submit 5.5.1.1

Author: EaseFilterSDK

Diff for: AutoEncryptDemo.exe

@@ -194,7 +194,7 @@ int _tmain(int argc, _TCHAR* argv[])
 				allPostIO |= POST_SET_INFORMATION|POST_DIRECTORY|POST_QUERY_SECURITY|POST_SET_SECURITY|POST_CLEANUP|POST_CLOSE;
 
 			WCHAR* fileFilterMask = L"c:\\test\\*";
-			ULONG ioCallbackClass = allPostIO;
+			ULONGLONG ioCallbackClass = allPostIO;
 			ULONG accessFlag = ALLOW_MAX_RIGHT_ACCESS;		
 
 			if (argc >= 3)
@@ -244,7 +244,8 @@ int _tmain(int argc, _TCHAR* argv[])
 				fileFilterRule.ControlFileIOEventFilter = ioCallbackClass;
 
 				//You can allow/block the file rename/delete in the callback handler by register PRE_RENAME_FILE|PRE_DELETE_FILE.
-				//fileFilterRule.ControlFileIOEventFilter = PRE_CREATE|PRE_RENAME_FILE|PRE_DELETE_FILE;	
+				//ULONGLONG preIOCallbackClass = PRE_RENAME_FILE|PRE_DELETE_FILE;
+				//fileFilterRule.ControlFileIOEventFilter = preIOCallbackClass;
 
 				//disable the file being renamed, deleted and written access rights.
 				ULONG processAccessRights = accessFlag & (~(ALLOW_FILE_RENAME|ALLOW_FILE_DELETE|ALLOW_WRITE_ACCESS));
@@ -258,7 +259,7 @@ int _tmain(int argc, _TCHAR* argv[])
 
 			//Register the volume event notification with volume control setting.
 			//you can block the USB read with flag BLOCK_USB_READ or write with flag BLOCK_USB_WRITE.
-			filterControl->VolumeControlSettings = BLOCK_USB_READ|BLOCK_USB_WRITE;
+			//filterControl->VolumeControlSettings = BLOCK_USB_READ|BLOCK_USB_WRITE;
 
 			//you can get the block message notification by the access flag with below setting.
 			//set global boolean config
@@ -284,7 +285,7 @@ int _tmain(int argc, _TCHAR* argv[])
 
 			getchar();
 
-			//the process can be termiated now.
+			//the process can be terminated now.
 			//RemoveProtectedProcessId(GetCurrentProcessId());
 
 			break;
@@ -295,47 +296,58 @@ int _tmain(int argc, _TCHAR* argv[])
 
 			UnInstallDriver();
 			Sleep(2000);
-			
-			ret = InstallDriver();	
-			if( !ret )
+
+			ret = InstallDriver();
+			if (!ret)
 			{
-				PrintLastErrorMessage( L"InstallDriver failed.");
+				PrintLastErrorMessage(L"InstallDriver failed.");
 				break;
 			}
 
 			WCHAR* fileFilterMask = L"c:\\test\\*";
-			ULONG ioRegistration = 0;
-			ULONG accessFlag = ALLOW_MAX_RIGHT_ACCESS|ENABLE_FILE_ENCRYPTION_RULE;			
-			
-			filterType = FILE_SYSTEM_ENCRYPTION;	
 
-			if( argc >= 3 )
+			if (argc >= 3)
 			{
 				fileFilterMask = argv[2];
-			}			
-			
+			}
+
+			//by default all users/processes will get the raw encrypted data
+			//it meant by default all users/processes are in blacklist
+			ULONG accessFlag = (ALLOW_MAX_RIGHT_ACCESS | ENABLE_FILE_ENCRYPTION_RULE) & (~ALLOW_READ_ENCRYPTED_FILES);
+
+			//by default all users/processes will get the decrypted data
+			//it meant by default all users/processes are in whitelist
+			//ULONG accessFlag = (ALLOW_MAX_RIGHT_ACCESS | ENABLE_FILE_ENCRYPTION_RULE);
+
+			filterType = FILE_SYSTEM_ENCRYPTION | FILE_SYSTEM_PROCESS;
+
 			FileFilterRule fileFilterRule(fileFilterMask);
 			fileFilterRule.AccessFlag = accessFlag;
 
