submit 5.3.4.1

Demo_Source_Code/CommonObjects/ControlFilterRuleSettigs.cs

@@ -52,6 +52,7 @@ public ControlFilterRuleSettigs(FileFilterRule _filterRule)
             textBox_PassPhrase.Text = filterRule.EncryptionPassPhrase;
             textBox_HiddenFilterMask.Text = filterRule.HiddenFileFilterMasks;
             textBox_ReparseFileFilterMask.Text = filterRule.ReparseFileFilterMask;
+            textBox_EncryptWriteBufferSize.Text = filterRule.EncryptWriteBufferSize.ToString();
 
             SetCheckBoxValue();
 
@@ -227,6 +228,8 @@ private void button_SaveControlSettings_Click(object sender, EventArgs e)
                 {
                     filterRule.EncryptMethod = (int)FilterAPI.EncryptionMethod.ENCRYPT_FILE_WITH_KEY_IV_AND_TAGDATA_FROM_SERVICE;
                 }
+
+                filterRule.EncryptWriteBufferSize = uint.Parse(textBox_EncryptWriteBufferSize.Text);
             }
 
             if (textBox_HiddenFilterMask.Text.Trim().Length > 0)
@@ -625,9 +628,9 @@ private void button_InfoPassPhrase_Click(object sender, EventArgs e)
             MessageBox.Show("Enable the encryption feature and set the encryption key phrase for generating the encryption key.");
         }
 
-        private void button_InfoEncryptKeyLenght_Click(object sender, EventArgs e)
+        private void button_EnableEncryptionKeyFromService_Click(object sender, EventArgs e)
         {
-            MessageBox.Show("Set the encryption key lenght for the file encryption.");
+            MessageBox.Show("If this is enabled, all encryption/decryption will get the encryption key from the callback service, you also can embed the custom tag data to the new created encrypted file.");
         }
 
         private void button_HideFileFilterMask_Click(object sender, EventArgs e)
@@ -673,6 +676,11 @@ private void button_InfoSignedProcessRights_Click(object sender, EventArgs e)
             MessageBox.Show("Add the trusted process which was signed with the certificate to filter rule, only the authenticated process can access the files. ");
         }
 
+        private void button_EncryptWriteBufferSize_Click(object sender, EventArgs e)
+        {
+            MessageBox.Show("If the encrypt write buffer size is greater than 0, then the small buffer encryption write will be combined together to a bigger buffer, and write it to the disk.");
+        }
+
 
 
     }

Demo_Source_Code/CommonObjects/FilterRuleForm.cs

@@ -38,6 +38,7 @@ public FilterRuleForm()
             //set the default value for the new filter rule.
             filterRule.IncludeFileFilterMask = "c:\\test\\*";
             filterRule.EncryptMethod = (int)FilterAPI.EncryptionMethod.ENCRYPT_FILE_WITH_SAME_KEY_AND_UNIQUE_IV;
+            filterRule.EncryptWriteBufferSize = 1048576;
             filterRule.RegisterMonitorFileEvents = (uint)(FilterAPI.FileChangedEvents.NotifyFileWasCreated | FilterAPI.FileChangedEvents.NotifyFileWasDeleted | FilterAPI.FileChangedEvents.NotifyFileInfoWasChanged
                 | FilterAPI.FileChangedEvents.NotifyFileWasRenamed | FilterAPI.FileChangedEvents.NotifyFileWasWritten | FilterAPI.FileChangedEvents.NotifyFileSecurityWasChanged | FilterAPI.FileChangedEvents.NotifyFileWasRead);
 

Demo_Source_Code/CommonObjects/FilterRuleSection.cs

@@ -303,6 +303,17 @@ public int EncryptionKeySize
             set { base["encryptionKeySize"] = value; }
         }
 
+        /// <summary>
+        /// If the encrypt write buffer size is greater than 0, then the small buffer encryption write will be combined together to a bigger buffer,
+        /// and write it to the disk.
+        /// </summary>
+        [ConfigurationProperty("encryptWriteBufferSize", IsRequired = false)]
+        public uint EncryptWriteBufferSize
+        {
+            get { return (uint)base["encryptWriteBufferSize"]; }
+            set { base["encryptWriteBufferSize"] = value; }
+        }
+
 
