AddFilterRule Method

Adds a standard filter rule or access rule.

Syntax

int AddFilterRule(const char* lpszMask, int iAccessFlags, int64 lControlFlags);
INT AddFilterRule(LPCWSTR lpszMask, INT iAccessFlags, LONG64 lControlFlags);

Remarks

This method adds a standard filter rule and/or access rule for the registry keys that match the specified Mask. Each rule in a ruleset is uniquely identified by its mask; if a rule with the specified mask already exists, the new rule's parameters are merged into it. If the rule is added successfully, this method returns true; otherwise, it returns false.

Standard filter rules determine which registry operations, of those performed on matching registry keys, the class should fire its events for. Access rules instruct the class's system driver to apply certain access restrictions to matching registry keys.

The Mask parameter must be a valid registry key mask according to the Registry Key Masks topic. Only the registry keys which match the specified mask will be covered by the rule.

The AccessFlags parameter specifies which access restrictions the class's system driver should apply to matching registry keys. The value passed for this parameter should be constructed by OR'ing together zero or more of the following flags:

ACCESS_NONE0x00No access restrictions.

ACCESS_READ_ONLY0x01Read-only access; writing and deleting is prohibited.

ACCESS_WRITE_ONLY0x02Write-only access; reading and deleting is prohibited.

ACCESS_DELETE_PROTECT0x04Deletion and renaming is prohibited.

ACCESS_EXECUTE_PROTECT0x08Execution is prohibited.

ACCESS_NO_CHANGE_DAC0x10Change of security attributes is prohibited.

ACCESS_NO_CHANGE_OWNER0x20Change of owner is prohibited.

ACCESS_RENAME_PROTECT0x40Renaming is prohibited.

ACCESS_DELETE_ONLY_PROTECT0x80Deletion is prohibited (renaming is not affected).

ACCESS_REMOTE_ACCESS_PROTECT0x100Access from other systems is prohibited.

ACCESS_DENY_ALL0x200All access is denied.

ACCESS_ALL_FLAGS-1Used to denote all currently set access restriction flags.

The ControlFlags parameter specifies which registry operations the class should fire Control Events for. The value passed for this parameter should be constructed by OR'ing together zero or more of the following flags:

REG_CE_NONE0Don't fire for any registry operations.

Control Events will not fire for any registry operations.

REG_CE_BEFORE_CREATE_KEY0x00000001LFire before registry key creation operations.

The BeforeCreateKey event will fire anytime the OS attempts to create a registry key.

REG_CE_AFTER_CREATE_KEY0x00000002LFire after registry key creation operations.

The AfterCreateKey event will fire after a registry key creation request has been processed, before the response is returned.

REG_CE_BEFORE_OPEN_KEY0x00000004LFire before registry key open operations.

The BeforeOpenKey event will fire anytime the OS attempts to open a registry key.

REG_CE_AFTER_OPEN_KEY0x00000008LFire after registry key open operations.

The AfterOpenKey event will fire after a registry key open request has been processed, before the response is returned.

REG_CE_BEFORE_CLOSE_KEY0x00000010LFire before registry key close operations.

The BeforeCloseKey event will fire anytime the OS closes a registry key.

REG_CE_AFTER_CLOSE_KEY0x00000020LFire after registry key close operations.

The AfterCloseKey event will fire after a registry key close request has been processed, before the response is returned.

REG_CE_BEFORE_DELETE_KEY0x00000040LFire before registry key delete operations.

The BeforeDeleteKey event will fire anytime the OS attempts to delete a registry key.

REG_CE_AFTER_DELETE_KEY0x00000080LFire after registry key delete operations.

The AfterDeleteKey event will fire after a registry key delete request has been processed, before the response is returned.

REG_CE_BEFORE_RENAME_KEY0x00000100LFire before registry key rename operations.

The BeforeRenameKey event will fire anytime the OS attempts to rename a registry key.

REG_CE_AFTER_RENAME_KEY0x00000200LFire after registry key rename operations.

The AfterRenameKey event will fire after a registry key rename request has been processed, before the response is returned.

REG_CE_BEFORE_ENUM_KEY0x00000400LFire before subkey enumeration operations.

The BeforeEnumerateKey event will fire anytime the OS attempts to enumerate a registry key's subkeys.

REG_CE_AFTER_ENUM_KEY0x00000800LFire after subkey enumeration operations.

The AfterEnumerateKey event will fire after a subkey enumeration request has been processed, before the response is returned.

REG_CE_BEFORE_QUERY_KEY0x00001000LFire before registry key metadata retrieval operations.

The BeforeQueryKey event will fire anytime the OS attempts to retrieve a registry key's metadata.

REG_CE_AFTER_QUERY_KEY0x00002000LFire after registry key metadata retrieval operations.

The AfterQueryKey event will fire after a registry key metadata retrieval request has been processed, before the response is returned.

REG_CE_BEFORE_SET_KEY0x00004000LFire before registry key metadata update operations.

The BeforeSetKey event will fire anytime the OS attempts to a registry key's metadata.

REG_CE_AFTER_SET_KEY0x00008000LFire after registry key metadata update operations.

The AfterSetKey event will fire after a registry key metadata update request has been processed, before the response is returned.

REG_CE_BEFORE_DELETE_VALUE0x00010000LFire before registry value delete operations.

The BeforeDeleteValue event will fire anytime the OS attempts to delete a registry value.

REG_CE_AFTER_DELETE_VALUE0x00020000LFire after registry value delete operations.

The AfterDeleteValue event will fire after a registry value delete request has been processed, before the response is returned.

REG_CE_BEFORE_ENUM_VALUE0x00040000LFire before value enumeration operations.

The BeforeEnumerateValue event will fire anytime the OS attempts to enumerate a registry key's values.

REG_CE_AFTER_ENUM_VALUE0x00080000LFire after value enumeration operations.

The AfterEnumerateValue event will fire after a value enumeration request has been processed, before the response is returned.

REG_CE_BEFORE_QUERY_VALUE0x00100000LFire before registry value query operations.

The BeforeQueryValue event will fire anytime the OS attempts to query a registry value.

REG_CE_AFTER_QUERY_VALUE0x00200000LFire after registry value query operations.

The AfterQueryValue event will fire after a registry value query request has been processed, before the response is returned.

REG_CE_BEFORE_SET_VALUE0x00400000LFire before registry value set/update operations.

The BeforeSetValue event will fire anytime the OS attempts to set or update a registry value.

REG_CE_AFTER_SET_VALUE0x00800000LFire after registry value set/update operations.

The AfterSetValue event will fire after a registry value set or update request has been processed, before the response is returned.

REG_CE_ALL-1Fire for all registry operations.

Control Events will fire for all registry operations.

Note: The methods and properties related to rule management are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of the rule lists occurs in a thread-safe manner.

Error Handling (C++)

This method returns a Boolean value; after it returns, call the GetLastErrorCode() method to obtain its result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message.

 
 
Copyright (c) 2020 Callback Technologies, Inc. - All rights reserved.
CBFS Filter 2020 C++ Edition - Version 20.0 [Build 7543]