 			//if we enable the encryption key from service, you can authorize the decryption for every file
-            //in the callback function OnFilterRequestEncryptKey, with this flag enabled, you don't need to set the encryption key.
+			//in the callback function OnFilterRequestEncryptKey, with this flag enabled, you don't need to set the encryption key.
 			//fileFilterRule.BooleanConfig |= REQUEST_ENCRYPT_KEY_IV_AND_TAGDATA_FROM_SERVICE;
 
 			//if you have a master key, you can set it here, or if you want to get the encryption key from the callback function then don't set the key here.
-			//256 bit,32bytes encrytpion key
-			unsigned char key[] = {0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4};
-			if(!fileFilterRule.set_EncryptionKey(key,sizeof(key)))
+			//256 bit,32bytes encryption key
+			unsigned char key[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 };
+			if (!fileFilterRule.set_EncryptionKey(key, sizeof(key)))
 			{
 				break;
 			}
 
-			//get raw encrypted data access rights.
-			ULONG rawEncryptionRights = accessFlag & (~ALLOW_READ_ENCRYPTED_FILES);
-			//disable the explorer to read encrypted file, explorer will get the raw encrypted data.
-			//so you can copy the encrypted file to other place in Windows explorer, the file will be kept encrypted. 
-			//this feature requires the process filter driver feature, it need to enable the process filter driver.
-			filterType |= FILE_SYSTEM_PROCESS;
-			fileFilterRule.AddAccessRightsToProcessName(L"explorer.exe", rawEncryptionRights);
+			//set the blacklist of the process, if the default filter rule is whitelist to all users/processes.
+			//ULONG rawEncryptionRights = ALLOW_MAX_RIGHT_ACCESS & (~ALLOW_READ_ENCRYPTED_FILES);
+			//fileFilterRule.AddAccessRightsToProcessName(L"explorer.exe", rawEncryptionRights);
+
+			//set the whitelist for the user "AzureAD\\Alice"
+			//fileFilterRule.AddAccessRightsToUserName(L"AzureAD\\Alice", ALLOW_MAX_RIGHT_ACCESS);
+
+			//set the whitelist for the process "wordpad.exe"
+			fileFilterRule.AddAccessRightsToProcessName(L"wordpad.exe", ALLOW_MAX_RIGHT_ACCESS);
+
+			//set the whitelist for the process "notepad.exe"
+			fileFilterRule.AddAccessRightsToProcessName(L"notepad.exe", ALLOW_MAX_RIGHT_ACCESS);
 
 			filterControl->AddFileFilter(fileFilterRule);
 
@@ -368,7 +380,7 @@ int _tmain(int argc, _TCHAR* argv[])
 
 
 			WCHAR* processFilterMask = L"*";
-			ULONG controlFlag  = PROCESS_CREATION_NOTIFICATION|PROCESS_TERMINATION_NOTIFICATION|THREAD_CREATION_NOTIFICATION|THREAD_TERMINIATION_NOTIFICATION; 
+			ULONG controlFlag  = PROCESS_CREATION_NOTIFICATION|PROCESS_TERMINATION_NOTIFICATION|THREAD_CREATION_NOTIFICATION|THREAD_TERMINATION_NOTIFICATION; 
 
 			//if you want to block the application in c:\test folder to be launched, you can use below setting:
 			//controlFlag = DENY_NEW_PROCESS_CREATION;
@@ -448,7 +460,7 @@ int _tmain(int argc, _TCHAR* argv[])
 			registryFilterRule.RegistryKeyNameFilterMask = keyNameFilterMask;
 