         /// <summary>
         /// the file access control flags for the filter rule.
@@ -437,6 +448,7 @@ public FileFilterRule Copy()
             dest.FilterDesiredAccess = FilterDesiredAccess;
             dest.FilterDisposition = FilterDisposition;
             dest.EnableMonitorEventBuffer = EnableMonitorEventBuffer;
+            dest.EncryptWriteBufferSize = EncryptWriteBufferSize;
 
             return dest;
         }
@@ -455,6 +467,7 @@ public FileFilter ToFileFilter()
                 fileFilter.FilterDesiredAccess = FilterDesiredAccess;
                 fileFilter.FilterDisposition = FilterDisposition;
                 fileFilter.EnableMonitorEventBuffer = EnableMonitorEventBuffer;
+                fileFilter.EncryptWriteBufferSize = EncryptWriteBufferSize;
 
                 string[] excludeFileFilterMasks = ExcludeFileFilterMasks.Split(new char[] { ';' });
                 if (excludeFileFilterMasks.Length > 0)

Demo_Source_Code/CommonObjects/ProcessFilterSetting.cs

@@ -38,7 +38,7 @@ private void InitSelectedFilterRule()
             {
                 selectedFilterRule = new ProcessFilterRule();
                 selectedFilterRule.ProcessNameFilterMask = "*";
-                selectedFilterRule.ControlFlag = 16130;
+                selectedFilterRule.ControlFlag = 770;
             }
 
             if (selectedFilterRule.ProcessId.Length > 0 && selectedFilterRule.ProcessId != "0" )

Demo_Source_Code/EaseFltCPPDemo/CPlusPlusDemo.cpp

@@ -80,6 +80,8 @@ Return Value
 	printf( "EaseFltCPPDemo m c:\\filterTest\\*  ----- monitor filter driver with default settings.\r\n" );
 	printf( "EaseFltCPPDemo c c:\\filterTest\\*  ----- control filter driver with default settings.\r\n" );
 	printf( "EaseFltCPPDemo c c:\\filterTest\\*  0 33393264   ---control filter driver, prevent files from being changed.\r\n" );
+	printf( "EaseFltCPPDemo P *(processNameFilterMask) controlFlag ---process filter driver to monitor/control process activities.\r\n");
+	printf( "EaseFltCPPDemo r *(processNameFilterMask) *(keyNameFilterMask)  controlFlag ---registry filter driver to monitor/control registry activities.\r\n");
 
 }
 
@@ -210,9 +212,9 @@ int _tmain(int argc, _TCHAR* argv[])
 			ULONG ioCallbackClass = allPostIO;
 			ULONG accessFlag = ALLOW_MAX_RIGHT_ACCESS;		
 
-			if( argc >= 3 )
+			if (argc >= 3)
 			{
-				fileFilterMask = argv[2];
+				fileFilterMask = argv[2];			
 			}
 
 			//To get the I/O callback registration class, you can check the IOCallbackClass for your reference.
@@ -224,16 +226,14 @@ int _tmain(int argc, _TCHAR* argv[])
 			if( argc >= 5 )
 			{
 				accessFlag = std::stoul (argv[4],nullptr,10);
-			}
-
-			_tprintf(_T("Start Monitor %s  ioCallbackClass:0X%0X accessFlag:0X%0X \n\n Press any key to stop.\n"),fileFilterMask,ioCallbackClass,accessFlag);			
+			}					
 
 			FilterControl* filterControl = FilterControl::GetSingleInstance();
 
