File Protector and File Access Control SDK

Posted 2024-02-01 08:55:10

Using EaseFilter Filter Driver SDK

EaseFilter File System Filter Driver SDK is a kernel component module which is sitting on the layer between the I/O manager and the file system. A file system filter driver intercepts requests targeted at a file system or another file system filter driver. By intercepting the request before it reaches its intended target, the filter driver can extend or replace functionality provided by the original target of the request.

When a user application invokes a win32 API to a file, the filter driver can intercept this I/O, based on the policies was set with the filter rule, the I/O information can be sent to the user, or be modified/blocked the access based on the setting as below figure.

File Protector and File Access Control SDK

File System Filter Driver

The filter driver programming is certainly a challenge, to simplify your development and to provide you with a robust and well-tested file system filter driver that works with all versions and patch releases of the Windows operating systems supported by Microsoft, EaseFilter SDK provides you a complete, modular environment for building active file system filter driver in your application.

How To Track the File Change Events?

With the EaseFilter File Monitor Filter Driver SDK, you can track the file change events by registering the event type you are interested in it, the notification will be sent when the file was changed after the file handle was closed. With the file change event, you will know the user name, process name, file name and the event type.

File Monitor

If you want to get the notification when a new file was created, you can register the event “NotifyFileWasCreated”. If you want to get the notification when a file was written with data, you can register the event “NotifyFileWasWritten”. If you want to get the notification when a file was moved or renamed, you can register the event “NotifyFileWasRenamed”. If you want to get the notification when a file was deleted, you can register the event “NotifyFileWasDeleted”. If you want to get the notification when a file’s security was changed, you can register the event “NotifyFileSecurityWasChanged”. If you want to get the notification when a file’s information( file attributes, file time, file size) was changed, you can register the event “NotifyFileInfoWasChanged”.

How To Track the File I/O in Real Time?

With the EaseFilter File Monitor Filter Driver SDK, you can get the file I/O information after the file I/O was completed and returned from the file system. The common file I/O information includes the user name, process name, file name, file attributes, file size and the I/O return status, you will get the error code if the I/O was not succeeded. For every different type’s file I/O, it has its own specific I/O data. For a create I/O, comes from a CreateFile win32 API, you will get the file create options, create result, a file was opened, created, overwritten or failed to open. For a read, write I/O, you will know the read or write offset, read or write length, read or write data and the return read or write length if it was succeeded. For a query or set file information I/O, you will know the information class and the data.

How To Control the File I/O in Real Time?

With the EaseFilter File Control Filter Driver SDK, you can control the file I/O with two options, one option is set the file control access flag in the pre-define filter rule, with the access flags, you can block any file I/O, block the file create, file open, file read, file write, file change, file rename and file delete. With this option, you can setup the control policies based on the file name, user name or the process name. The pros of this option is simple and efficient, the cons is the control policies have to be predefined.

file control

The other option to control the file I/O is to register the pre file I/O callback function, then you will get the callback before the file I/O goes down to the file system, in your callback function you can block or pass this file I/O based on the file I/O information. The pros of this option is you can control the file I/O dynamically, the cons is the slow performance.

How To Encrypt the File Automatically?

With the EaseFilter File System Encryption Filter Driver SDK, it provides you an on access file based encryption solution. The encryption filter driver will integrate the encryption or decryption process in the same read or write I/O, it can improve the encryption performance dramatically without the extra IO needed.

To encrypt the file automatically with the EaseFilter Encryption Filter Driver SDK, you can either setup the master encryption key in the filter rule, then you can encrypt all the files with the same encryption key and an unique initial vector. Or you can setup a callback function in the filter rule, then you can get the encryption key and initial vector from the callback function, with this option, you can have the unique encryption key for every file, you can set up the central key management service.

encrypt file automatically

You can authorize the encrypted file access to the specific users or processes with the filter rule policy setting. You also can setup the filter rule policy to disable the specific users or processes to read the encrypted data, it will only get the raw encrypted data, for example the backup software, copy software, they need to get the raw encrypted file.

For every encrypted file, a header was appended to the file, you can put your own control meta data there as the digital rights management. With the digital rights management you can authorize the users or processes to read the file, or block the unauthorized users or processes to your files.

A C# Code Snippet to Use the Filter Driver SDK

Here is an example to use the File Monitor Filter Driver SDK, to demonstrate how to create a file filter rule to get the notification events when the file was changed. It also demonstrates how to register the file I/O callback functions. When the file I/O was triggered, the callback function will be invoked.

About Company

We specialize in file system filter driver development. We architect, implement and test file system filter drivers for a wide range of functionalities. We can offer several levels of assistance to meet your specific needs.

Secure file sharing with digital rights management(DRM), share files with fully control, grant or revoke the file access at any time.

Implement file audit, file access control, file protection and encryption Windows applications with C#,C++ demo source code.

Click Here For more Info- https://www.easefilter.com/

Social Media Profile Links

https://www.facebook.com/profile.php?id=100069526841944

https://twitter.com/easefilter

https://github.com/EaseFilterSDK

https://www.linkedin.com/company/easefilter-technologies-inc./

File_Protector_and_File_Access_Control_SDK

Please log in to like, share and comment!