CBVaultDrive Module

Properties   Methods   Events   Config Settings   Errors  

The CBVaultDrive module lets applications create a vault, manipulate its contents, and mount it as a virtual drive.

Syntax

CBFSStorage.CBVaultDrive

Remarks

The CBVaultDrive class provides a superset of the functionality offered by the CBVAULT class. In addition to allowing applications to create and interact with a vault directly, the CBVaultDrive class can mount a vault as a virtual drive, allowing its contents to be accessed by the system and third-party applications.

Unlike the CBVAULT class, which can be used as-is, the CBVaultDrive class requires additional deployment steps; please refer to the Windows-specific deployment topics deployment topics for more information. For more information about using CBFS Storage's many features, please refer to the extensive General Information topics.

Getting Started

Each CBVaultDrive class instance controls a single vault-based virtual drive. Applications can use multiple instances of the CBVaultDrive class if their use-case requires that multiple vaults be mounted simultaneously.

Here's how to get up and running:

  1. Ensure that the required Prerequisites have been satisfied. On Windows, for example, this involves installing the system driver, which can be done using the Install method.
  2. Call the Initialize method to initialize the CBVaultDrive class. This must be done each time the application starts (if the application is using multiple CBVaultDrive class instances, only the first instance created should be used to call Initialize).
  3. If the application is using custom compression, custom encryption, or callback mode, ensure that the appropriate event handlers have been implemented. Please refer to the linked topics for more information.
  4. Call the OpenVault method to create/open a vault and mount it as a virtual drive.
  5. Create one or more Mounting Points for the virtual drive using the AddMountingPoint method.
  6. At this point, the system and other processes will be able to access the vault's contents via the virtual drive.
  7. Later, the application can close the vault and unmount the associated virtual drive by calling the CloseVault method.

Property List


The following is the full list of the properties of the module with short descriptions. Click on the links for further details.

AccessDeniedProcessesCollection of access rules that define which processes may not access the virtual drive.
AccessGrantedProcessesCollection of access rules that define which processes may access the virtual drive.
ActiveWhether a vault has been opened and mounted as a virtual drive.
AutoCompactAtThis property specifies the free space percentage threshold a vault must reach to be eligible for automatic compaction.
CallbackModeThis property specifies whether the module should operate in callback mode.
CaseSensitiveThis property specifies whether the module should open a vault in case-sensitive mode.
DefaultFileAccessPasswordThis property specifies the default encryption password to use when opening files and alternate streams.
DefaultFileCompressionThis property specifies the default compression mode to use when creating files and alternate streams.
DefaultFileCreatePasswordThis property specifies the default encryption password to use when creating new files and alternate streams.
DefaultFileEncryptionThis property specifies the default encryption mode to use when creating files and alternate streams.
FileSystemNameThe name of the virtual filesystem.
IsCorruptedThis property specifies whether the vault is corrupted.
LastWriteTimeThis property specifies the last modification time of the vault.
LogoThis property specifies an application-defined text-based logo stored in the second page of a vault.
MountingPointsCollection of mounting points for the virtual drive.
OpenFilesCollection of information about the objects in the virtual drive that are currently open.
PageSizeThis property specifies the vault's page size.
PathSeparatorThis property specifies the path separator character to use when returning vault paths.
PossibleFreeSpaceThis property specifies the maximum amount of free space the vault could possibly have available.
PossibleSizeThis property specifies the maximum size the vault could possibly be.
ProcessRestrictionsEnabledWhether process access restrictions are enabled.
ReadOnlyThis property specifies whether the module should open a vault in read-only mode.
ReportPossibleSizeHow the module should report the virtual drive's size and free space to the OS.
SerializeEventsWhether events should be fired on a single worker thread, or many.
StorageCharacteristicsThe characteristic flags to create the virtual drive with (Windows only).
StorageGUIDThe GUID to create the virtual drive with.
StorageTypeThe type of virtual drive to create (Windows only).
TagThis property stores application-defined data specific to a particular instance of the module.
TimeoutHow long vault events may execute before timing out (Windows only).
UnmountOnTerminationWhether the virtual drive should be unmounted if the application terminates (Windows only).
UseAccessTimeThis property specifies whether the module should keep track of last access times for vault items.
UseSystemCacheThis property specifies whether the operating system's cache is used.
VaultEncryptionThis property specifies the whole-vault encryption mode.
VaultFileThis property specifies the vault to create or open.
VaultFreeSpaceThis property reflects the actual amount of free space the vault has available.
VaultPasswordThis property specifies the whole-vault encryption password.
VaultSizeThis property specifies the actual size of the vault.
VaultSizeMaxThis property specifies the maximum size a vault can be.
VaultSizeMinThis property specifies the minimum size a vault can be.
VaultStateThis property specifies information about the state of the vault.

Method List


The following is the full list of the methods of the module with short descriptions. Click on the links for further details.

AddDeniedProcessAdds a rule that prevents a process from accessing the virtual drive.
AddGrantedProcessAdds a rule that allows a process to access the virtual drive.
AddMountingPointAdds a mounting point for the virtual drive.
CacheFilePasswordThis method caches an encryption password to use the next time a file or alternate stream is accessed or removes the cached password.
CheckAndRepairThis method checks a vault's consistency and repairs it as necessary.
CheckFilePasswordThis method verifies whether a particular file password is correct.
CheckVaultPasswordThis method verifies whether a particular vault password is correct.
CloseOpenedFilesSnapshotCloses the previously-created opened files snapshot.
CloseVaultCloses the vault.
CompactVaultThis method compacts the vault.
ConfigThis method sets or retrieves a configuration setting.
ConvertToDrivePathConverts a vault-local vault item path to a virtual drive file path (Windows only).
ConvertToVaultPathConverts a virtual drive file path to a vault-local vault item path (Windows only).
CreateDirectoryThis method creates a new directory in the vault.
CreateLinkThis method creates a symbolic link to another file in the vault.
CreateOpenedFilesSnapshotCreates a snapshot of information about files that are currently open.
DeleteFileThis method deletes a vault item.
DeleteFileTagThis method deletes a file tag.
EjectVolumeEjects a removable storage volume formatted with the CBFS Storage filesystem (Windows only).
FileExistsThis method checks whether a vault item exists.
FileMatchesMaskThis method checks whether a particular file or directory name matches the specified mask.
FileTagExistsThis method checks whether a file tag exists.
FileTimeToNanosecondsThis method returns the subsecond part of the time expressed in nanoseconds.
FileTimeToUnixTimeThis method converts FileTime to Unix time format.
FindCloseThis method closes a search operation and releases any associated resources.
FindFirstThis method searches for the first vault item that matches the specified name and attributes.
FindFirstByQueryThis method searches for the first file or directory whose file tags match the specified query.
FindNextThis method searches for the next vault item that matches an ongoing search operation.
ForceUnmountForcefully unmounts the virtual drive associated with the specified vault (Windows only).
FormatVolumeFormats a storage volume or partition with the CBFS Storage filesystem (Windows only).
GetDriverStatusRetrieves the status of the system driver.
GetFileAttributesThis method retrieves the attributes of a vault item.
GetFileCompressionThis method retrieves the compression mode of a file or alternate stream.
GetFileCreationTimeThis method retrieves the creation time of a vault item.
GetFileEncryptionThis method retrieves the encryption mode of a file or alternate stream.
GetFileLastAccessTimeThis method retrieves the last access time of a vault item.
GetFileModificationTimeThis method retrieves the modification time of a vault item.
GetFileSizeThis method retrieves the size of a file or alternate stream.
GetFileTagThis method retrieves the binary data held by a raw file tag attached to the specified vault item.
GetFileTagAsAnsiStringThis method retrieves the value of an AnsiString-typed file tag attached to the specified vault item.
GetFileTagAsBooleanThis method retrieves the value of a Boolean-typed file tag attached to the specified vault item.
GetFileTagAsDateTimeThis method retrieves the value of a DateTime-typed file tag attached to the specified vault item.
GetFileTagAsNumberThis method retrieves the value of a Number-typed file tag attached to the specified vault item.
GetFileTagAsStringThis method retrieves the value of a String-typed file tag attached to the specified vault item.
GetFileTagDataTypeThis method retrieves the data type of a typed file tag attached to a specific vault item.
GetFileTagSizeThis method retrieves the size of a raw file tag attached to the specified vault item.
GetModuleVersionRetrieves the version of a given product module.
GetOriginatorProcessIdRetrieves the Id of the process (PID) that initiated the operation.
GetOriginatorProcessNameRetrieves the name of the process that initiated the operation.
GetOriginatorThreadIdRetrieves the Id of the thread that initiated the operation (Windows only).
GetOriginatorTokenRetrieves the security token associated with the process that initiated the operation (Windows only).
GetSearchResultAttributesThis method retrieves the attributes of a vault item found during a search operation.
GetSearchResultCreationTimeThis method retrieves the creation time of a vault item found during a search operation.
GetSearchResultFullNameThis method retrieves the fully qualified name of a vault item found during a search operation.
GetSearchResultLastAccessTimeThis method retrieves the last access time of a vault item found during a search operation.
GetSearchResultLinkDestinationThis method retrieves the destination of a symbolic link found during a search operation.
GetSearchResultMetadataSizeThis method retrieves the size of the metadata associated with a vault item found during a search operation.
GetSearchResultModificationTimeThis method retrieves the modification time of a vault item found during a search operation.
GetSearchResultNameThis method retrieves the name of a vault item found during a search operation.
GetSearchResultSizeThis method retrieves the size of a vault item found during a search operation.
InitializeThis method initializes the module.
InstallInstalls (or upgrades) the product's system drivers and/or the helper DLL (Windows only).
IsDirectoryEmptyThis method checks whether a directory is empty.
IsIconRegisteredChecks whether the specified icon is registered (Windows only).
IsValidVaultThis method checks whether a local file is a CBFS Storage vault.
IsValidVaultVolumeChecks whether a storage partition or volume is formatted with the CBFS Storage filesystem (Windows only).
MoveFileThis method renames or moves a vault item.
OpenFileThis method opens a new or existing file or alternate stream in the vault.
OpenFileExThis method opens a new or existing file or alternate stream in the vault.
OpenRootDataThis method opens the vault's root data stream.
OpenVaultThis method opens a new or existing vault.
OpenVolumeOpens a storage volume or partition formatted with the CBFS Storage filesystem as a vault (Windows only).
RegisterIconRegisters an icon that can be displayed as an overlay on the virtual drive in Windows File Explorer (Windows only).
RemoveDeniedProcessRemoves a rule that prevents a process from accessing the virtual drive.
RemoveGrantedProcessRemoves a rule that allows a process to access the virtual drive.
RemoveMountingPointRemoves a mounting point for the virtual drive.
ResetIconResets the virtual drive's icon back to default by deselecting the active overlay icon (Windows only).
ResolveLinkThis method retrieves the destination of a symbolic link.
SetFileAttributesThis method sets the attributes of a vault item.
SetFileCompressionThis method compresses or decompresses a file or alternate stream.
SetFileCreationTimeThis method sets the creation time of a vault item.
SetFileEncryptionThis method encrypts, decrypts, or changes the encryption password of a file or alternate stream.
SetFileLastAccessTimeThis method sets the last access time of a vault item.
SetFileModificationTimeThis method sets the modification time of a vault item.
SetFileSizeThis method sets the size of a file or alternate stream.
SetFileTagThis method attaches a raw file tag with binary data to the specified vault item.
SetFileTagAsAnsiStringThis method attaches an AnsiString-typed file tag to the specified vault item.
SetFileTagAsBooleanThis method attaches a Boolean-typed file tag to the specified vault item.
SetFileTagAsDateTimeThis method attaches a DateTime-typed file tag to the specified vault item.
SetFileTagAsNumberThis method attaches a Number-typed file tag to the specified vault item.
SetFileTagAsStringThis method attaches a String-typed file tag to the specified vault item.
SetIconSelects a registered overlay icon for display on the virtual drive in Windows File Explorer (Windows only).
ShutdownSystemShuts down or reboots the operating system.
UninstallUninstalls the product's system drivers and/or helper DLL (Windows only).
UnixTimeToFileTimeThis method converts the date/time in Unix format to the Windows FileTime format.
UnregisterIconUnregisters an existing overlay icon (Windows only).
UpdateVaultEncryptionThis method encrypts, decrypts, or changes the encryption password of the vault.