 			FileFilterRule fileFilterRule(fileFilterMask);
 			fileFilterRule.AccessFlag = accessFlag;
 			fileFilterRule.BooleanConfig = ENABLE_MONITOR_EVENT_BUFFER;
-			fileFilterRule.FileChangeEventFilter = FILE_WAS_CREATED|FILE_WAS_WRITTEN|FILE_WAS_RENAMED|FILE_WAS_DELETED;
+			fileFilterRule.FileChangeEventFilter = FILE_WAS_CREATED|FILE_WAS_WRITTEN|FILE_WAS_RENAMED|FILE_WAS_DELETED|FILE_WAS_READ;
 			fileFilterRule.MonitorFileIOEventFilter = ioCallbackClass;
 
 			if( filterType == FILE_SYSTEM_CONTROL)
@@ -273,6 +273,15 @@ int _tmain(int argc, _TCHAR* argv[])
 			filterControl->globalBooleanConfig = globalBooleanConfig;
 
 			filterControl->StartFilter(filterType,threadCount,connectionTimeout,registerKey);
+
+			if (op == 'm')
+			{
+				_tprintf(_T("Start Monitor filter, fileFilterMask=%s  ioCallbackClass:0X%0X accessFlag:0X%0X \n\n Press any key to stop.\n"), fileFilterMask, ioCallbackClass, accessFlag);
+			}
+			else
+			{
+				_tprintf(_T("Start control filter, fileFilterMask=%s  ioCallbackClass:0X%0X accessFlag:0X%0X \n\n Press any key to stop.\n"), fileFilterMask, ioCallbackClass, accessFlag);
+			}
 
 			//prevent the current process from being terminated.
 			//AddProtectedProcessId(GetCurrentProcessId());
@@ -365,7 +374,6 @@ int _tmain(int argc, _TCHAR* argv[])
 				return 1;
 			}
 
-			_tprintf(_T("Start process filter driver test, press any key to stop.\n\n"));
 
 			WCHAR* processFilterMask = L"*";
 			ULONG controlFlag  = PROCESS_CREATION_NOTIFICATION|PROCESS_TERMINATION_NOTIFICATION|THREAD_CREATION_NOTIFICATION|THREAD_TERMINIATION_NOTIFICATION; 
@@ -399,6 +407,8 @@ int _tmain(int argc, _TCHAR* argv[])
 
 			filterControl->StartFilter(filterType,threadCount,connectionTimeout,registerKey);
 
+			_tprintf(_T("Start Process filter, processFilterMask=%s  controlFlag:0X%0X \n\n Press any key to stop.\n"), processFilterMask, controlFlag);
+
 			getchar();
 
 			filterControl->StopFilter();
@@ -427,15 +437,37 @@ int _tmain(int argc, _TCHAR* argv[])
 			FilterControl* filterControl = FilterControl::GetSingleInstance();
 
 			WCHAR* processNameFilterMask = L"*";
+			WCHAR* keyNameFilterMask = L"*";
+
+			if (argc >= 3)
+			{
+				processNameFilterMask = argv[2];
+			}
+
+			if (argc >= 4)
+			{
+				keyNameFilterMask = argv[3];
+			}
+
+			ULONG callbackClass = Max_Reg_Callback_Class;
+			if (argc >= 5)
+			{
+				callbackClass = std::stoul(argv[5], nullptr, 10);
+			}
+
 			RegistryFilterRule registryFilterRule(processNameFilterMask);
 
+			registryFilterRule.RegistryKeyNameFilterMask = keyNameFilterMask;
+
 			//you can block the registry key being renamed or deleted.
 			//ULONG controlFlag = REG_MAX_ACCESS_FLAG & (~(REG_ALLOW_RENAME_KEY|REG_ALLOW_DELETE_KEY));
-			registryFilterRule.ControlFlag = REG_MAX_ACCESS_FLAG;
+			registryFilterRule.ControlFlag = callbackClass;
 			registryFilterRule.RegCallbackClass = Max_Reg_Callback_Class;
 
 			filterControl->AddRegistryFilter(registryFilterRule);
 			filterControl->StartFilter(filterType,threadCount,connectionTimeout,registerKey);
+
+			_tprintf(_T("Start Registry filter, processNameFilterMask=%s keyNameFilterMask=%s controlFlag:0X%0X \n\n Press any key to stop.\n"), processNameFilterMask, keyNameFilterMask, callbackClass);
 
 			getchar();
 

