162  return ret;
163  }
164 
165  static string FormatDesiredAccess(uint desiredAccess)
166  {
167  string ret = string.Empty;
168 
169  foreach (WinData.DisiredAccess access in Enum.GetValues(typeof(WinData.DisiredAccess)))
170  {
171  if (access == (WinData.DisiredAccess)((uint)access & desiredAccess))
172  {
173  ret += access.ToString() + "; ";
174  }
175  }
176 
177  return ret;
178  }
179 
180  static string FormatCreateOptions(uint createOptions)
181  {
182  string ret = string.Empty;
183 
184  foreach (WinData.CreateOptions option in Enum.GetValues(typeof(WinData.CreateOptions)))
185  {
186  if (option == (WinData.CreateOptions)((uint)option & createOptions))
187  {
188  ret += option.ToString() + "|";
189  }
190  }
191 
192  if (string.IsNullOrEmpty(ret))
193  {
194  ret = "(0x)" + createOptions.ToString("X");
195  }
196 
197  return ret;
198  }
199 
200  static string FormatDateTime(long lDateTime)
201  {
202  try
203  {
204  if (0 == lDateTime)
205  {
206  return "0";
207  }
208 
209  DateTime dateTime = DateTime.FromFileTime(lDateTime);
210  string ret = dateTime.ToShortDateString() + " " + dateTime.ToShortTimeString();
211  return ret;
212  }
213  catch (Exception ex)
214  {
215  Console.WriteLine("FormatDateTime :" + lDateTime.ToString() + " failed." + ex.Message);
216  return ex.Message;
217  }
218  }
219 
220  static string FormatDataBuffer(FilterAPI.MessageType messageType, WinData.FileInfomationClass infoClass, uint dataLength, byte[] data)
221  {
222  string ret = string.Empty;
223 
224  try
225  {
226  switch (messageType)
227  {
228  case FilterAPI.MessageType.PRE_SET_INFORMATION:
229  case FilterAPI.MessageType.POST_SET_INFORMATION:
230  case FilterAPI.MessageType.PRE_QUERY_INFORMATION:
231  case FilterAPI.MessageType.POST_QUERY_INFORMATION:
232  switch (infoClass)
233  {
234  case WinData.FileInfomationClass.FileRenameInformation:
235  {
236  //destination name
237  ret = "Destination name:" + Encoding.Unicode.GetString(data);
238  break;
239  }
240  case WinData.FileInfomationClass.FileDispositionInformation:
241  {
242  ret = "Delete file.";
243  break;
244  }
245  case WinData.FileInfomationClass.FileEndOfFileInformation:
246  {
247  long newFileSize = BitConverter.ToInt64(data, 0);
248  ret = "Change file size to:" + newFileSize.ToString();
249  break;
250  }
251  case WinData.FileInfomationClass.FileBasicInformation:
252  {
253  WinData.FileBasicInformation basiInfo = new WinData.FileBasicInformation();
254  GCHandle pinnedPacket = GCHandle.Alloc(data, GCHandleType.Pinned);
255  basiInfo = (WinData.FileBasicInformation)Marshal.PtrToStructure(
256  pinnedPacket.AddrOfPinnedObject(), typeof(WinData.FileBasicInformation));
257  pinnedPacket.Free();
258 
259  ret = "creation time:" + FormatDateTime(basiInfo.CreationTime) + " ";
260  ret += "last access time:" + FormatDateTime(basiInfo.LastAccessTime) + " ";
261  ret += "last write time:" + FormatDateTime(basiInfo.LastWriteTime) + " ";
262  ret += "file attributes:" + ((FileAttributes)basiInfo.FileAttributes).ToString();
263  break;
264  }
265 
266  case WinData.FileInfomationClass.FileStandardInformation:
267  {
268  WinData.FileStandardInformation standardInfo = new WinData.FileStandardInformation();
269  GCHandle pinnedPacket = GCHandle.Alloc(data, GCHandleType.Pinned);
270  standardInfo = (WinData.FileStandardInformation)Marshal.PtrToStructure(