Event List


The following is the full list of the events fired by the module with short descriptions. Click on the links for further details.

DataCompressThis event fires to compress a block of data using a custom compression algorithm.
DataDecompressThis event fires to decompress a block of data using a custom compression algorithm.
DataDecryptThis event fires to decrypt a block of data using a custom encryption implementation.
DataEncryptThis event fires to encrypt a block of data using a custom encryption implementation.
EjectedFires when the media and virtual drive have been ejected (Windows only).
ErrorThis event fires if an unhandled error occurs during an event.
FileAccessFires when the OS wants to create or open a file or directory.
FileAfterCopyThis event fires after the file has been copied during file export/import operations.
FileBeforeCopyThis event fires before the file is copied during file export/import operations.
FilePasswordNeededThis event fires if a password is needed to open an encrypted file.
HashCalculateThis event fires to calculate a password hash using a custom hashing implementation.
KeyDeriveThis event fires to derive an encryption key using a custom key derivation implementation.
ProgressThis event fires to indicate the progress of long-running vault operations.
VaultCloseThis event fires to close a callback mode vault.
VaultDeleteThis event fires to delete a callback mode vault.
VaultFlushThis event fires to flush a callback mode vault's data out to storage.
VaultGetParentSizeThis event fires to determine how much free space is available for growing a callback mode vault.
VaultGetSizeThis event fires to determine the size of a callback mode vault.
VaultOpenThis event fires to open a new or existing callback mode vault.
VaultReadThis event fires to read data from a callback mode vault.
VaultSetSizeThis event fires to resize a callback mode vault.
VaultWriteThis event fires to write data to a callback mode vault.
WorkerThreadCreationFires just after a new worker thread is created.
WorkerThreadTerminationFires just before a worker thread is terminated.

Config Settings


The following is a list of config settings for the module with short descriptions. Click on the links for further details.

AllowMoveStreamsBetweenFilesWhether alternate streams may be moved from one file to another.
AsyncDeleteStorageNotificationsWhether system broadcasts for virtual drive deletion are sent asynchronously.
AutoCompactDelayHow long a vault must remain idle before starting automatic compaction.
DefaultFileCompressionLevelThe default compression level to use when creating files and alternate streams.
FireFileAccessEventWhether FileAccess event is fired.
LoggingEnabledWhether extended logging is enabled.
MaxNonPagedNameLengthThe maximum number of name characters to store directly within a vault item.
MaxWorkerThreadCountThe maximum number of worker threads to use to fire events.
MinWorkerThreadCountThe minimum number of worker threads to use to fire events.
PageCacheSizeThe size of the in-memory vault page cache.
PartSizeThe part size used by a multipart vault.
SupportSearchIndexerSpecifies whether the driver must take additional measures to support indexing by Windows Search.
VolumeGuidNameThe GUID of the mounted volume.
WorkerInitialStackSizeThe initial stack size to create worker threads with.

AccessDeniedProcesses Property (CBVaultDrive Module)

Collection of access rules that define which processes may not access the virtual drive.

Syntax

public var accessDeniedProcesses: Array<ProcessAccessRule> {
  get {...}
}

@property (nonatomic,readonly,assign,getter=accessDeniedProcessCount) int accessDeniedProcessCount;

- (int)accessDeniedProcessCount;

- (int)accessDeniedProcessDesiredAccess:(int)accessDeniedProcessIndex;

- (BOOL)accessDeniedProcessIncludeChildren:(int)accessDeniedProcessIndex;

- (int)accessDeniedProcessId:(int)accessDeniedProcessIndex;

- (NSString*)accessDeniedProcessName:(int)accessDeniedProcessIndex;

Default Value

0

Remarks

This property holds a collection of ProcessAccessRule objects representing rules that deny processes certain kinds of access to the virtual drive.

Please refer to the AddDeniedProcess and RemoveDeniedProcess methods for more information.

Note: The methods and properties related to process access lists are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of process access information occurs in a thread-safe manner.

This property is read-only.

AccessGrantedProcesses Property (CBVaultDrive Module)

Collection of access rules that define which processes may access the virtual drive.

Syntax

public var accessGrantedProcesses: Array<ProcessAccessRule> {
  get {...}
}

@property (nonatomic,readonly,assign,getter=accessGrantedProcessCount) int accessGrantedProcessCount;

- (int)accessGrantedProcessCount;

- (int)accessGrantedProcessDesiredAccess:(int)accessGrantedProcessIndex;

- (BOOL)accessGrantedProcessIncludeChildren:(int)accessGrantedProcessIndex;

- (int)accessGrantedProcessId:(int)accessGrantedProcessIndex;

- (NSString*)accessGrantedProcessName:(int)accessGrantedProcessIndex;

Default Value

0

Remarks

This property holds a collection of ProcessAccessRule objects representing rules that grant processes certain kinds of access to the virtual drive.

Please refer to the AddGrantedProcess and RemoveGrantedProcess methods for more information.

Note: The methods and properties related to process access lists are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of process access information occurs in a thread-safe manner.

This property is read-only.

Active Property (CBVaultDrive Module)

Whether a vault has been opened and mounted as a virtual drive.

Syntax

public var active: Bool {
  get {...}
}

@property (nonatomic,readonly,assign,getter=active) BOOL active;

- (BOOL)active;

Default Value

False

Remarks

This property reflects whether the class has opened a vault and mounted a virtual drive for it; it will be once the OpenVault or OpenVolume method has been called successfully.

This property is read-only.

AutoCompactAt Property (CBVaultDrive Module)

This property specifies the free space percentage threshold a vault must reach to be eligible for automatic compaction.

Syntax

public var autoCompactAt: Int32 {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=autoCompactAt,setter=setAutoCompactAt:) int autoCompactAt;

- (int)autoCompactAt;
- (void)setAutoCompactAt :(int)newAutoCompactAt;

Default Value

25

Remarks

This property specifies the percentage of free space a vault must have, at minimum, for it to be eligible for automatic vault compaction. An eligible vault may be compacted automatically in the background at any time. Please refer to the CompactVault method for more information about the compacting process.

To guard against excessive automatic compaction operations, applications can set the AutoCompactDelay configuration setting to a nonzero value. Alternatively, this property can be set to 0 to disable automatic compaction completely.

A vault opened in ReadOnly mode will never be compacted, regardless of this property's value.

Note: This property cannot be changed within events.

CallbackMode Property (CBVaultDrive Module)

This property specifies whether the module should operate in callback mode.

Syntax

public var callbackMode: Bool {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=callbackMode,setter=setCallbackMode:) BOOL callbackMode;

- (BOOL)callbackMode;
- (void)setCallbackMode :(BOOL)newCallbackMode;

Default Value

False

Remarks

This property specifies whether the class should operate in callback mode, causing all vault access to be performed through the following events. Please refer to the Callback Mode topic for more information.

