AddPassthroughRule Method

Adds a passthrough rule.

Syntax

ANSI (Cross Platform)
int AddPassthroughRule(const char* lpszMask, int iAccessFlags, int64 lControlFlags, int64 lNotifyFlags);

Unicode (Windows)
INT AddPassthroughRule(LPCWSTR lpszMask, INT iAccessFlags, LONG64 lControlFlags, LONG64 lNotifyFlags);
#define MID_CBFILTER_ADDPASSTHROUGHRULE 6

CBFSFILTER_EXTERNAL int CBFSFILTER_CALL CBFSFilter_CBFilter_Do(void *lpObj, int methid, int cparam, void *param[], int cbparam[], int64 *lpllVal);

Remarks

This method adds a passthrough rule for the files and directories that match the specified Mask. Each rule in a ruleset is uniquely identified by its mask; if a rule with the specified mask already exists, the new rule's parameters are merged into it.

If the rule is added successfully, this method returns true; otherwise, it returns false.

Passthrough rules exclude matching files and directories from being processed by other filter rules.

The Mask parameter must be a valid file mask according to the File Masks topic. Only the files and directories which match the specified mask will be covered by the rule.

The AccessFlags parameter specifies which access restrictions the class's system driver should lift from matching files and directories. The value passed for this parameter should be constructed by OR'ing together zero or more of the following flags:

ACCESS_NONE0x00No access restrictions.

ACCESS_READ_ONLY0x01Read-only access; writing and deleting is prohibited.

ACCESS_WRITE_ONLY0x02Write-only access; reading and deleting is prohibited.

ACCESS_DELETE_PROTECT0x04Deletion and renaming is prohibited.

ACCESS_EXECUTE_PROTECT0x08Execution is prohibited.

ACCESS_NO_CHANGE_DAC0x10Change of security attributes is prohibited.

ACCESS_NO_CHANGE_OWNER0x20Change of owner is prohibited.

ACCESS_RENAME_PROTECT0x40Renaming is prohibited.

ACCESS_DELETE_ONLY_PROTECT0x80Deletion is prohibited (renaming is not affected).

ACCESS_REMOTE_ACCESS_PROTECT0x100Access from other systems is prohibited.

ACCESS_DENY_ALL0x200All access is denied.

ACCESS_ALL_FLAGS-1Used to denote all currently set access restriction flags.

The ControlFlags parameter specifies which filesystem operations the class should not fire Control Events for. The value passed for this parameter should be constructed by OR'ing together zero or more of the following flags:

FS_CE_NONE0Don't fire for any filesystem operations.

Control Events will not fire for any filesystem operations.

FS_CE_BEFORE_CREATE0x000000000001LFire before file creation operations.

The BeforeCreateFile event will fire anytime the OS attempts to create a file or directory. In some cases, can cause the BeforeOpenFile event to fire; refer to the File Create/Open Events topic for more information.

FS_CE_AFTER_CREATE0x000000000002LFire after file creation operations.

The AfterCreateFile event will fire after a file or directory creation request has been processed, before the response is returned. In some cases, can cause the AfterOpenFile event to fire; refer to the File Create/Open Events topic for more information.

FS_CE_BEFORE_OPEN0x000000000004LFire before file open operations.

The BeforeOpenFile event will fire anytime the OS attempts to open a file or directory. In some cases, can cause the BeforeCreateFile event to fire; refer to the File Create/Open Events topic for more information.

FS_CE_AFTER_OPEN0x000000000008LFire after file open operations.

The AfterOpenFile event will fire after a file or directory open request has been processed, before the response is returned. In some cases, can cause the AfterCreateFile event to fire; refer to the File Create/Open Events topic for more information.

FS_CE_BEFORE_READ0x000000000010LFire before read operations.

The BeforeReadFile event will fire anytime the OS attempts to read data from a file.

FS_CE_AFTER_READ0x000000000020LFire after read operations.

The AfterReadFile event will fire after a read request has been processed, before the response is returned.

FS_CE_BEFORE_WRITE0x000000000040LFire before write operations.

