search

wjcsharp / accessch

Automatically exported from code.google.com/p/accessch
0 stars 1 forks source link

Project summary isn't clear enough #1

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
I am first time reader at this project.
I got here because of my interest (I was googling for PFLT_FILTER definition)
The summary says:  "access check sample utility and driver"

And I am unable to understand what it is about.

I suppose other people also want to know what exact access (network, local 
resources, user) the project is about.  So they (including me) could expect 
it's functionality in a more clear way (without browsing and analysing the src:)

S.
PS: Thanks for putting such interesting and rare topic (wdk, minifilters) 
opensource way :)

Original issue reported on code.google.com by sauli...@gmail.com on 1 Sep 2010 at 2:34

GoogleCodeExporter commented 9 years ago 
accessch sample, contain two folders: drv (source code for driver) and usr 
(sample utility wich interact with driver).
drv implement file interceptor, filtering system and some interface for 
communcation with subscriber.

current version stable for usage in any OS Windows (XP sp2 or higher)...

ps. If You have any question about fltmgr or writing minifiler it is better to 
e-mail me (i will answer much faster) :)

Original comment by Andrey.S...@gmail.com on 20 Sep 2010 at 4:24

GoogleCodeExporter commented 9 years ago

Original comment by Andrey.S...@gmail.com on 20 Sep 2010 at 4:34

GoogleCodeExporter commented 9 years ago 
So filtering in drv means file operations are intercepted, right?

Then next question follows: is the project's goal to do something active with 
those ops (eg. deny access to some file) or just to indicate they had happened?

Also can you briefly compare your project to ClamRT also?

S.
PS: thanks, when it's time, I will keep you in my questions queue.  Currently I 
was investigating how does Wine project behaves with Windows drivers it loads.

Original comment by sauli...@gmail.com on 20 Sep 2010 at 4:36

GoogleCodeExporter commented 9 years ago 
Yes, You absolutly right - drv intercept file events and provide some interface 
that allow deny access by criterials (access mask\mode\SID\PID\TID\LUID... via 
filtering system in driver ) or by content.
For example, i attach AV engine from Kaspersky to make private antivirus. My 
collegues used accessch driver + devctrl (another project) as base for some DLP 
solution (as demo for venture fond :))

ps. I started this projects especialy by theirs petition.

ClamRT is legacy driver, the same target - provide IO mechanism for AV checks.

Original comment by Andrey.S...@gmail.com on 21 Sep 2010 at 7:50