When this property is enabled, the following events must all be implemented for the class to function correctly:

Note: This property cannot be changed when Active is , and it cannot be changed within events.

CaseSensitive Property (CBVaultDrive Module)

This property specifies whether the module should open a vault in case-sensitive mode.

Syntax

public var caseSensitive: Bool {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=caseSensitive,setter=setCaseSensitive:) BOOL caseSensitive;

- (BOOL)caseSensitive;
- (void)setCaseSensitive :(BOOL)newCaseSensitive;

Default Value

False

Remarks

This property specifies whether the class should open a vault in case-sensitive mode. Enabling this property causes all file, directory, symbolic link, alternate stream, and file tag names to be treated as case sensitive.

Note: This property cannot be changed when Active is , and it cannot be changed within events.

DefaultFileAccessPassword Property (CBVaultDrive Module)

This property specifies the default encryption password to use when opening files and alternate streams.

Syntax

public var defaultFileAccessPassword: String {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=defaultFileAccessPassword,setter=setDefaultFileAccessPassword:) NSString* defaultFileAccessPassword;

- (NSString*)defaultFileAccessPassword;
- (void)setDefaultFileAccessPassword :(NSString*)newDefaultFileAccessPassword;

Default Value

""

Remarks

This property specifies the default encryption password that the class should use when opening files and alternate streams.

Please refer to the Encryption topic for more information.

As an alternative to using this property, applications may call the CacheFilePassword method (before a file is opened) to specify a one-time-use password or may specify file encryption passwords dynamically using the FilePasswordNeeded event.

DefaultFileCompression Property (CBVaultDrive Module)

This property specifies the default compression mode to use when creating files and alternate streams.

Syntax

public var defaultFileCompression: Int32 {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=defaultFileCompression,setter=setDefaultFileCompression:) int defaultFileCompression;

- (int)defaultFileCompression;
- (void)setDefaultFileCompression :(int)newDefaultFileCompression;

Default Value

0

Remarks

This property specifies the default compression mode that the class should use when creating files and alternate streams. Valid values are as follows:

VAULT_CM_NONE0Do not use compression.

VAULT_CM_DEFAULT1Use default compression (zlib).

VAULT_CM_CUSTOM2Use event-based custom compression.

This compression level is not used.

VAULT_CM_ZLIB3Use zlib compression.

Valid compression levels are 1-9.

VAULT_CM_RLE4Use RLE compression.

This compression level is not used.

Applications that use custom compression must implement the DataCompress and DataDecompress events. Please refer to the Compression topic for more information.

Applications can also specify a default compression level using the DefaultFileCompressionLevel configuration setting, if desired.

DefaultFileCreatePassword Property (CBVaultDrive Module)

This property specifies the default encryption password to use when creating new files and alternate streams.

Syntax

public var defaultFileCreatePassword: String {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=defaultFileCreatePassword,setter=setDefaultFileCreatePassword:) NSString* defaultFileCreatePassword;

- (NSString*)defaultFileCreatePassword;
- (void)setDefaultFileCreatePassword :(NSString*)newDefaultFileCreatePassword;

Default Value

""

Remarks

This property specifies the default encryption password that the class should use when creating new files and alternate streams.

Please refer to the Encryption topic for more information.

DefaultFileEncryption Property (CBVaultDrive Module)

This property specifies the default encryption mode to use when creating files and alternate streams.

Syntax

public var defaultFileEncryption: Int32 {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=defaultFileEncryption,setter=setDefaultFileEncryption:) int defaultFileEncryption;

- (int)defaultFileEncryption;
- (void)setDefaultFileEncryption :(int)newDefaultFileEncryption;

Default Value

0

Remarks

This property specifies the default encryption mode that the class should use when creating files and alternate streams. Valid values are as follows:

VAULT_EM_NONE0x0Do not use encryption.

VAULT_EM_DEFAULT0x1Use default encryption (VAULT_EM_XTS_AES256_PBKDF2_HMAC_SHA256).

VAULT_EM_XTS_AES256_PBKDF2_HMAC_SHA2560x2Use AES256 encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

VAULT_EM_CUSTOM256_PBKDF2_HMAC_SHA2560x3Use event-based custom 256-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 256-bit (32-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM512_PBKDF2_HMAC_SHA2560x4Use event-based custom 512-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 512-bit (64-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM1024_PBKDF2_HMAC_SHA2560x5Use event-based custom 1024-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 1024-bit (128-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM256_CUSTOM_KEY_DERIVE0x23Use event-based custom 256-bit encryption with custom key derivation.

A 256-bit (32-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM512_CUSTOM_KEY_DERIVE0x24Use event-based custom 512-bit encryption with custom key derivation.

A 512-bit (64-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM1024_CUSTOM_KEY_DERIVE0x25Use event-based custom 1024-bit encryption with custom key derivation.

A 1024-bit (128-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM256_DIRECT_KEY0x43Use event-based custom 256-bit encryption with no key derivation.

A 256-bit (32-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_CUSTOM512_DIRECT_KEY0x44Use event-based custom 512-bit encryption with no key derivation.

A 512-bit (64-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_CUSTOM1024_DIRECT_KEY0x45Use event-based custom 1024-bit encryption with no key derivation.

A 1024-bit (128-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_UNKNOWN0xFFUnidentified or unknown encryption.

Applications that use custom encryption must implement at least the DataEncrypt and DataDecrypt events. Certain custom encryption modes may require that the HashCalculate or KeyDerive event be implemented as well. Please refer to the Encryption topic for more information.

Applications that set this property to a value other than VAULT_EM_NONE (the default) should also specify a default encryption password using the DefaultFileCreatePassword property.

FileSystemName Property (CBVaultDrive Module)

The name of the virtual filesystem.

Syntax

public var fileSystemName: String {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=fileSystemName,setter=setFileSystemName:) NSString* fileSystemName;

- (NSString*)fileSystemName;
- (void)setFileSystemName :(NSString*)newFileSystemName;

Default Value

"FAT32"

Remarks

This property specifies the name of the virtual filesystem. Windows, and some other applications, use this name to identify the filesystem.

In general, the filesystem name can be any reasonable string up to 10 characters in length. However, some versions of Windows and some third-party programs may behave differently when they encounter an unknown filesystem name (i.e., anything other than FAT, FAT32, exFAT, NTFS, etc.). Applications should keep this restriction in mind when choosing a filesystem name.

This property is set to FAT32 by default, which may cause some applications to fail when attempting to copy large (>4GB) files to and from the virtual drive. It is recommended that applications set this property to exFAT if such issues occur.

Note: This property cannot be changed when Active is , and it cannot be changed within events.

IsCorrupted Property (CBVaultDrive Module)

This property specifies whether the vault is corrupted.

Syntax

public var isCorrupted: Bool {
  get {...}
}

@property (nonatomic,readonly,assign,getter=isCorrupted) BOOL isCorrupted;

- (BOOL)isCorrupted;

Default Value

False

Remarks

This property reflects whether the currently open vault is corrupted, as indicated by the presence of the VAULT_ST_CORRUPTED flag in the VaultState property.

The VAULT_ST_CORRUPTED flag is set automatically anytime the class detects that a vault's integrity has been compromised. Calling the CheckAndRepair method for a corrupted vault will clear the flag.

This property is read-only.

LastWriteTime Property (CBVaultDrive Module)

This property specifies the last modification time of the vault.

Syntax

public var lastWriteTime: Date {
  get {...}
}

@property (nonatomic,readonly,assign,getter=lastWriteTime) NSDate* lastWriteTime;

- (NSDate*)lastWriteTime;

Default Value

0

Remarks

This property reflects the vault's last modification time, specified .

This property is read-only.

Logo Property (CBVaultDrive Module)

This property specifies an application-defined text-based logo stored in the second page of a vault.

Syntax

Default Value

"CBFS Vault"

Remarks

This property is used to control a vault's logo, which is a UTF-16LE string stored in the second page of a vault. A vault's logo is visible to anyone who inspects its raw data and thus can be used to provide information about the vault itself.

Vault logos can be up to 127 characters long (not including the null terminator).

Note: This property cannot be changed within events.

MountingPoints Property (CBVaultDrive Module)

Collection of mounting points for the virtual drive.

Syntax

public var mountingPoints: Array<MountingPoint> {
  get {...}
}

@property (nonatomic,readonly,assign,getter=mountingPointCount) int mountingPointCount;

- (int)mountingPointCount;

- (long long)mountingPointAuthenticationId:(int)mountingPointIndex;

- (int)mountingPointFlags:(int)mountingPointIndex;

- (NSString*)mountingPointName:(int)mountingPointIndex;

Default Value

0

Remarks

This property holds a collection of MountingPoint objects, each of which represents an available mounting point for the virtual drive.

Please refer to the AddMountingPoint and RemoveMountingPoint methods for more information.

Note: The methods and properties related to mounting points are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of mounting points occurs in a thread-safe manner.

This property is read-only.

OpenFiles Property (CBVaultDrive Module)

Collection of information about the objects in the virtual drive that are currently open.

Syntax

public var openFiles: Array<OpenFile> {
  get {...}
}

@property (nonatomic,readonly,assign,getter=openFilesCount) int openFilesCount;

- (int)openFilesCount;

- (NSString*)openFileName:(int)openFileIndex;

- (int)openFileProcessId:(int)openFileIndex;

- (NSString*)openFileProcessName:(int)openFileIndex;

Default Value

0

Remarks

This property holds a collection of OpenFile objects representing filesystem objects (files, directories, etc.) from the virtual drive that are currently open. The collection is populated anytime CreateOpenedFilesSnapshot is called, and cleared when CloseOpenedFilesSnapshot is called; please refer to those methods for more information.