The BeforeWriteFile event will fire anytime the OS attempts to write data to a file.

FS_CE_AFTER_WRITE0x000000000080LFire after write operations.

The AfterReadFile event will fire after a write request has been processed, before the response is returned.

FS_CE_BEFORE_LOCK_CONTROL0x000000000100LFire before lock and unlock operations.

The BeforeLock, BeforeUnlockAll, BeforeUnlockAllByKey, and BeforeUnlockSingle events will fire, as applicable, before the OS attempts to lock or unlock a range of bytes in a file.

FS_CE_AFTER_LOCK_CONTROL0x000000000200LFire before and after lock and unlock operations.

The AfterLock, AfterUnlockAll, AfterUnlockAllByKey, and AfterUnlockSingle, events will fire, as applicable, after a lock or unlock request has been processed, before the response is returned.

FS_CE_BEFORE_CLEANUP0x000000000400LFire before file handle cleanup operations.

The BeforeCleanupFile event will fire anytime a process closes a file or directory handle.

FS_CE_AFTER_CLEANUP0x000000000800LFire after file handle cleanup operations.

The AfterCleanupFile event will fire after a file handle cleanup request has been processed, before the response is returned.

FS_CE_BEFORE_CLOSE0x000000001000LFire before file close operations.

The BeforeCloseFile event will fire anytime the OS closes a file or directory. Also, the AfterCloseEnumeration event will fire anytime the OS closes a directory enumeration (which typically occurs immediately before the directory is closed).

FS_CE_AFTER_CLOSE0x000000002000LFire after file close operations.

The AfterCloseFile event will fire after a file/directory close request has been processed, before the response is returned.

FS_CE_BEFORE_CAN_DELETE0x000000004000LFire before 'can be deleted' operations.

The BeforeCanFileBeDeleted event will fire anytime the OS checks whether a file or directory can be deleted.

FS_CE_AFTER_CAN_DELETE0x000000008000LFire after 'can be deleted' operations.

The AfterCanFileBeDeleted event will fire after a 'can be deleted' request has been processed, before the response is returned.

FS_CE_BEFORE_DELETE0x000000010000LFire before delete operations

The BeforeDeleteFile event will fire anytime the OS attempts to delete a file or directory.

FS_CE_AFTER_DELETE0x000000020000LFire after delete operations.

The AfterDeleteFile event will fire after a delete request has been processed, before the response is returned.

FS_CE_BEFORE_RENAME0x000000040000LFire before rename/move operations.

The BeforeRenameOrMoveFile event will fire anytime the OS attempts to rename or move a file or directory.

FS_CE_AFTER_RENAME0x000000080000LFire after rename/move operations.

The AfterRenameOrMoveFile event will fire after a rename or move request has been processed, before the response is returned.

FS_CE_BEFORE_GET_SECURITY0x000000100000LFire before get security operations.

The BeforeGetFileSecurity event will fire before the OS queries the security attributes of a file or directory.

FS_CE_AFTER_GET_SECURITY0x000000200000LFire after get security operations.

The AfterGetFileSecurity events will fire after a get security operation has been processed, before the response is returned.

FS_CE_AFTER_ENUMERATE_DIRECTORY0x000000800000LFire for directory enumeration operations.

The AfterEnumerateDirectory event will fire after information about a directory entry has been retrieved during directory enumeration, before the response is returned.

FS_CE_BEFORE_QUERY_FILE_INFO0x000001000000LFire before 'query file information' operations.

The BeforeQueryFileInfo event will fire anytime the OS needs to retrieve information about a file or directory.

FS_CE_AFTER_QUERY_FILE_INFO0x000002000000LFire after 'query file information' operations.

The AfterQueryFileInfo event will fire after a file or directory information query request has been processed, before the response is returned.

FS_CE_AFTER_GET_SIZES0x000008000000LFire after get size operations.

The AfterGetFileSizes event will fire after a file's size information is retrieved, before the response is returned.

FS_CE_BEFORE_SET_SECURITY0x000010000000LFire before set security operations.

The BeforeSetFileSecurity event will fire anytime the OS needs to change the security attributes of a file or directory.