 			//you can block the registry key being renamed/deleted/created.
-			controlFlag = REG_MAX_ACCESS_FLAG & (~(REG_ALLOW_RENAME_KEY | REG_ALLOW_DELETE_KEY | REG_ALLOW_CREATE_KEY));
+			//controlFlag = REG_MAX_ACCESS_FLAG & (~(REG_ALLOW_RENAME_KEY | REG_ALLOW_DELETE_KEY | REG_ALLOW_CREATE_KEY));
 
 			registryFilterRule.ControlFlag = controlFlag;
 			registryFilterRule.RegCallbackClass = Max_Reg_Callback_Class;

Diff for: AutoFileCryptTool.exe

@@ -13,7 +13,7 @@
 
 //Purchase a license key with the link: http://www.EaseFilter.com/Order.htm
 //Email us to request a trial key: [email protected] //free email is not accepted.
-#define	registerKey "*****************************************"
+#define	registerKey "**************************************"
 
 #define MESSAGE_SEND_VERIFICATION_NUMBER	0xFF000001
 #define	INET_ADDR_STR_LEN					22
@@ -196,23 +196,23 @@ typedef enum _FilterCommand
 	/// </summary>
 	FILTER_SEND_PROCESS_CREATION_INFO = 0x00010008,
 	/// <summary>
-	/// send the process termination ifnormation
+	/// send the process termination information
 	/// </summary>
 	FILTER_SEND_PROCESS_TERMINATION_INFO = 0x00010009,
 	/// <summary>
 	/// send the new thread creation information
 	/// </summary>
 	FILTER_SEND_THREAD_CREATION_INFO = 0x0001000a,
 	/// <summary>
-	/// send the thread termination ifnormation
+	/// send the thread termination information
 	/// </summary>
 	FILTER_SEND_THREAD_TERMINATION_INFO = 0x0001000b,
 	/// <summary>
 	/// send the process handle operations information
 	/// </summary>
 	FILTER_SEND_PROCESS_HANDLE_INFO = 0x0001000c,
 	/// <summary>
-	/// send the thread handle operations ifnormation
+	/// send the thread handle operations information
 	/// </summary>
 	FILTER_SEND_THREAD_HANDLE_INFO = 0x0001000d,
 	/// <summary>
@@ -519,7 +519,7 @@ typedef enum  _ProcessControlFlag
     /// </summary>
     DENY_NEW_PROCESS_CREATION = 0x00000001,
 	/// <summary>
-    /// send the callback reqeust before the process is going to be terminated.
+    /// send the callback request before the process is going to be terminated.
 	/// you can block the process termination in the callback function.
     /// </summary>
     PROCESS_PRE_TERMINATION_REQUEST = 0x00000002,
@@ -528,7 +528,7 @@ typedef enum  _ProcessControlFlag
     /// </summary>
     PROCESS_CREATION_NOTIFICATION      = 0x00000100,
     /// <summary>
-    ///get a notification when a process was termiated 
+    ///get a notification when a process was terminated 
     /// </summary>
     PROCESS_TERMINATION_NOTIFICATION   = 0x00000200,
     /// <summary>
@@ -541,9 +541,9 @@ typedef enum  _ProcessControlFlag
     /// </summary>
     THREAD_CREATION_NOTIFICATION       = 0x00000800,
     /// <summary>
-    /// get a notification when a thread was termiated 
+    /// get a notification when a thread was terminated 
     /// </summary>
-    THREAD_TERMINIATION_NOTIFICATION   = 0x00001000,
+    THREAD_TERMINATION_NOTIFICATION   = 0x00001000,
     /// <summary>
     /// get a notification for thread handle operations, when a handle for a process
     /// is being created or duplicated.
@@ -815,7 +815,7 @@ typedef enum _AccessFlag
     /// <summary>
     /// Allow the file open to access the file's security information.
     /// </summary>
-    ALLOW_OPEN_WTIH_ACCESS_SYSTEM_SECURITY = 0x00000010,
+    ALLOW_OPEN_WITH_ACCESS_SYSTEM_SECURITY = 0x00000010,
     /// <summary>
     /// Allow the file open for read access.
     /// </summary>
@@ -943,15 +943,15 @@ typedef enum _BooleanConfig
     /// </summary>
     ENABLE_ADD_MESSAGE_TO_FILE = 0x00000010,
     /// <summary>
-    /// the encrypted file's meta data was embeded in the reparse point tag, it is for the previous version 5.0.
+    /// the encrypted file's meta data was embedded in the reparse point tag, it is for the previous version 5.0.
     /// </summary>
     ENCRYPT_FILE_WITH_REPARSE_POINT_TAG = 0x00000020,  
     /// <summary>
     /// for encryption rule, get the encryption key and IV from user mode for the encrypted files.
     /// </summary>
     REQUEST_ENCRYPT_KEY_AND_IV_FROM_SERVICE = 0x00000040,  
     /// <summary>
-    /// for control filter, if it is enabled, the control filte rulle will be applied in boot time.
+    /// for control filter, if it is enabled, the control filter rule will be applied in boot time.
     /// </summary>
     ENABLE_PROTECTION_IN_BOOT_TIME = 0x00000080,  
     /// <summary>
@@ -963,7 +963,7 @@ typedef enum _BooleanConfig
     /// </summary>
     ENABLE_SEND_DATA_BUFFER = 0x00000200,      
 	/// <summary>
-    /// if it is enabled, it will reopen the file when rehydration of the stub file.
+    /// if it is enabled, it will reopen the file during rehydration of the stub file.
     /// </summary>
     ENABLE_REOPEN_FILE_ON_REHYDRATION = 0x00000400,    
 	/// <summary>
@@ -1016,7 +1016,7 @@ typedef enum _BooleanConfig
 typedef struct _MESSAGE_SEND_DATA 
 {
 	 /// <summary>
-    ///the verification number which verifiys the data structure integerity.
+    ///the verification number which verifies the data structure integerity.
     /// </summary>
     ULONG VerificationNumber;
     /// <summary>
@@ -1622,7 +1622,7 @@ AddUserRightsToFilterRule(WCHAR* filterMask,  WCHAR* userName, ULONG accessFlags
 