Note: The methods and properties related to open files snapshots are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that creation, use, and cleanup of open files snapshots occurs in a thread-safe manner.

This property is read-only.

PageSize Property (CBVaultDrive Module)

This property specifies the vault's page size.

Syntax

public var pageSize: Int32 {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=pageSize,setter=setPageSize:) int pageSize;

- (int)pageSize;
- (void)setPageSize :(int)newPageSize;

Default Value

4096

Remarks

This property controls the page size used when creating new vaults and reflects the page size of the currently open vault. Valid values are 256 through 65536 bytes (inclusive).

A vault's page size is permanent, it cannot be changed after the vault is created. Please refer to the Vaults topic for more information.

Note: This property cannot be changed when Active is , and it cannot be changed within events.

PathSeparator Property (CBVaultDrive Module)

This property specifies the path separator character to use when returning vault paths.

Syntax

public var pathSeparator: Int32 {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=pathSeparator,setter=setPathSeparator:) int pathSeparator;

- (int)pathSeparator;
- (void)setPathSeparator :(int)newPathSeparator;

Default Value

92

Remarks

This property specifies the path separator character that the class APIs should use when returning a vault path. Valid values are as follows:

VAULT_PSC_BACKSLASH92Backslash ('\').

This character is the Windows path separator.

VAULT_PSC_SLASH47Forward slash ('/').

This character is the Unix-style path separator.

Note: This property is just a convenience; applications are free to use either of the above characters as path separators when passing path strings to the class's APIs.

Note: This property cannot be changed when Active is , and it cannot be changed within events.

PossibleFreeSpace Property (CBVaultDrive Module)

This property specifies the maximum amount of free space the vault could possibly have available.

Syntax

public var possibleFreeSpace: Int64 {
  get {...}
}

@property (nonatomic,readonly,assign,getter=possibleFreeSpace) long long possibleFreeSpace;

- (long long)possibleFreeSpace;

Default Value

0

Remarks

This property reflects the maximum amount of free space, in bytes, that the vault could possibly have available. That is, it is the amount of free space that would be available if the vault automatically grew to its maximum PossibleSize right now, without any additional data being written to it. Therefore:

In both cases, parent_free_space is the amount of free space available for the vault to use for automatic growth. For a file-based vault, this is the total amount of free space on the disk where the vault's storage file (i.e., VaultFile) resides, as reported by the OS. For a Callback Mode vault, this is whatever value the application provides through the VaultGetParentSize event.

Please refer to the Vault Size topic for more information.

This property is read-only.

PossibleSize Property (CBVaultDrive Module)

This property specifies the maximum size the vault could possibly be.

Syntax

public var possibleSize: Int64 {
  get {...}
}

@property (nonatomic,readonly,assign,getter=possibleSize) long long possibleSize;

- (long long)possibleSize;

Default Value

0

Remarks

This property reflects the maximum size, in bytes, that the vault could possibly be. That is, it is the size that the vault would be if it automatically grew as much as possible right now, without any additional data being written to it. Therefore:

In the former case, parent_free_space is the amount of free space available for the vault to use for automatic growth. For a file-based vault, this is the total amount of free space on the disk where the vault's storage file (i.e., VaultFile) resides, as reported by the OS. For a Callback Mode vault, this is whatever value the application provides through the VaultGetParentSize event.

Please refer to the VaultSize topic for more information.

This property is read-only.

ProcessRestrictionsEnabled Property (CBVaultDrive Module)

Whether process access restrictions are enabled.

Syntax

public var processRestrictionsEnabled: Bool {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=processRestrictionsEnabled,setter=setProcessRestrictionsEnabled:) BOOL processRestrictionsEnabled;

- (BOOL)processRestrictionsEnabled;
- (void)setProcessRestrictionsEnabled :(BOOL)newProcessRestrictionsEnabled;

Default Value

False

Remarks

This property controls whether the class should enforce per-process access restrictions; by default, it is disabled. When enabled, the AddGrantedProcess and AddDeniedProcess methods can be used to add process-specific access rules for the class to enforce across the entire virtual drive.

When an application enables this propery, it should use the AddGrantedProcess method to add at least one pocess as allowed; otherwise, the data will be inaccessible.

The current process access rules are reflected by the AccessGrantedProcess* and AccessDeniedProcess* properties.

Note: The methods and properties related to process access lists are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of process access information occurs in a thread-safe manner.

ReadOnly Property (CBVaultDrive Module)

This property specifies whether the module should open a vault in read-only mode.

Syntax

public var readOnly: Bool {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=readOnly,setter=setReadOnly:) BOOL readOnly;

- (BOOL)readOnly;
- (void)setReadOnly :(BOOL)newReadOnly;

Default Value

False

Remarks

This property specifies whether the class should open a vault in read-only mode. When a vault is opened in read-only mode, the following restrictions apply:

  • No new vault items (e.g., files, directories, symbolic links, and alternate streams) may be created.
  • No existing vault items may be modified, renamed, moved, or deleted. This includes updating access times.
  • The vault cannot be resized or compacted (automatically or explicitly).
  • Vault corruption cannot be repaired using CheckAndRepair.

Note: This list may not necessarily be exhaustive.

Note: This property cannot be changed when Active is , and it cannot be changed within events.

ReportPossibleSize Property (CBVaultDrive Module)

How the module should report the virtual drive's size and free space to the OS.

Syntax

public var reportPossibleSize: Bool {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=reportPossibleSize,setter=setReportPossibleSize:) BOOL reportPossibleSize;

- (BOOL)reportPossibleSize;
- (void)setReportPossibleSize :(BOOL)newReportPossibleSize;

Default Value

True

Remarks

This property controls which pair of values the class should use when reporting the virtual drive's size and free space to the OS.

When this property is enabled (default), the class will use the values of the PossibleSize and PossibleFreeSpace properties. When this property is disabled, the class will use the values of the VaultSize and PossibleSize properties.

To ensure correct operation, it is recommended that applications keep this property enabled, unless a vault's size has been fixed by setting the VaultSizeMin and VaultSizeMax properties equal to each other.

Please refer to the documentation of the properties mentioned above, as well as the Vault Size topic, for more information.

Note: This property cannot be changed within events.

SerializeEvents Property (CBVaultDrive Module)

Whether events should be fired on a single worker thread, or many.

Syntax

public var serializeEvents: CBVaultDriveSerializeEvents {
  get {...}
  set {...}
}

public enum CBVaultDriveSerializeEvents: Int32 { case seOnMultipleThreads = 0 case seOnOneWorkerThread = 1 }

@property (nonatomic,readwrite,assign,getter=serializeEvents,setter=setSerializeEvents:) int serializeEvents;

- (int)serializeEvents;
- (void)setSerializeEvents :(int)newSerializeEvents;

Default Value

0

Remarks

This property specifies whether the class should fire all events serially on a single worker thread, or concurrently on multiple worker threads. The possible values are:

0 (seOnMultipleThreads) The class fires events in the context of multiple worker threads. The MinWorkerThreadCount and MaxWorkerThreadCount configuration settings control how many worker threads are used for this.
1 (seOnOneWorkerThread) The class fires events in the context of one background worker thread.

Please refer to the Threading and Concurrency topic for more information.

Note: This property cannot be changed when Active is , and it cannot be changed within events.

StorageCharacteristics Property (CBVaultDrive Module)

The characteristic flags to create the virtual drive with (Windows only).

Syntax

public var storageCharacteristics: Int32 {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=storageCharacteristics,setter=setStorageCharacteristics:) int storageCharacteristics;

- (int)storageCharacteristics;
- (void)setStorageCharacteristics :(int)newStorageCharacteristics;

Default Value

16

Remarks

The system, as well as other applications, use these flags to optimize their use of the virtual drive. This property should be set by OR'ing together zero or more of the following flags:

STGC_FLOPPY_DISKETTE0x00000001The storage is a floppy disk device.

This flag is not supported when StorageType is set to STGT_DISK_PNP.

STGC_READONLY_DEVICE0x00000002The storage is a read-only device.

STGC_WRITE_ONCE_MEDIA0x00000008The storage device's media can only be written to once.

This flag is not supported when StorageType is set to STGT_DISK_PNP.

STGC_REMOVABLE_MEDIA0x00000010The storage device's media is removable.

Users may remove the storage media from the virtual drive at any time. (Note that this flag does not indicate that the virtual drive itself is removable.)

STGC_AUTOCREATE_DRIVE_LETTER0x00002000The system should automatically create a drive letter for the storage device.

Deprecated: Include the STGMP_AUTOCREATE_DRIVE_LETTER flag in the value passed for the AddMountingPoint method's Flags parameter instead.

When this flag is present, the StorageGUID property must be set. This flag only works when StorageType is set to STGT_DISK_PNP.

STGC_SHOW_IN_EJECTION_TRAY0x00004000The storage device should be shown in the 'Safely Remove Hardware and Eject Media' menu in the system notification area (system tray).

This flag only works when StorageType is set to STGT_DISK_PNP.

STGC_ALLOW_EJECTION0x00008000The storage device can be ejected.

Users may eject the virtual drive at any time. When the virtual drive is ejected, it is destroyed.

This flag only works when StorageType is set to STGT_DISK_PNP.

STGC_RESERVED_10x00010000Reserved, do not use.

STGC_RESERVED_20x00020000Reserved, do not use.

Note: This property cannot be changed after a virtual drive is created, and it cannot be changed within events.