FS_CE_AFTER_SET_SECURITY0x000020000000LFire after set security operations.

The AfterSetFileSecurity event will fire after a security attributes change request has been processed, before the response is returned.

FS_CE_BEFORE_SET_ATTRIBUTES0x000040000000LFire before file attribute update operations.

The BeforeSetFileAttributes event will fire anytime the OS attempts to change the attributes of a file or directory.

FS_CE_AFTER_SET_ATTRIBUTES0x000080000000LFire after file attribute update operations.

The AfterSetFileAttributes event will fire after a file attributes change request has been processed, before the response is returned.

FS_CE_BEFORE_SET_SIZES0x000100000000LFire before file resize operations.

The BeforeSetFileSize event will fire anytime the OS attempts to resize a file, and the BeforeSetAllocationSize event will fire anytime the OS attempts to change a file's allocation size.

FS_CE_AFTER_SET_SIZES0x000200000000LFire after file resize operations.

The AfterSetFileSize event will fire after a file resize request has been processed, and the AfterSetAllocationSize event will fire after a file allocation size change request has been processed, before the response is returned.

FS_CE_BEFORE_CREATE_HARD_LINK0x000400000000LFire before hard link creation operations.

The BeforeCreateHardLink event will fire anytime the OS attempts to create a hard link.

FS_CE_AFTER_CREATE_HARD_LINK0x000800000000LFire after hard link creation operations.

The AfterCreateHardLink events will fire after a hard link creation request has been processed, before the response is returned.

FS_CE_BEFORE_FSCTL0x001000000000LFire before FSCTL operations.

The BeforeFsctl event will fire anytime an IRP_MJ_FILE_SYSTEM_CONTROL request occurs.

FS_CE_AFTER_FSCTL0x002000000000LFire after FSCTL operations.

The AfterFsctl event will fire after an IRP_MJ_FILE_SYSTEM_CONTROL request has been processed, before the response is returned.

FS_CE_BEFORE_IOCTL0x004000000000LFire before IOCTL operations.

The BeforeIoctl event will fire anytime an IRP_MJ_DEVICE_CONTROL request occurs.

FS_CE_AFTER_IOCTL0x008000000000LFire after IOCTL operations.

The AfterIoctl event will fire after an IRP_MJ_DEVICE_CONTROL request has been processed, before the response is returned.

FS_CE_BEFORE_SET_FILE_INFO0x010000000000LFire before 'set file information' operations.

The BeforeSetFileInfo event will fire anytime the OS needs to change information about a file or directory.

FS_CE_AFTER_SET_FILE_INFO0x020000000000LFire after 'set file information' operations.

The AfterSetFileInfo event will fire after a file or directory information change request has been processed, before the response is returned.

FS_CE_REPARSE_FILENAME0x100000000000LFire before various operations for the purpose of file redirection.

The ReparseFileName event will fire before any operation that includes a file or directory name, giving the application a chance to redirect it. This is event is typically used when an application requires more advanced redirection logic than Reparse Rules can provide; please refer to that topic for more information.

FS_CE_REPARSE_TAG0x200000000000LFire for reparse operations.

The ReparseWithTag event will fire anytime a file/directory open operation returns a STATUS_REPARSE result, allowing the application to handle the reparse point. Please refer to Microsoft's Reparse Points article for more information.

FS_CE_ALL-1Fire for all filesystem operations.

Control Events will fire for all filesystem operations.

The NotifyFlags parameter specifies which filesystem operations the class should not fire Notification Events for. The value passed for this parameter should be constructed by OR'ing together zero or more of the following flags:

FS_NE_NONE0Don't fire for any filesystem operations.

Notification Events will not fire for any filesystem operations.

FS_NE_CREATE0x00000001LFire for file creation operations.

The NotifyCreateFile event will fire anytime the OS creates a file or directory. In some cases, can cause the NotifyOpenFile event to fire; refer to the File Create/Open Events topic for more information.

FS_NE_OPEN0x00000002LFire for file open operations.