271  pinnedPacket.AddrOfPinnedObject(), typeof(WinData.FileStandardInformation));
272  pinnedPacket.Free();
273 
274  ret = "File size:" + standardInfo.EndOfFile.ToString() + " ";
275  ret += "Allocation size:" + standardInfo.AllocationSize.ToString() + " ";
276  ret += "IsDirectory:" + standardInfo.Directory.ToString();
277  break;
278  }
279  case WinData.FileInfomationClass.FileNetworkOpenInformation:
280  {
281  WinData.FileNetworkInformation networkInfo = new WinData.FileNetworkInformation();
282  GCHandle pinnedPacket = GCHandle.Alloc(data, GCHandleType.Pinned);
283  networkInfo = (WinData.FileNetworkInformation)Marshal.PtrToStructure(
284  pinnedPacket.AddrOfPinnedObject(), typeof(WinData.FileNetworkInformation));
285  pinnedPacket.Free();
286 
287  ret = "creation time:" + FormatDateTime(networkInfo.CreationTime) + " ";
288  ret += "last access time:" + FormatDateTime(networkInfo.LastAccessTime) + " ";
289  ret += "last write time:" + FormatDateTime(networkInfo.LastWriteTime) + " ";
290  ret += "file size:" + networkInfo.FileSize.ToString() + " ";
291  ret += "file attributes:" + ((FileAttributes)networkInfo.FileAttributes).ToString();
292  break;
293  }
294 
295  case WinData.FileInfomationClass.FileInternalInformation:
296  {
297  long fileId = BitConverter.ToInt64(data, 0);
298  ret = "FileId: (0x)" + fileId.ToString("X");
299  break;
300  }
301  }
302 
303  break;
304  }
305  }
306  catch (Exception ex)
307  {
308  Console.WriteLine("Format data failed." + ex.Message);
309  ret = ex.Message;
310  }
311 
312  return ret;
313  }
314 
315  static string FormatStatus(uint status)
316  {
317  string ret = string.Empty;
318 
319  foreach (NtStatus.Status ntStatus in Enum.GetValues(typeof(NtStatus.Status)))
320  {
321  if (status == (uint)ntStatus)
322  {
323  ret = ntStatus.ToString() + "(0x" + status.ToString("X") + ")";
324  }
325  }
326 
327  if (string.IsNullOrEmpty(ret))
328  {
329  ret = "(0x" + status.ToString("X") + ")";
330  }
331 
332  return ret;
333  }
334 
335  static string FormatInfoClass(FilterAPI.MessageType messageType, uint infoClass)
336  {
337  string ret = string.Empty;
338 
339  if (FilterAPI.MessageType.PRE_QUERY_SECURITY == messageType
340  || FilterAPI.MessageType.PRE_SET_SECURITY == messageType
341  || FilterAPI.MessageType.POST_QUERY_SECURITY == messageType
342  || FilterAPI.MessageType.POST_SET_SECURITY == messageType)
343  {
344  ret = ((WinData.SecurityInformation)(infoClass)).ToString();
345  }
346  else if (infoClass > 0)
347  {
348  ret = ((WinData.FileInfomationClass)infoClass).ToString();
349  }
350  else
351  {
352  ret = string.Empty;
353  }
354 
355  return ret;
356  }
357 
358 
359  }
360 }
userName
WCHAR * userName
Definition: FilterAPI.h:604
processName
WCHAR * processName
Definition: FilterAPI.h:596
EaseFilter.CommonObjects.NtStatus.Status
Status
A NT status value.
Definition: NtStatus.cs:23
data
LONGLONG data
Definition: FilterAPI.h:521

Social Network


Services Overview

Architect, implement and test file system filter drivers for a wide range of functionality. We can offer several levels of assistance to meet your specific.

Contact Us

You are welcome to contact us for salse or partnership.

Sales: sales@easefilter.com
Support: support@easefilter.com
Info: info@easefilter.com

© Copyright EaseFilter Inc..