StorageGUID Property (CBVaultDrive Module)

The GUID to create the virtual drive with.

Syntax

public var storageGUID: String {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=storageGUID,setter=setStorageGUID:) NSString* storageGUID;

- (NSString*)storageGUID;
- (void)setStorageGUID :(NSString*)newStorageGUID;

Default Value

""

Remarks

When the StorageType property is set to STGT_DISK_PNP, this property is used to specify a GUID for the virtual drive, and must be set to GUID-formatted string (e.g., {676D0357-A23A-49c3-B433-65AAD72DD282}). Otherwise, this property may be left empty; in the latter case, the driver will generate a unique value when a drive is mounted.

Some software uses a drive's GUID for the purpose of setting and maintaining certain configuration parameters. Therefore, applications are expected to use the same GUID when repeatedly creating a virtual drive that represents the same data.

Note: This property cannot be changed after a virtual drive is created, and it cannot be changed within events.

StorageType Property (CBVaultDrive Module)

The type of virtual drive to create (Windows only).

Syntax

public var storageType: Int32 {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=storageType,setter=setStorageType:) int storageType;

- (int)storageType;
- (void)setStorageType :(int)newStorageType;

Default Value

0

Remarks

This property specifies what type of virtual drive should be created. Windows File Explorer uses this information to display the appropriate icon and apply the appropriate security settings for the virtual drive. Other applications may also make use of this information in various ways.

Possible values are:

STGT_DISK0x00000000Create a regular disk device.

STGT_CDROM0x00000001Create a CD-ROM or DVD device.

STGT_DISK_PNP0x00000003Create a plug-and-play storage device.

Important: The CBFS Storage system driver must be installed in PnP mode for this option to function properly.

Note: This property cannot be changed after a virtual drive is created, and it cannot be changed within events.

Plug-and-play Virtual Drives

Virtual drives created as plug-and-play (STGT_DISK_PNP) require that a "physical device" be visible in the Disk Manager snap-in of the Microsoft Management Console (mmc.exe). This can be accomplished by calling the AddMountingPoint method and including the STGMP_MOUNT_MANAGER flag in the value passed for its Flags parameter.

In addition to supporting the STGC_REMOVABLE_MEDIA StorageCharacteristics flag, which specifies whether a virtual drive's media is removable or non-removable, plug-and-play virtual drives also support the STGC_ALLOW_EJECTION flag, which specifies whether a virtual drive itself is removable or non-removable.

Tag Property (CBVaultDrive Module)

This property stores application-defined data specific to a particular instance of the module.

Syntax

public var tag: Int64 {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=tag,setter=setTag:) long long tag;

- (long long)tag;
- (void)setTag :(long long)newTag;

Default Value

0

Remarks

This property can be used to store data specific to a particular instance of the class.

Timeout Property (CBVaultDrive Module)

How long vault events may execute before timing out (Windows only).

Syntax

public var timeout: Int32 {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=timeout,setter=setTimeout:) int timeout;

- (int)timeout;
- (void)setTimeout :(int)newTimeout;

Default Value

0

Remarks

When an application is operating in Callback Mode, this property specifies how long the Vault* events may execute before timing out.

When this property is set to a non-zero value, and a Vault* event executes long enough for its timeout to expire, the driver cancels the underlying request by reporting an error to the OS. The tardy event still runs to completion, but any results it returns once finished are ignored since the underlying request has already been handled.

Setting this property to 0 disables event timeouts, which allows Vault* events to take as long as necessary to execute.

Note: This property cannot be changed within events.

UnmountOnTermination Property (CBVaultDrive Module)

Whether the virtual drive should be unmounted if the application terminates (Windows only).

Syntax

public var unmountOnTermination: Bool {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=unmountOnTermination,setter=setUnmountOnTermination:) BOOL unmountOnTermination;

- (BOOL)unmountOnTermination;
- (void)setUnmountOnTermination :(BOOL)newUnmountOnTermination;

Default Value

True

Remarks

This property specifies whether the CBFS Storage driver should automatically unmount the virtual drive (closing all handles and other resources associated with it) if the application terminates.

If this property is disabled, applications may need to call the ForceUnmount method after a crash (if there was a file-based vault open and mounted as a virtual drive when the crash occurred).

Note: This property cannot be disabled on non-Windows platforms.

UseAccessTime Property (CBVaultDrive Module)

This property specifies whether the module should keep track of last access times for vault items.

Syntax

public var useAccessTime: Bool {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=useAccessTime,setter=setUseAccessTime:) BOOL useAccessTime;

- (BOOL)useAccessTime;
- (void)setUseAccessTime :(BOOL)newUseAccessTime;

Default Value

False

Remarks

This property specifies whether the class should update the last access time for vault items (e.g., files, directories, symbolic links, and alternate streams) every time they are accessed.

Note: Keeping track of access times will slow down operations.

Note: This property cannot be changed when Active is , and it cannot be changed within events.

UseSystemCache Property (CBVaultDrive Module)

This property specifies whether the operating system's cache is used.

Syntax

public var useSystemCache: Bool {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=useSystemCache,setter=setUseSystemCache:) BOOL useSystemCache;

- (BOOL)useSystemCache;
- (void)setUseSystemCache :(BOOL)newUseSystemCache;

Default Value

True

Remarks

This property specifies whether the operating system's cache should be used. Use of the OS cache affects the speed of various vault operations; however, the exact effects depend on the type of operation as well as the data sizes involved.

For the CBVAULT class, disabling this property will cause a vault's storage file (specified by the VaultFile property) to be opened with FILE_FLAG_NO_BUFFERING (on Windows) or F_NOCACHE (on Linux/macOS). This also applies for the CBVaultDrive class on Linux and macOS.

For the CBVaultDrive class on Windows, a vault's storage file is always opened with FILE_FLAG_NO_BUFFERING regardless of how this property is set. Disabling this property prevents the system cache from being used to cache files on the virtual drive. This may be necessary in certain situations to prevent BSODs. Please refer to Microsoft's File Caching article for more information about the system file cache.

Note: This property cannot be changed when Active is , and it cannot be changed within events.

VaultEncryption Property (CBVaultDrive Module)

This property specifies the whole-vault encryption mode.

Syntax

public var vaultEncryption: Int32 {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=vaultEncryption,setter=setVaultEncryption:) int vaultEncryption;

- (int)vaultEncryption;
- (void)setVaultEncryption :(int)newVaultEncryption;

Default Value

0

Remarks

This property controls the whole-vault encryption mode used when creating new vaults and reflects the whole-vault encryption mode of the currently open vault. Valid values are as follows:

VAULT_EM_NONE0x0Do not use encryption.

VAULT_EM_DEFAULT0x1Use default encryption (VAULT_EM_XTS_AES256_PBKDF2_HMAC_SHA256).

VAULT_EM_XTS_AES256_PBKDF2_HMAC_SHA2560x2Use AES256 encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

VAULT_EM_CUSTOM256_PBKDF2_HMAC_SHA2560x3Use event-based custom 256-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 256-bit (32-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM512_PBKDF2_HMAC_SHA2560x4Use event-based custom 512-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 512-bit (64-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM1024_PBKDF2_HMAC_SHA2560x5Use event-based custom 1024-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 1024-bit (128-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM256_CUSTOM_KEY_DERIVE0x23Use event-based custom 256-bit encryption with custom key derivation.

A 256-bit (32-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM512_CUSTOM_KEY_DERIVE0x24Use event-based custom 512-bit encryption with custom key derivation.

A 512-bit (64-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM1024_CUSTOM_KEY_DERIVE0x25Use event-based custom 1024-bit encryption with custom key derivation.

A 1024-bit (128-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM256_DIRECT_KEY0x43Use event-based custom 256-bit encryption with no key derivation.

A 256-bit (32-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_CUSTOM512_DIRECT_KEY0x44Use event-based custom 512-bit encryption with no key derivation.

A 512-bit (64-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_CUSTOM1024_DIRECT_KEY0x45Use event-based custom 1024-bit encryption with no key derivation.

A 1024-bit (128-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_UNKNOWN0xFFUnidentified or unknown encryption.

Applications that use custom encryption must implement at least the DataEncrypt and DataDecrypt events. Certain custom encryption modes may require that the HashCalculate or KeyDerive event be implemented as well. Please refer to the Encryption topic for more information.

To create a new vault with whole-vault encryption enabled, the VaultPassword property must be set as well.

When an existing vault is opened, the class updates VaultEncryption automatically based on the detected whole-vault encryption mode. If the vault is encrypted, the class will attempt to access it using the password specified by VaultPassword. If VaultPassword is incorrect, the attempt will fail and the vault will not be opened.

The VaultEncryption and VaultPassword properties cannot be used to change an open vault's whole-vault encryption mode or password; use the UpdateVaultEncryption method.

Please refer to the Encryption topic for more information.

Note: This property cannot be changed when Active is , and it cannot be changed within events.

VaultFile Property (CBVaultDrive Module)

This property specifies the vault to create or open.

Syntax

public var vaultFile: String {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=vaultFile,setter=setVaultFile:) NSString* vaultFile;

- (NSString*)vaultFile;
- (void)setVaultFile :(NSString*)newVaultFile;

Default Value

""

Remarks

This property specifies the vault to create or open when the OpenVault method is called.

When the CallbackMode property is disabled (default), this property specifies the vault storage file to create or open. It must be set to a fully qualified file path formatted according to OS conventions.

When the CallbackMode property is enabled, this property is only used to populate the Vault parameter of the VaultOpen, VaultGetParentSize, and VaultDelete events; and can be set to any application-defined value. Please refer to the Callback Mode topic for more information.