The NotifyOpenFile event will fire anytime the OS opens a file or directory. In some cases, can cause the NotifyCreateFile event to fire; refer to the File Create/Open Events topic for more information.

FS_NE_READ0x00000004LFire for read operations.

The NotifyReadFile event will fire anytime the OS reads data from a file.

FS_NE_WRITE0x00000008LFire for write operations.

The NotifyWriteFile event will fire anytime the OS write data to a file.

FS_NE_LOCK_CONTROL0x00000010LFire for lock and unlock operations.

The NotifyLock, NotifyUnlockAll, NotifyUnlockAllByKey, and NotifyUnlockSingle events will fire, as applicable, anytime the OS locks or unlocks a range of bytes in a file.

FS_NE_CLEANUP0x00000020LFire for file handle cleanup operations.

The NotifyCleanupFile event will fire anytime a process closes a file or directory handle.

FS_NE_CLOSE0x00000040LFire for file close operations.

The NotifyCloseFile event will fire anytime the OS closes a file or directory.

FS_NE_CAN_DELETE0x00000080LFire for 'can be deleted' operations.

The NotifyCanFileBeDeleted event will fire anytime the OS checks whether a file or directory can be deleted.

FS_NE_DELETE0x00000100LFire for delete operations.

The NotifyDeleteFile event will fire anytime the OS deletes a file or directory.

FS_NE_RENAME0x00000200LFire for rename/move operations.

The NotifyRenameOrMoveFile event will fire anytime the OS renames or moves a file or directory.

FS_NE_GET_SECURITY0x00000400LFire for get security operations.

The NotifyGetFileSecurity event will fire anytime the OS queries the security attributes of a file or directory.

FS_NE_ENUMERATE_DIRECTORY0x00000800LFire for directory enumeration operations.

The NotifyEnumerateDirectory event will fire anytime the OS retrieves a directory entry during directory enumeration.

FS_NE_QUERY_FILE_INFO0x00001000LFire for QueryFileInformation operations.

The NotifyQueryFileInfo event will fire anytime the OS retrieves information about a file or directory.

FS_NE_GET_SIZES0x00002000LFire for get size operations.

The NotifyGetFileSizes event will fire anytime the OS retrieves a file's size information.

FS_NE_SET_SECURITY0x00004000LFire for set security operations.

The NotifySetFileSecurity event will fire anytime the OS changes the security attributes of a file or directory.

FS_NE_SET_ATTRIBUTES0x00008000LFire for file attribute update operations.

The NotifySetFileAttributes event will fire anytime the OS changes the attributes of a file or directory.

FS_NE_SET_SIZES0x00010000LFire for file resize operations.

The NotifySetFileSize event will fire anytime the OS resizes a file, and the NotifySetAllocationSize event will fire anytime the OS changes a file's allocation size.

FS_NE_CREATE_HARD_LINK0x00020000LFire for hard link creation operations.

The NotifyCreateHardLink event will fire anytime the OS creates a hard link.

FS_NE_FSCTL0x00040000LFire for FSCTL operations.

The NotifyFsctl event will fire anytime an IRP_MJ_FILE_SYSTEM_CONTROL operation occurs.

FS_NE_IOCTL0x00080000LFire for IOCTL operations.

The NotifyIoctl event will fire anytime an IRP_MJ_DEVICE_CONTROL operation occurs.

FS_NE_SET_FILE_INFO0x00100000LFire for SetFileInformation operations.

The NotifySetFileInfo event will fire anytime the OS changed information about a file or directory.

FS_NE_ALL-1Fire for all filesystem operations.

Notification Events will fire for all filesystem operations.

Note: The methods and properties related to rule management are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads (such as, e.g., during the AfterFilterAttachToVolume and AfterFilterDetachFromVolume events) are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of the rule lists occurs in a thread-safe manner.

Error Handling (C++)

This method returns a Boolean value; after it returns, call the GetLastErrorCode() method to obtain its result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message.

Copyright (c) 2022 Callback Technologies, Inc. - All rights reserved.
CBFS Filter 2020 C++ Edition - Version 20.0 [Build 8317]