CBFS Filter 2020 Python Edition

Questions / Feedback?

CBRegistry Class

Properties   Methods   Events   Configuration Settings   Errors  

The CBRegistry class allows applications to intercept and control registry requests.

Syntax

class cbfsfilter.CBRegistry

Remarks

The CBRegistry class gives applications the ability to intercept and registry requests, allowing them to be altered, handled, blocked, etc. Applications use standard filter rules to specify which requests they're interested in intercepting; and special filter rules to enforce access restrictions.

To learn more about the class's capabilities, please refer to the product's General Information topics.

Getting Started

  1. If the class's system driver hasn't been installed yet, call the install method to do so. This only needs to be done once.
    • In production, the driver can be installed (or updated) ahead-of-time by the application's installation script using the Installer DLL. Please refer to the Driver Installation topic for more information.
  2. Call the initialize method to initialize the CBRegistry class. This must be done each time the application starts.
  3. Add one or more filter rules using methods like add_filter_rule. (Rules can also be added/removed after the filter is started.)
  4. Call the start_filter method to start filtering filesystem requests.
  5. When finished, call the stop_filter method to stop filtering filesystem requests.
  6. To uninstall the class's system driver, call the uninstall method. This should not be done as part of the driver upgrade process.
    • In production, the driver can be uninstalled by the application's uninstallation script using the Installer DLL. Please refer to the Driver Installation topic for more information.

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

activeWhether the class is active and processing requests.
altitudeThe altitude the class's system driver should use.
default_rule_countThe number of records in the DefaultRule arrays.
default_rule_access_flagsThe access restrictions enforced by the rule.
default_rule_maskA registry key mask that determines which registry keys match the rule.
filter_rule_countThe number of records in the FilterRule arrays.
filter_rule_access_flagsThe access restrictions enforced by the rule.
filter_rule_control_flagsWhich control events the rule causes the class to fire.
filter_rule_maskA registry key mask that determines which registry keys match the rule.
passthrough_rule_countThe number of records in the PassthroughRule arrays.
passthrough_rule_access_flagsThe access restrictions lifted by the rule.
passthrough_rule_control_flagsWhich control events the rule prevents the class from firing.
passthrough_rule_maskA registry key mask that determines which registry keys match the rule.
serialize_eventsWhether events should be fired on a single worker thread, or many.
tagStores application-defined data specific to this instance of the class.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

add_default_ruleAdds a default rule.
add_filtered_process_by_idAdds a process, by PID, to the list of filtered processes.
add_filtered_process_by_nameAdds a process, by name, to the list of filtered processes.
add_filter_ruleAdds a standard filter rule or access rule.
add_ignored_process_by_idAdds a process, by PID, to the list of ignored processes.
add_ignored_process_by_nameAdds a process, by name, to the list of ignored processes.
add_passthrough_ruleAdds a passthrough rule.
close_default_rules_snapshotCloses the previously-created default rules snapshot.
configSets or retrieves a configuration setting.
create_default_rules_snapshotCreates a snapshot of information about the default rules that have been added.
delete_all_filter_rulesDeletes all standard filter rules.
delete_all_passthrough_rulesDeletes all passthrough rules.
delete_default_ruleDeletes a particular default rule.
delete_filter_ruleDeletes a particular standard filter rule or access rule.
delete_passthrough_ruleDeletes a particular passthrough rule.
get_driver_statusRetrieves the status of the class's system driver.
get_driver_versionRetrieves the version of the class's system driver.
get_originator_process_idRetrieves the Id of the process (PID) that initiated the operation.
get_originator_process_nameRetrieves the name of the process that initiated the operation.
get_originator_thread_idRetrieves the Id of the thread that initiated the operation.
get_originator_tokenRetrieves the security token associated with the process that initiated the operation.
initializeInitializes the class.
installInstalls (or upgrades) the class's system driver.
remove_filtered_process_by_idRemoves a process, by PID, from the list of filtered processes.
remove_filtered_process_by_nameRemoves a process, by name, from the list of filtered processes.
remove_ignored_process_by_idRemoves a process, by PID, from the list of ignored processes.
remove_ignored_process_by_nameRemoves a process, by name, from the list of ignored processes.
reset_timeoutResets the timeout duration for the current event handler.
shutdown_systemShuts down or reboots the operating system.
start_filterStart filtering registry operations.
stop_filterStop filtering registry operations.
suspend_default_rulesSuspends all default rules until the application exits.
uninstallUninstalls the class's system driver.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

on_after_close_keyFires after a registry key is closed.
on_after_create_keyFires after a registry key is created.
on_after_delete_keyFires after a registry key is deleted.
on_after_delete_valueFires after a registry value is deleted.
on_after_enumerate_keyFires after a subkey's information is retrieved during key enumeration.
on_after_enumerate_valueFires after a registry value's information is retrieved during key value enumeration.
on_after_open_keyFires after a registry key is opened.
on_after_query_keyFires after a registry key's information is retrieved.
on_after_query_valueFires after a registry value's information is retrieved.
on_after_rename_keyFires after a registry key is renamed.
on_after_set_keyFires after a registry key's information is updated.
on_after_set_valueFires after a registry value is set or updated.
on_before_close_keyFires before a registry key is closed.
on_before_create_keyFires before a registry key is created.
on_before_delete_keyFires before a registry key is deleted.
on_before_delete_valueFires before a registry value is deleted.
on_before_enumerate_keyFires before a subkey's information is retrieved during key enumeration.
on_before_enumerate_valueFires before a registry value's information is retrieved during key value enumeration.
on_before_open_keyFires before a registry key is opened.
on_before_query_keyFires before a registry key's information is retrieved.
on_before_query_valueFires before a registry value's information is retrieved.
on_before_rename_keyFires before a registry key is renamed.
on_before_set_keyFires before a registry key's information is updated.
on_before_set_valueFires before a registry value is set or updated.
on_cleanup_key_contextFires when the application-defined data stored in a registry key context needs be cleaned up.
on_close_key_handleFires when an application-provided registry key handle should be closed.
on_errorFires if an unhandled error occurs during an event.
on_worker_thread_creationFires just after a new worker thread is created.
on_worker_thread_terminationFires just before a worker thread is terminated.

Configuration Settings


The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

FilterOwnRequestsWhether the class's system driver should filter requests made by the application itself.
LoggingEnabledWhether extended logging is enabled.
MaxWorkerThreadCountThe maximum number of worker threads to use to fire events.
MinWorkerThreadCountThe minimum number of worker threads to use to fire events.
ResolveNtNameToWin32NameWhether key names in NT native format are translated to common Win32 format.
WorkerInitialStackSizeThe initial stack size to create worker threads with.
BuildInfoInformation about the product's build.
LicenseInfoInformation about the current license.

 
 
Copyright (c) 2020 Callback Technologies, Inc. - All rights reserved.
CBFS Filter 2020 Python Edition - Version 20.0 [Build 7501]