Note: This property cannot be changed when Active is , and it cannot be changed within events.

VaultFreeSpace Property (CBVaultDrive Module)

This property reflects the actual amount of free space the vault has available.

Syntax

public var vaultFreeSpace: Int64 {
  get {...}
}

@property (nonatomic,readonly,assign,getter=vaultFreeSpace) long long vaultFreeSpace;

- (long long)vaultFreeSpace;

Default Value

0

Remarks

This property reflects the actual amount of free space, in bytes, that the vault currently has available. A vault's actual free space is based on its actual size, which is reflected by the VaultSize property.

Applications can also determine the maximum amount of free space the vault could possibly have by querying the PossibleFreeSpace property; please refer to its documentation, as well as the Vault Size topic, for more information.

This property is read-only.

VaultPassword Property (CBVaultDrive Module)

This property specifies the whole-vault encryption password.

Syntax

public var vaultPassword: String {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=vaultPassword,setter=setVaultPassword:) NSString* vaultPassword;

- (NSString*)vaultPassword;
- (void)setVaultPassword :(NSString*)newVaultPassword;

Default Value

""

Remarks

This property specifies the whole-vault encryption password to use when creating new vaults and opening existing vaults.

To create a new vault with whole-vault encryption enabled, the VaultEncryption property must be set as well.

When an existing vault is opened, the class updates VaultEncryption automatically based on the detected whole-vault encryption mode. If the vault is encrypted, the class will attempt to access it using the password specified by VaultPassword. If VaultPassword is incorrect, the attempt will fail and the vault will not be opened.

The VaultEncryption and VaultPassword properties cannot be used to change an open vault's whole-vault encryption mode or password; use the UpdateVaultEncryption method.

Please refer to the Encryption topic for more information.

Note: This property cannot be changed when Active is , and it cannot be changed within events.

VaultSize Property (CBVaultDrive Module)

This property specifies the actual size of the vault.

Syntax

public var vaultSize: Int64 {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=vaultSize,setter=setVaultSize:) long long vaultSize;

- (long long)vaultSize;
- (void)setVaultSize :(long long)newVaultSize;

Default Value

0

Remarks

This property specifies the actual size of the vault, in bytes.

Applications may use this property to explicitly resize a vault, keeping in mind the following:

  • A vault cannot shrink more than its available free space allows (i.e., not by more than VaultFreeSpace bytes).
  • A vault cannot shrink beyond VaultSizeMin bytes.
  • If VaultSizeMax is not 0 (unlimited), a vault cannot grow beyond VaultSizeMax bytes.
  • If a vault grows enough to reach or exceed its AutoCompactAt threshold, it will automatically shrink again when the next automatic compaction occurs.

Applications can determine the maximum size a vault could possibly be by querying the PossibleSize property. Please refer to the Vault Size topic for more information.

Note: This property can be changed only when Active is , and it cannot be changed within events.

VaultSizeMax Property (CBVaultDrive Module)

This property specifies the maximum size a vault can be.

Syntax

public var vaultSizeMax: Int64 {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=vaultSizeMax,setter=setVaultSizeMax:) long long vaultSizeMax;

- (long long)vaultSizeMax;
- (void)setVaultSizeMax :(long long)newVaultSizeMax;

Default Value

0

Remarks

This property specifies the maximum size, in bytes, that a vault can be. This property must be set to 0 (unlimited), or a number greater than or equal to 8 * PageSize or VaultSizeMin (whichever is greater).

The limit imposed by this property, if any, applies to both explicit growth of a vault via the VaultSize property, and implicit growth of a vault due to storage load. Please refer to the Vault Size topic for more information.

Note: This property cannot be changed within events.

VaultSizeMin Property (CBVaultDrive Module)

This property specifies the minimum size a vault can be.

Syntax

public var vaultSizeMin: Int64 {
  get {...}
  set {...}
}

@property (nonatomic,readwrite,assign,getter=vaultSizeMin,setter=setVaultSizeMin:) long long vaultSizeMin;

- (long long)vaultSizeMin;
- (void)setVaultSizeMin :(long long)newVaultSizeMin;

Default Value

0

Remarks

This property specifies the minimum size, in bytes, that a vault can be. This property's value must be less than or equal to VaultSizeMax, unless VaultSizeMax is set to 0 (unlimited).

The limit imposed by this property applies to both explicit shrinking of a vault via the VaultSize property or the CompactVault method, and implicit shrinking of a vault via automatic compaction. Please refer to the Vault Size topic for more information.

Note: This property cannot be changed within events.

VaultState Property (CBVaultDrive Module)

This property specifies information about the state of the vault.

Syntax

public var vaultState: Int32 {
  get {...}
}

@property (nonatomic,readonly,assign,getter=vaultState) int vaultState;

- (int)vaultState;

Default Value

0

Remarks

This property reflects the current state of the vault; its value consists of one or more of the following flags, ORed together:

VAULT_ST_FIXED_SIZE0x00000001The vault is a fixed size.

VAULT_ST_READ_ONLY0x00000002The vault was opened in read-only mode.

Please refer to the ReadOnly property for more information.

VAULT_ST_CORRUPTED0x00000004The vault is corrupted.

Applications can use the CheckAndRepair method to try to repair vault corruption. Please refer to the Vault Corruption topic for more information.

VAULT_ST_TRANSACTIONS_USED0x00000008The vault was opened in journaling mode.

Please refer to the UseJournaling property for more information.

VAULT_ST_ACCESS_TIME_USED0x00000010Last access times are being tracked.

Please refer to the UseAccessTime property for more information.

VAULT_ST_ENCRYPTED0x00000020The vault is encrypted with whole-vault encryption.

Please refer to the Encryption topic for more information.

VAULT_ST_VALID_PASSWORD_SET0x00000040The correct whole-vault encryption password has been provided.

Please refer to the Encryption topic for more information.

VAULT_ST_PHYSICAL_VOLUME0x00000080The vault is backed by a storage volume or partition formatted with the CBFS Storage filesystem.

This flag only applies when using the CBVaultDrive class.

VAULT_ST_PARTED0x00000100The vault's contents are split across multiple files on disk.

Please refer to the Multipart Vaults topic for more information.

This property is read-only.

AddDeniedProcess Method (CBVaultDrive Module)

Adds a rule that prevents a process from accessing the virtual drive.

Syntax

public func addDeniedProcess(processFileName: String, processId: Int32, childProcesses: Bool, desiredAccess: Int32) throws -> Void
- (void)addDeniedProcess:(NSString*)processFileName :(int)processId :(BOOL)childProcesses :(int)desiredAccess;

Remarks

When the ProcessRestrictionsEnabled property is enabled, this method can be used to add an access rule that denies the process specified by ProcessFileName or ProcessId the access right specified by DesiredAccess.

Processes that are already running can be specified by passing their process Id (PID) for the ProcessId parameter (in which case ProcessFileName should be empty). Processes that have not yet started can be specified by passing the full file name of the process's executable file for ProcessFileName (in which case ProcessId should be set to 0). If ProcessName is empty, and ProcessId is -1, the new rule will apply to all processes. When adding a PID-based rule, you need to be aware of the PID Reuse behavior of Windows.

ChildProcesses controls whether the rule also applies to children of the target process.

DesiredAccess specifies the access right to deny; valid values are:

STG_DACCESS_READ0x00000001Grant/deny read access.

STG_DACCESS_WRITE0x00000002Grant/deny write access.

STG_DACCESS_READWRITE0x00000003Grant/deny read and write access.

To remove the process access rule later, pass the same ProcessFileName and ProcessId values to the RemoveDeniedProcess method.

Note: This method can be called only when Active is , and it cannot be called within events.

The methods and properties related to process access lists are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of process access information occurs in a thread-safe manner.

AddGrantedProcess Method (CBVaultDrive Module)

Adds a rule that allows a process to access the virtual drive.

Syntax

public func addGrantedProcess(processFileName: String, processId: Int32, childProcesses: Bool, desiredAccess: Int32) throws -> Void
- (void)addGrantedProcess:(NSString*)processFileName :(int)processId :(BOOL)childProcesses :(int)desiredAccess;

Remarks

When the ProcessRestrictionsEnabled property is enabled, this method can be used to add an access rule that grants the process specified by ProcessFileName or ProcessId the access right specified by DesiredAccess.

Processes that are already running can be specified by passing their process Id (PID) for the ProcessId parameter (in which case ProcessFileName should be empty). Processes that have not yet started can be specified by passing the full file name of the process's executable file for ProcessFileName (in which case ProcessId should be set to 0). If ProcessName is empty, and ProcessId is -1, the new rule will apply to all processes. When adding a PID-based rule, you need to be aware of the PID Reuse behavior of Windows.

ChildProcesses controls whether the rule also applies to children of the target process.

DesiredAccess specifies the access right to grant; valid values are:

STG_DACCESS_READ0x00000001Grant/deny read access.

STG_DACCESS_WRITE0x00000002Grant/deny write access.

STG_DACCESS_READWRITE0x00000003Grant/deny read and write access.

To remove the process access rule later, pass the same ProcessFileName and ProcessId values to the RemoveGrantedProcess method.

Note: This method can be called only when Active is , and it cannot be called within events.

The methods and properties related to process access lists are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of process access information occurs in a thread-safe manner.

AddMountingPoint Method (CBVaultDrive Module)

Adds a mounting point for the virtual drive.

