CBRegistry Class

Properties   Methods   Events   Configuration Settings   Errors  

The CBRegistry class allows applications to intercept and control registry requests.

Syntax

CBRegistry

Remarks

The CBRegistry class gives applications the ability to intercept and registry requests, allowing them to be altered, handled, blocked, etc. Applications use standard filter rules to specify which requests they're interested in intercepting; and special filter rules to enforce access restrictions.

To learn more about the class's capabilities, please refer to the product's General Information topics.

Getting Started

  1. If the class's system driver hasn't been installed yet, call the Install method to do so. This only needs to be done once.
    • In production, the driver can be installed (or updated) ahead-of-time by the application's installation script using the Installer DLL. Please refer to the Driver Installation topic for more information.
  2. Call the Initialize method to initialize the CBRegistry class. This must be done each time the application starts.
  3. Add one or more filter rules using methods like AddFilterRule. (Rules can also be added/removed after the filter is started.)
  4. Call the StartFilter method to start filtering filesystem requests.
  5. When finished, call the StopFilter method to stop filtering filesystem requests.
  6. To uninstall the class's system driver, call the Uninstall method. This should not be done as part of the driver upgrade process.
    • In production, the driver can be uninstalled by the application's uninstallation script using the Installer DLL. Please refer to the Driver Installation topic for more information.

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

ActiveWhether the class is active and processing requests.
AltitudeThe altitude the class's system driver should use.
DefaultRuleCountThe number of records in the DefaultRule arrays.
DefaultRuleAccessFlagsThe access restrictions enforced by the rule.
DefaultRuleMaskA registry key mask that determines which registry keys match the rule.
FilterRuleCountThe number of records in the FilterRule arrays.
FilterRuleAccessFlagsThe access restrictions enforced by the rule.
FilterRuleControlFlagsWhich control events the rule causes the class to fire.
FilterRuleMaskA registry key mask that determines which registry keys match the rule.
PassthroughRuleCountThe number of records in the PassthroughRule arrays.
PassthroughRuleAccessFlagsThe access restrictions lifted by the rule.
PassthroughRuleControlFlagsWhich control events the rule prevents the class from firing.
PassthroughRuleMaskA registry key mask that determines which registry keys match the rule.
SerializeEventsWhether events should be fired on a single worker thread, or many.
TagStores application-defined data specific to this instance of the class.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

AddDefaultRuleAdds a default rule.
AddFilteredProcessByIdAdds a process, by PID, to the list of filtered processes.
AddFilteredProcessByNameAdds a process, by name, to the list of filtered processes.
AddFilterRuleAdds a standard filter rule or access rule.
AddIgnoredProcessByIdAdds a process, by PID, to the list of ignored processes.
AddIgnoredProcessByNameAdds a process, by name, to the list of ignored processes.
AddPassthroughRuleAdds a passthrough rule.
CloseDefaultRulesSnapshotCloses the previously-created default rules snapshot.
ConfigSets or retrieves a configuration setting.
CreateDefaultRulesSnapshotCreates a snapshot of information about the default rules that have been added.
DeleteAllFilterRulesDeletes all standard filter rules.
DeleteAllPassthroughRulesDeletes all passthrough rules.
DeleteDefaultRuleDeletes a particular default rule.
DeleteFilterRuleDeletes a particular standard filter rule or access rule.
DeletePassthroughRuleDeletes a particular passthrough rule.
GetDriverStatusRetrieves the status of the class's system driver.
GetDriverVersionRetrieves the version of the class's system driver.
GetOriginatorProcessIdRetrieves the Id of the process (PID) that initiated the operation.
GetOriginatorProcessNameRetrieves the name of the process that initiated the operation.
GetOriginatorThreadIdRetrieves the Id of the thread that initiated the operation.
GetOriginatorTokenRetrieves the security token associated with the process that initiated the operation.
InitializeInitializes the class.
InstallInstalls (or upgrades) the class's system driver.
RemoveFilteredProcessByIdRemoves a process, by PID, from the list of filtered processes.
RemoveFilteredProcessByNameRemoves a process, by name, from the list of filtered processes.
RemoveIgnoredProcessByIdRemoves a process, by PID, from the list of ignored processes.
RemoveIgnoredProcessByNameRemoves a process, by name, from the list of ignored processes.
ResetTimeoutResets the timeout duration for the current event handler.
ShutdownSystemShuts down or reboots the operating system.
StartFilterStart filtering registry operations.
StopFilterStop filtering registry operations.
SuspendDefaultRulesSuspends all default rules until the application exits.
UninstallUninstalls the class's system driver.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

AfterCloseKeyFires after a registry key is closed.
AfterCreateKeyFires after a registry key is created.
AfterDeleteKeyFires after a registry key is deleted.
AfterDeleteValueFires after a registry value is deleted.
AfterEnumerateKeyFires after a subkey's information is retrieved during key enumeration.
AfterEnumerateValueFires after a registry value's information is retrieved during key value enumeration.
AfterOpenKeyFires after a registry key is opened.
AfterQueryKeyFires after a registry key's information is retrieved.
AfterQueryValueFires after a registry value's information is retrieved.
AfterRenameKeyFires after a registry key is renamed.
AfterSetKeyFires after a registry key's information is updated.
AfterSetValueFires after a registry value is set or updated.
BeforeCloseKeyFires before a registry key is closed.
BeforeCreateKeyFires before a registry key is created.
BeforeDeleteKeyFires before a registry key is deleted.
BeforeDeleteValueFires before a registry value is deleted.
BeforeEnumerateKeyFires before a subkey's information is retrieved during key enumeration.
BeforeEnumerateValueFires before a registry value's information is retrieved during key value enumeration.
BeforeOpenKeyFires before a registry key is opened.
BeforeQueryKeyFires before a registry key's information is retrieved.
BeforeQueryValueFires before a registry value's information is retrieved.
BeforeRenameKeyFires before a registry key is renamed.
BeforeSetKeyFires before a registry key's information is updated.
BeforeSetValueFires before a registry value is set or updated.
CleanupKeyContextFires when the application-defined data stored in a registry key context needs be cleaned up.
CloseKeyHandleFires when an application-provided registry key handle should be closed.
ErrorFires if an unhandled error occurs during an event.
WorkerThreadCreationFires just after a new worker thread is created.
WorkerThreadTerminationFires just before a worker thread is terminated.

Configuration Settings


The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

FilterOwnRequestsWhether the class's system driver should filter requests made by the application itself.
ForceAdminRightsForDefaultRulesSpecifies whether default rules can be added or deleted only by administrators.
LoggingEnabledWhether extended logging is enabled.
MaxWorkerThreadCountThe maximum number of worker threads to use to fire events.
MinWorkerThreadCountThe minimum number of worker threads to use to fire events.
ResolveNtNameToWin32NameWhether key names in NT native format are translated to common Win32 format.
WorkerInitialStackSizeThe initial stack size to create worker threads with.
BuildInfoInformation about the product's build.
LicenseInfoInformation about the current license.

Copyright (c) 2022 Callback Technologies, Inc. - All rights reserved.
CBFS Filter 2020 C++ Edition - Version 20.0 [Build 8317]