CBRegistry Class
Properties Methods Events Configuration Settings Errors
The CBRegistry class allows applications to intercept and control registry requests.
Syntax
cbfsfilter.Cbregistry
Remarks
The CBRegistry class gives applications the ability to intercept and registry requests, allowing them to be altered, handled, blocked, etc. Applications use standard filter rules to specify which requests they're interested in intercepting; and special filter rules to enforce access restrictions.
To learn more about the class's capabilities, please refer to the product's General Information topics.
Getting Started
- If the class's system driver hasn't been installed yet, call the Install method to do so. This only needs to be done once.
- In production, the driver can be installed (or updated) ahead-of-time by the application's installation script using the Installer DLL. Please refer to the Driver Installation topic for more information.
- Call the Initialize method to initialize the CBRegistry class. This must be done each time the application starts.
- Add one or more filter rules using methods like AddFilterRule. (Rules can also be added/removed after the filter is started.)
- Call the StartFilter method to start filtering filesystem requests.
- When finished, call the StopFilter method to stop filtering filesystem requests.
- To uninstall the class's system driver, call the Uninstall method. This should not be done as part of the driver upgrade process.
- In production, the driver can be uninstalled by the application's uninstallation script using the Installer DLL. Please refer to the Driver Installation topic for more information.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| Active | Whether the class is active and processing requests. |
| Altitude | The altitude the class's system driver should use. |
| DefaultRules | Collection of default rules. |
| FilterRules | Collection of filter rules. |
| PassthroughRules | Collection of passthrough rules. |
| SerializeEvents | Whether events should be fired on a single worker thread, or many. |
| Tag | Stores application-defined data specific to this instance of the class. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| AddDefaultRule | Adds a default rule. |
| AddFilteredProcessById | Adds a process, by PID, to the list of filtered processes. |
| AddFilteredProcessByName | Adds a process, by name, to the list of filtered processes. |
| AddFilterRule | Adds a standard filter rule or access rule. |
| AddIgnoredProcessById | Adds a process, by PID, to the list of ignored processes. |
| AddIgnoredProcessByName | Adds a process, by name, to the list of ignored processes. |
| AddPassthroughRule | Adds a passthrough rule. |
| CloseDefaultRulesSnapshot | Closes the previously-created default rules snapshot. |
| Config | Sets or retrieves a configuration setting. |
| CreateDefaultRulesSnapshot | Creates a snapshot of information about the default rules that have been added. |
| DeleteAllFilterRules | Deletes all standard filter rules. |
| DeleteAllPassthroughRules | Deletes all passthrough rules. |
| DeleteDefaultRule | Deletes a particular default rule. |
| DeleteFilterRule | Deletes a particular standard filter rule or access rule. |
| DeletePassthroughRule | Deletes a particular passthrough rule. |
| GetDriverStatus | Retrieves the status of the class's system driver. |
| GetDriverVersion | Retrieves the version of the class's system driver. |
| GetOriginatorProcessId | Retrieves the Id of the process (PID) that initiated the operation. |
| GetOriginatorProcessName | Retrieves the name of the process that initiated the operation. |
| GetOriginatorThreadId | Retrieves the Id of the thread that initiated the operation. |
| GetOriginatorToken | Retrieves the security token associated with the process that initiated the operation. |
| Initialize | Initializes the class. |
| Install | Installs (or upgrades) the class's system driver. |
| RemoveFilteredProcessById | Removes a process, by PID, from the list of filtered processes. |
| RemoveFilteredProcessByName | Removes a process, by name, from the list of filtered processes. |
| RemoveIgnoredProcessById | Removes a process, by PID, from the list of ignored processes. |
| RemoveIgnoredProcessByName | Removes a process, by name, from the list of ignored processes. |
| ResetTimeout | Resets the timeout duration for the current event handler. |
| ShutdownSystem | Shuts down or reboots the operating system. |
| StartFilter | Start filtering registry operations. |
| StopFilter | Stop filtering registry operations. |
| SuspendDefaultRules | Suspends all default rules until the application exits. |
| Uninstall | Uninstalls the class's system driver. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| AfterCloseKey | Fires after a registry key is closed. |
| AfterCreateKey | Fires after a registry key is created. |
| AfterDeleteKey | Fires after a registry key is deleted. |
| AfterDeleteValue | Fires after a registry value is deleted. |
| AfterEnumerateKey | Fires after a subkey's information is retrieved during key enumeration. |
| AfterEnumerateValue | Fires after a registry value's information is retrieved during key value enumeration. |
| AfterOpenKey | Fires after a registry key is opened. |
| AfterQueryKey | Fires after a registry key's information is retrieved. |
| AfterQueryValue | Fires after a registry value's information is retrieved. |
| AfterRenameKey | Fires after a registry key is renamed. |
| AfterSetKey | Fires after a registry key's information is updated. |
| AfterSetValue | Fires after a registry value is set or updated. |
| BeforeCloseKey | Fires before a registry key is closed. |
| BeforeCreateKey | Fires before a registry key is created. |
| BeforeDeleteKey | Fires before a registry key is deleted. |
| BeforeDeleteValue | Fires before a registry value is deleted. |
| BeforeEnumerateKey | Fires before a subkey's information is retrieved during key enumeration. |
| BeforeEnumerateValue | Fires before a registry value's information is retrieved during key value enumeration. |
| BeforeOpenKey | Fires before a registry key is opened. |
| BeforeQueryKey | Fires before a registry key's information is retrieved. |
| BeforeQueryValue | Fires before a registry value's information is retrieved. |
| BeforeRenameKey | Fires before a registry key is renamed. |
| BeforeSetKey | Fires before a registry key's information is updated. |
| BeforeSetValue | Fires before a registry value is set or updated. |
| CleanupKeyContext | Fires when the application-defined data stored in a registry key context needs be cleaned up. |
| CloseKeyHandle | Fires when an application-provided registry key handle should be closed. |
| Error | Fires if an unhandled error occurs during an event. |
| WorkerThreadCreation | Fires just after a new worker thread is created. |
| WorkerThreadTermination | Fires just before a worker thread is terminated. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
| FilterOwnRequests | Whether the class's system driver should filter requests made by the application itself. |
| ForceAdminRightsForDefaultRules | Specifies whether default rules can be added or deleted only by administrators. |
| LoggingEnabled | Whether extended logging is enabled. |
| MaxWorkerThreadCount | The maximum number of worker threads to use to fire events. |
| MinWorkerThreadCount | The minimum number of worker threads to use to fire events. |
| ResolveNtNameToWin32Name | Whether key names in NT native format are translated to common Win32 format. |
| WorkerInitialStackSize | The initial stack size to create worker threads with. |
| BuildInfo | Information about the product's build. |
| LicenseInfo | Information about the current license. |