Syntax

public func addMountingPoint(mountingPoint: String, flags: Int32, authenticationId: Int64) throws -> Void
- (void)addMountingPoint:(NSString*)mountingPoint :(int)flags :(long long)authenticationId;

Remarks

This method adds a new mounting point for the virtual drive (which must have already been created using OpenVault). Virtual drives may have as many mounting points as desired.

MountingPoint should be set to the name/path of the mounting point. The format of this value varies based what type of mounting point the application wishes to create; please refer to the Mounting Points topic for more information.

The Flags parameter is used to specify properties for the mounting point, and should be set by OR'ing together zero or more of the following flags:

Windows:

STGMP_SIMPLE0x00010000Create a simple mounting point.

Simple mounting points may be local or global; and when local, can be made visible in either the current user session or another one.

This flag cannot be combined with STGMP_MOUNT_MANAGER or STGMP_NETWORK, and is implied if neither of those flags are present.

STGMP_MOUNT_MANAGER0x00020000Create a mounting point that appears to the system as a physical device.

When the StorageType property is set to STGT_DISK_PNP, mounting points created using the system mount manager appear as physical devices in the Disk Management snap-in of the Microsoft Management Console (mmc.exe).

This flag is a necessary prerequisite for creating a folder mounting point, which makes a drive accessible via an otherwise empty directory on another NTFS volume.

This flag cannot be combined with STGMP_SIMPLE, STGMP_NETWORK, or STGMP_LOCAL.

Only one mounting point of this type can be added to a virtual drive.

STGMP_NETWORK0x00040000Create a network mounting point.

Network mounting points can be further configured using the various STGMP_NETWORK_* flags described below. Applications that plan to make use of network mounting points must be sure to install the Helper DLL before doing so, otherwise Windows File Explorer will not correctly recognize the "network" drive.

This flag cannot be combined with STGMP_SIMPLE or STGMP_MOUNT_MANAGER.

STGMP_LOCAL0x10000000Specifies that a local mounting point should be created.

This flag specifies that a local mounting point should be created rather than a global one. When this flag is set, applications must also pass an appropriate value for the AddMountingPoint method's AuthenticationId parameter.

Passing 0 for AuthenticationId will make the mounting point visible in the current user session. To make the mounting point visible in a different user session instead, pass the target session's Authentication ID.

This flag is valid when combined with STGMP_SIMPLE or STGMP_NETWORK; it cannot be combined with STGMP_MOUNT_MANAGER. Please note that a mounting point can be made available to other computers as a network share, and network shares are always globally visible on the local machine, even if this flag is set.

STGMP_NETWORK_ALLOW_MAP_AS_DRIVE0x00000001Indicates that users may assign a drive letter to the share (e.g., using the 'Map network drive...' context menu item in Windows File Explorer).

STGMP_NETWORK_HIDDEN_SHARE0x00000002Indicates that the share should be skipped during enumeration.

Such shares are only accessible when their name is already known to the accessor.

STGMP_NETWORK_READ_ACCESS0x00000004Makes a read-only share available for the mounting point.

When this flag is specified, the <Server Name> part of the MountingPoint parameter value must be empty. Please refer to the Mounting Points topic for more information. This flag makes the class use the Windows API's NetShareAdd function. As per MSDN, "Only members of the Administrators, System Operators, or Power Users local group can add file shares with a call to the NetShareAdd function."

STGMP_NETWORK_WRITE_ACCESS0x00000008Makes a read/write share available for the mounting point.

When this flag is specified, the <Server Name> part of the MountingPoint parameter value must be empty. Please refer to the Mounting Points topic for more information. This flag makes the class use the Windows API's NetShareAdd function. As per MSDN, "Only members of the Administrators, System Operators, or Power Users local group can add file shares with a call to the NetShareAdd function."

STGMP_NETWORK_CLAIM_SERVER_NAME0x00000010Specifies that the server name is unique.

When this flag is specified, the driver handles IOCTL_REDIR_QUERY_PATH[_EX] requests by instructing the OS to direct all requests going to the <Server Name> part of the MountingPoint parameter's value to the driver instead.

This flag should be used when the <Server Name> is unique within the local system (e.g., when the application's name is used). Using this flag allows the system to avoid delays caused by certain network requests made by various processes.

This flag is also required for "net view" command to be able to show the share in the list.
STGMP_DRIVE_LETTER_NOTIFY_ASYNC0x20000000Causes the method to return immediately without waiting for mounting notifications to be sent to the system.

STGMP_AUTOCREATE_DRIVE_LETTER0x40000000Tells the class that it should assign the drive letter automatically.

When this flag is specified, the class will automatically assign a drive letter from the list of available letters. The assigned letter is added to the end of the list of mounting points, and can be retrieved from there.

Do not include a drive letter in the MountingPoint parameter's value when specifying this flag.

If no flags are specified, the STGMP_SIMPLE flag is assumed.

Linux and macOS:

STGMP_LOCAL_FUSE0x10000000Creates a mounting point, accessible only for current user.

If this flag is not passed, the "-oallow_other" option of FUSE is used.

STGMP_SYMLINK_DEBUG0x40000000Prints debug messages to stderr

The messages generated by the class are printed.

STGMP_SYMLINK_SYSTEM_DEBUG0x20000000Prints debug messages generated by the FUSE library to stderr

STGMP_NETWORK_MACOS0x00040000Create a network mounting point (macOS only).

If this flag is not passed, the "-olocal" option of macFUSE is used.

For more information about the "-olocal" option of macFUSE, please refer to the macFUSE FAQ.

Windows:

If the STGMP_LOCAL flag is set, the AuthenticationId parameter should be set to the Authentication ID of the user session the mounting point should visible in; or to 0 to make the mounting point visible in the current user session. If the aforementioned flag is not set and AuthenticationId is 0, the mounting point will be global (i.e., visible in all user sessions). When AuthenticationId is set to a non-zero value, STGMP_LOCAL is implied. Please refer to the Mounting Points topic for more information.

Linux, macOS: The AuthenticationId parameter is ignored.

Note: This method cannot be called within events.

The methods and properties related to mounting points are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of mounting points occurs in a thread-safe manner.

Virtual Drives and Mounting Points

When applications call the OpenVault (CBVaultDrive) or CreateVault method, the specified vault is opened and used to create and mount a virtual drive. This virtual drive is created without a drive letter.

To add a drive letter for the virtual drive, applications have to call the AddMountingPoint method. Once a drive letter is assigned, the virtual drive will be visible to the system and other applications, allowing them to start accessing its files and directories.

CacheFilePassword Method (CBVaultDrive Module)

This method caches an encryption password to use the next time a file or alternate stream is accessed or removes the cached password.

Syntax

public func cacheFilePassword(fileName: String, password: String, ttlInCache: Int32, removeFromCache: Bool) throws -> Void
- (void)cacheFilePassword:(NSString*)fileName :(NSString*)password :(int)TTLInCache :(BOOL)removeFromCache;

Remarks

This method temporarily caches an encryption password so that it can be used the next time the file or alternate stream specified by FileName is accessed.

The value passed for FileName must be a vault-local absolute path.

The Password parameter specifies the password to cache. It must match the one last used to encrypt the specified file or the alternate stream; otherwise, this method .

The specified password is automatically removed from the cache as soon as one of the following things occur:

  • The password is used to access the file or alternate stream and the value of the TTLInCache parameter is 0.
  • The password for the file or alternate stream is changed.
  • The vault is closed.
  • The timeout expires.

To remove the previously cached password from the cache, set the RemoveFromCache parameter to . When it is set so, the value of the Password parameter is ignored.

The TTLInCache parameter specifies time to seconds that the class keeps the password in the internal cache to reduce the number of requests for a password. The value of 0 tells the class to discard the password after the first use.

As an alternative to using this method, applications can provide a default file encryption password using the DefaultFileAccessPassword property or provide such passwords dynamically using the FilePasswordNeeded event.

Note: This method can be called only when Active is .

CheckAndRepair Method (CBVaultDrive Module)

This method checks a vault's consistency and repairs it as necessary.

Syntax

public func checkAndRepair(flags: Int32) throws -> Void
- (void)checkAndRepair:(int)flags;

Remarks

This method checks the consistency of a vault and attempts to repair it as necessary.

Applications should call this method if a vault has become corrupted (i.e., if the IsCorrupted property is , or if a vault operation fails with a "Vault Corrupted" error). Be sure to make a vault backup before calling this method, because its repair efforts may cause data loss in cases of severe corruption. Please refer to the Vault Corruption topic for more information.

The Flags parameter is used to specify additional options, and it should be set by ORing together zero or more of the following flags:

VAULT_CR_CHECK_ONLY0x00000001Check only, do not attempt any repairs.

VAULT_CR_CHECK_ALL_PAGES0x00000002Check all vault pages, including empty ones.

When this flag is not present, only the vault pages that are marked as occupied are checked.

Note: This method cannot be called when Active is , and it cannot be called within events.

CheckFilePassword Method (CBVaultDrive Module)

This method verifies whether a particular file password is correct.

Syntax

public func checkFilePassword(fileName: String, password: String) throws -> Bool
- (BOOL)checkFilePassword:(NSString*)fileName :(NSString*)password;

Remarks

This method verifies whether the specified Password matches the one used to encrypt the file or alternate stream specified by FileName. If the password is correct, this method returns ; otherwise, it returns .

The value passed for FileName must be a vault-local absolute path.

Please refer to the Encryption topic for more information.

Note: This method can be called only when Active is .

CheckVaultPassword Method (CBVaultDrive Module)

This method verifies whether a particular vault password is correct.

Syntax

public func checkVaultPassword(password: String) throws -> Bool
- (BOOL)checkVaultPassword:(NSString*)password;

Remarks

This method verifies whether the specified Password matches the one used to encrypt the vault. If the password is correct, this method returns ; otherwise, it returns .