Demo_Source_Code/EaseFltCPPDemo/FilterAPI.h

@@ -13,7 +13,7 @@
 
 //Purchase a license key with the link: http://www.EaseFilter.com/Order.htm
 //Email us to request a trial key: [email protected] //free email is not accepted.
-#define	registerKey "***************************************"
+#define	registerKey "**************************************"
 
 #define MESSAGE_SEND_VERIFICATION_NUMBER	0xFF000001
 #define	INET_ADDR_STR_LEN					22
@@ -990,6 +990,24 @@ typedef enum _BooleanConfig
 	/// if it is true, it will block the encrypted file to be renamed to different folder.
 	/// </summary>
 	DISABLE_RENAME_ENCRYPTED_FILE = 0x00008000,
+    /// <summary>
+    /// if it is true, it will disable the file synchronization for file reading for CloudTier.
+    /// </summary>
+    DISABLE_FILE_SYNCHRONIZATION = 0x00010000,
+    /// <summary>
+    /// if it is true, the data protection will continue even the service process is stopped.
+    /// </summary>
+    ENABLE_PROTECTION_IF_SERVICE_STOPPED = 0x00020000,
+    /// <summary>
+    /// if it is true and write encrypt info to cache is enabled, it will signal the system thread to write cache data to disk right away.
+    /// </summary>
+    ENABLE_SIGNAL_WRITE_ENCRYPT_INFO_EVENT = 0x00020000,
+    /// <summary>
+    ///enable this feature when accessFlag "ALLOW_SAVE_AS" or "ALLOW_COPY_PROTECTED_FILES_OUT" was disabled.
+    ///by default we don't enable this feature, because of the drawback of these two flags were disabled 
+    ///which will block all new file creation of the process which was read the protected files.
+    /// </summary>
+    ENABLE_BLOCK_SAVE_AS_FLAG = 0x00040000,
 
 } BooleanConfig;
 
@@ -1192,9 +1210,24 @@ typedef enum _FileEventType
 	FILE_SECURITY_CHANGED			= 0x00000200,
 	FILE_INFO_CHANGED				= 0x00000400,
 	FILE_WAS_READ					= 0x00000800,
+    FILE_WAS_COPIED                 = 0x00001000,
 
 } FileEventType, *PFileEventType;
 
+//This is the enumeration of the file copy flags.
+typedef enum _FILE_COPY_FLAG
+{
+    //this is the source file for copy in the open.
+    CREATE_FLAG_FILE_SOURCE_OPEN_FOR_COPY = 0x00000001,
+    //this is the dest file for copy in the open.
+    CREATE_FLAG_FILE_DEST_OPEN_FOR_COPY = 0x00000002,
+    //this is the source file read for file copy.
+    READ_FLAG_FILE_SOURCE_FOR_COPY = 0x00000004,
+    //this is the destination file write for file copy.
+    WRITE_FLAG_FILE_DEST_FOR_COPY = 0x00000008,
+
+} FILE_COPY_FLAG;
+
 //
 // Define the various device characteristics flags
 //

Demo_Source_Code/EaseFltCPPDemo/FilterControl.cpp

@@ -388,10 +388,13 @@ FilterControl::SendRegistryFilterRuleToFilter(RegistryFilterRule* registryFilter
 BOOL
 FilterControl::SendConfigSettingsToFilter()
 {
-	if (!ResetConfigData())
+    if (ProcessFilterRules.size() > 0 || RegistryFilterRules.size() > 0 || FileFilterRules.size() > 0)
     {
-        PrintLastErrorMessage(L"ResetConfigData failed.");
-        return false;
+        if (!ResetConfigData())
+        {
+            PrintLastErrorMessage(L"ResetConfigData failed.");
+            return false;
+        }
     }
 
     if (!SetConnectionTimeout(connectionTimeout))

Demo_Source_Code/EaseFltCPPDemo/FilterControl.h

@@ -203,6 +203,18 @@
 				Description += L"The file was renamed to " + newFileName;
             }
 