 /// <summary>
 /// Get sha256 hash of the file, you need to allocate the 32 bytes array to get the sha256 hash.
-/// hashBytesLength is the input byte array length, and the outpou lenght of the hash.
+/// hashBytesLength is the input byte array length, and the outpout length of the hash.
 /// </summary>
 extern "C" __declspec(dllexport) 
 BOOL
@@ -1897,7 +1897,7 @@ ActivateLicense(
 /// </summary>
 /// <param name="processNameLength">The length of the process name string in bytes</param>
 /// <param name="processName">The process name to be filtered, all processes if it is '*' </param>
-/// <param name="processId">set the processId if you want filter with id instead of the process name</param>
+/// <param name="processId">set the processId if you want to filter by id instead of the process name</param>
 /// <param name="userNameLength">the user name length if you want to filter the user name</param>
 /// <param name="userName">the user name filter mask</param>
 /// <param name="registryKeyNameLength">set the registry key name filter if you want to filter by the key name</param>
@@ -1908,7 +1908,7 @@ ActivateLicense(
 extern "C" __declspec(dllexport) 
 BOOL
 AddRegistryFilterRule(	    
-	ULONG		prcoessNameLength,
+	ULONG		processNameLength,
 	WCHAR*		processName,
 	ULONG		processId, 
 	ULONG		userNameLength,
@@ -1954,7 +1954,7 @@ RemoveRegistryFilterRuleByProcessId(
 extern "C" __declspec(dllexport) 
 BOOL
 RemoveRegistryFilterRuleByProcessName(
-	ULONG		prcoessNameLength,
+	ULONG		processNameLength,
 	WCHAR*		processName );
 
 /// <summary>
@@ -1967,15 +1967,15 @@ RemoveRegistryFilterRuleByProcessName(
 extern "C" __declspec(dllexport) 
 BOOL
 AddProcessFilterRule(	
-	ULONG		prcoessNameMaskLength,
+	ULONG		processNameMaskLength,
 	WCHAR*		processNameMask,
 	ULONG		controlFlag,
 	ULONG		filterRuleId = 0 );
 
 extern "C" __declspec(dllexport) 
 BOOL
 RemoveProcessFilterRule(
-	ULONG		prcoessNameMaskLength,
+	ULONG		processNameMaskLength,
 	WCHAR*		processNameMask );
 
 /// <summary>
@@ -1989,7 +1989,7 @@ RemoveProcessFilterRule(
 extern "C" __declspec(dllexport) 
 BOOL
 AddFileControlToProcessByName(	
-	ULONG		prcoessNameMaskLength,
+	ULONG		processNameMaskLength,
 	WCHAR*		processNameMask,
 	ULONG		fileNameMaskLength,
 	WCHAR*		fileNameMask,
@@ -2010,7 +2010,7 @@ AddFileControlToProcessByName(
 extern "C" __declspec(dllexport) 
 BOOL
 AddFileCallbackIOToProcessByName(	
-	ULONG		prcoessNameMaskLength,
+	ULONG		processNameMaskLength,
 	WCHAR*		processNameMask,
 	ULONG		fileNameMaskLength,
 	WCHAR*		fileNameMask,
@@ -2023,7 +2023,7 @@ AddFileCallbackIOToProcessByName(
 extern "C" __declspec(dllexport) 
 BOOL
 RemoveFileControlFromProcessByName(	
-	ULONG		prcoessNameMaskLength,
+	ULONG		processNameMaskLength,
 	WCHAR*		processNameMask,
 	ULONG		fileNameMaskLength,
 	WCHAR*		fileNameMask);
@@ -2039,15 +2039,15 @@ RemoveFileControlFromProcessByName(
 extern "C" __declspec(dllexport) 
 BOOL
 AddFileControlToProcessById(	
-	ULONG		prcoessId,
+	ULONG		processId,
 	ULONG		fileNameMaskLength,
 	WCHAR*		fileNameMask,
 	ULONG		AccessFlag );
 
 extern "C" __declspec(dllexport) 
 BOOL
 RemoveFileControlFromProcessById(	
-	ULONG		prcoessId,
+	ULONG		processId,
 	ULONG		fileNameMaskLength,
 	WCHAR*		fileNameMask);
 
@@ -2098,4 +2098,25 @@ GetAESIV(
 	PULONG		ivSize,
 	BYTE*		ivBuffer);
 
+extern "C" __declspec(dllexport)
+BOOL
+AddExcludeProcessNameToRegistryFilterRule(WCHAR * processNameFilterMask, WCHAR * registryKeyNameFilterMask, WCHAR * excludeProcessNameFilterMask);
+
+extern "C" __declspec(dllexport)
+BOOL
+AddExcludeUserNameToRegistryFilterRule(WCHAR * processNameFilterMask, WCHAR * registryKeyNameFilterMask, WCHAR * excludeUserName);
+
+extern "C" __declspec(dllexport)
+BOOL
+AddExcludeKeyNameToRegistryFilterRule(WCHAR * processNameFilterMask, WCHAR * registryKeyNameFilterMask, WCHAR * excludeKeyName);
+
+
+extern "C" __declspec(dllexport)
+BOOL
+AddExcludeProcessNameToProcessFilterRule(WCHAR * processNameFilterMask, WCHAR * processName);
+
+extern "C" __declspec(dllexport)
+BOOL
+AddExcludeUserNameToProcessFilterRule(WCHAR * processNameFilterMask, WCHAR * userName);
+
 #endif//__SHARE_TYPE_H__