+            if ((messageSend->InfoClass & FILE_WAS_COPIED) > 0)
+            {
+                if (messageSend->DataBufferLength > 0)
+                {
+                    newFileName.assign((WCHAR*)messageSend->DataBuffer);
+                }
+
+                eventType |= FILE_WAS_COPIED;
+                EventName.append(L"NotifyFileWasCopied;");
+                Description += L"The file was copied from " + newFileName;
+            }
+
             if ((messageSend->InfoClass & FILE_SECURITY_CHANGED ) > 0)
             {
                 eventType |= FILE_SECURITY_CHANGED;
@@ -232,9 +244,27 @@
         /// It indicates that the new file was created if it is true.
         /// </summary>
         BOOL isNewFileCreated ;
+        /// <summary>
+        /// It indicates that this is file copy source file open.
+        /// </summary>
+        BOOL isFileCopySource;
+        /// <summary>
+        /// It indicates that this is file copy dest file open.
+        /// </summary>
+        BOOL isFileCopyDest;
 
         FileCreateEventArgs(PMESSAGE_SEND_DATA messageSend) : FileIOEventArgs(messageSend)
-        {                       
+        {        
+            if ((messageSend->InfoClass & CREATE_FLAG_FILE_SOURCE_OPEN_FOR_COPY) > 0)
+            {
+                isFileCopySource = true;
+            }
+
+            if ((messageSend->InfoClass & CREATE_FLAG_FILE_DEST_OPEN_FOR_COPY) > 0)
+            {
+                isFileCopyDest = true;
+            }
+
             if (    messageSend->Status == 0 
                 && POST_CREATE == messageSend->MessageType)
             {
@@ -267,7 +297,7 @@
 
                 }
 
-            }        
+            }    
 
 			if ((messageSend->CreateOptions & FILE_DELETE_ON_CLOSE) > 0)
             {
@@ -279,6 +309,16 @@
                 isDeleteOnClose = false;
             }
 
+            if (isFileCopySource)
+            {
+                Description = L"FileCopy source file open." + Description;
+            }
+
+            if (isFileCopyDest)
+            {
+                Description = L"FileCopy dest file open." + Description;
+            }
+
 		}
 	};
 
@@ -336,6 +376,11 @@
 
 			Description =  L"ReadType:" + readType + L",ReadOffset:" + std::to_wstring(offset) + L",ReadLength:" + std::to_wstring((ULONGLONG)readLength) 
 				+ L",returnReadLength:" + std::to_wstring((ULONGLONG)returnReadLength);
+
+            if ((messageSend->InfoClass & READ_FLAG_FILE_SOURCE_FOR_COPY) > 0)
+            {
+                Description = L"FileCopy source file read." + Description;
+            }
 
         }
     };
@@ -399,6 +444,11 @@
 
 			Description = L"WriteType:" + writeType +  L",WriteOffset:" + std::to_wstring(offset) + L",writeLength:" + std::to_wstring((ULONGLONG)writeLength) 
 				+ L",WrittenLength:" + std::to_wstring((ULONGLONG)writtenLength);
+
+            if ((messageSend->InfoClass & WRITE_FLAG_FILE_DEST_FOR_COPY) > 0)
+            {
+                Description = L"FileCopy dest file write." + Description;
+            }
         }
     };
 

Demo_Source_Code/FilterControl/EncryptionFilter.cs

@@ -44,6 +44,17 @@ partial class FileFilter
         /// </summary>
         byte[] encryptionIV = null;
 
+        uint encryptWriteBufferSize = 0;
+
+        /// <summary>
+        /// If the encrypt write buffer size is greater than 0, then the small buffer encryption write will be combined together to a bigger buffer, 
+        /// and write it to the disk.
+        /// </summary>
+        public uint EncryptWriteBufferSize
+        {
+            get { return encryptWriteBufferSize; }
+            set { encryptWriteBufferSize = value; }
+        }      
 
         /// <summary>
         /// Enable the encryption feature when it is true