Please refer to the Encryption topic for more information.

Note: This method can be called only when Active is .

CloseOpenedFilesSnapshot Method (CBVaultDrive Module)

Closes the previously-created opened files snapshot.

Syntax

public func closeOpenedFilesSnapshot() throws -> Void
- (void)closeOpenedFilesSnapshot;

Remarks

This method closes the opened files snapshot previously created by CreateOpenedFilesSnapshot, releasing the memory associated with it. Please refer to that method's documentation for more information.

Note: This method cannot be called within events.

The methods and properties related to open files snapshots are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that creation, use, and cleanup of open files snapshots occurs in a thread-safe manner.

CloseVault Method (CBVaultDrive Module)

Closes the vault.

Syntax

public func closeVault(force: Bool) throws -> Void
- (void)closeVault:(BOOL)force;

Remarks

This method closes the currently-open vault.

For CBVaultDrive, the Force parameter specifies whether to forcefully close any file or directory handles open currently. If Force is , this method will fail if any handles are currently open.

Note: This method can be called only when Active is .

CompactVault Method (CBVaultDrive Module)

This method compacts the vault.

Syntax

public func compactVault() throws -> Bool
- (BOOL)compactVault;

Remarks

This method triggers vault compaction, which is a process that shrinks a vault's overall size by truncating its free space. If the compacting operation completes successfully, this method returns ; otherwise, it returns .

Compaction involves physically moving a vault's occupied pages to the beginning of the vault, and then truncating the unoccupied pages from the end of the vault. The runtime of a compacting operation depends on a number of factors, and it is possible for it to be interrupted by other vault operations.

Compaction occurs automatically when the vault's free space percentage exceeds the threshold specified by the AutoCompactAt property. Applications can also use the AutoCompactDelay configuration setting to add a delay to the automatic compaction trigger.

Note: A vault opened in ReadOnly mode cannot be compacted, either automatically or explicitly.

Note: This method can be called only when Active is , and it cannot be called within events.

Config Method (CBVaultDrive Module)

This method sets or retrieves a configuration setting.

Syntax

public func config(configurationString: String) throws -> String
- (NSString*)config:(NSString*)configurationString;

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

ConvertToDrivePath Method (CBVaultDrive Module)

Converts a vault-local vault item path to a virtual drive file path (Windows only).

Syntax

public func convertToDrivePath(vaultFilePath: String) throws -> String
- (NSString*)convertToDrivePath:(NSString*)vaultFilePath;

Remarks

This method returns a virtual drive file path that corresponds to the vault item (file, directory, or symbolic link) specified by VaultFilePath.

The value passed for VaultFilePath must be a vault-local absolute path.

The value returned by this method is a fully-qualified file path formatted according to OS conventions, suitable for passing to system file APIs and/or external applications.

Note: This method can be called only when Active is .

ConvertToVaultPath Method (CBVaultDrive Module)

Converts a virtual drive file path to a vault-local vault item path (Windows only).

Syntax

public func convertToVaultPath(virtualFilePath: String) throws -> String
- (NSString*)convertToVaultPath:(NSString*)virtualFilePath;

Remarks

This method returns the vault-local absolute path of the vault item (file, directory, or symbolic link) that corresponds to the virtual drive file path specified by VirtualFilePath.

The value passed for VirtualFilePath must be a fully-qualified file path formatted according to OS conventions.

The value returned by this method can be used to access the corresponding vault item using the class APIs.

Note: This method can be called only when Active is .

CreateDirectory Method (CBVaultDrive Module)

This method creates a new directory in the vault.

Syntax

public func createDirectory(directory: String, createParents: Bool) throws -> Void
- (void)createDirectory:(NSString*)directory :(BOOL)createParents;

Remarks

This method creates a new directory in the vault at the path specified by Directory.

The value passed for Directory must be a vault-local absolute path.

The CreateParents parameter specifies whether nonexistent parent directories in the specified path should be created as well. If this parameter is , and one or more parent directories are missing, this method .

Note: This method can be called only when Active is , and it cannot be called within events.

CreateLink Method (CBVaultDrive Module)

This method creates a symbolic link to another file in the vault.

Syntax

Remarks

This method creates a new symbolic link named LinkName that points to the file specified by DestinationName.

The value passed for LinkName must be a vault-local absolute path. The value passed for DestinationName must also be a vault-local path, but it may be absolute or relative to LinkName.

Note: This method can be called only when Active is , and it cannot be called within events.

CreateOpenedFilesSnapshot Method (CBVaultDrive Module)

Creates a snapshot of information about files that are currently open.

Syntax

public func createOpenedFilesSnapshot() throws -> Void
- (void)createOpenedFilesSnapshot;

Remarks

This method creates a snapshot of information about all files and directories in the virtual filesystem that are currently open. This information is then used to populate the OpenFile* properties.

Note that there will always be at least one item in the OpenFile* properties since the virtual volume itself is always inherently open.

When the application is finished working with the opened files snapshot, it must close it by calling the CloseOpenedFilesSnapshot method in order to release the associated memory. If this method is called again before an existing snapshot is closed, the class will attempt to close it before creating a new one.

Note: This method can be called only when Active is , and it cannot be called within events.

The methods and properties related to open files snapshots are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that creation, use, and cleanup of open files snapshots occurs in a thread-safe manner.

DeleteFile Method (CBVaultDrive Module)

This method deletes a vault item.

Syntax

public func deleteFile(fileName: String) throws -> Void
- (void)deleteFile:(NSString*)fileName;

Remarks

This method deletes the vault item (file, directory, symbolic link, or alternate stream) specified by FileName from the vault.

The value passed for FileName must be a vault-local absolute path.

Please note the following:

  • When a file is deleted, any alternate streams it contains are deleted as well.
  • Directories must be empty to be deleted; otherwise, this method . Use the IsDirectoryEmpty method to check whether a directory is empty.
  • Deleting a symbolic link only deletes the link itself, not the file it points to.

Note: This method can be called only when Active is , and it cannot be called within events.

DeleteFileTag Method (CBVaultDrive Module)

This method deletes a file tag.

Syntax

public func deleteFileTag(fileName: String, tagId: Int32, tagName: String) throws -> Void
- (void)deleteFileTag:(NSString*)fileName :(int)tagId :(NSString*)tagName;

Remarks

This method deletes the file tag identified by TagId or TagName from the file, directory, or alternate stream specified by FileName.

The value passed for FileName must be a vault-local absolute path.

To delete a raw file tag, pass its Id for TagId and pass an empty string for TagName. To delete a typed file tag, pass its name for TagName and pass 0 for TagId. If values are provided for both TagId and TagName, this method .

Please refer to the File Tags topic for more information.

Note: This method can be called only when Active is , and it cannot be called within events.

EjectVolume Method (CBVaultDrive Module)

Ejects a removable storage volume formatted with the CBFS Storage filesystem (Windows only).

Syntax

public func ejectVolume(force: Bool) throws -> Void
- (void)ejectVolume:(BOOL)force;

Remarks

If the currently-open vault resides on a removable storage volume formatted with the CBFS Storage filesystem (i.e., if the vault was opened using the OpenVolume method), this method can be used to eject it. If this method is successful, the vault is closed, and the volume is made available for removal (similar to how the "Eject" functionality provided by Windows File Explorer works).

The Force parameter specifies whether the removable storage volume should be forcefully ejected. If Force is , this method will fail if the vault is currently in use by the system or other applications.

Note: This method can be called only when Active is , and it cannot be called within events.

FileExists Method (CBVaultDrive Module)

This method checks whether a vault item exists.

Syntax

public func fileExists(fileName: String) throws -> Bool
- (BOOL)fileExists:(NSString*)fileName;

Remarks

This method checks whether a vault item (file, directory, symbolic link, or alternate stream) with the specified FileName exists in the vault. If the specified vault item exists, this method returns ; otherwise, it returns .

The value passed for FileName must be a vault-local absolute path.

Note: This method can be called only when Active is .

FileMatchesMask Method (CBVaultDrive Module)

This method checks whether a particular file or directory name matches the specified mask.

Syntax

public func fileMatchesMask(mask: String, fileName: String, caseSensitive: Bool) throws -> Bool
- (BOOL)fileMatchesMask:(NSString*)mask :(NSString*)fileName :(BOOL)caseSensitive;

Remarks

This method checks whether the file or directory name specified by FileName matches Mask; if it does, this method returns . The CaseSensitive parameter controls whether a case-sensitive match should be performed.

Note: This method does not handle so-called DOS_* wildcards (DOS_STAR, DOS_QM, DOS_DOT). The explanation about the characters can be found in the MSDN article. If you have a mask that includes one of those characters on Windows, you can use the RtlIsNameInExpression function of Windows API.

Note: As the explanation states, "When you do a case-insensitive search and do not provide a translation table, the name is converted to uppercase."

FileTagExists Method (CBVaultDrive Module)

This method checks whether a file tag exists.

Syntax

public func fileTagExists(fileName: String, tagId: Int32, tagName: String) throws -> Bool
- (BOOL)fileTagExists:(NSString*)fileName :(int)tagId :(NSString*)tagName;

Remarks

This method checks whether a file tag with the specified TagId or TagName is attached to the file, directory, or alternate stream specified by FileName. If the specified file tag exists, this method returns ; otherwise, it returns .

The value passed for FileName must be a vault-local absolute path.

To check for a raw file tag, pass its Id for TagId and pass an empty string for TagName. To check for a typed file tag, pass its name for TagName and pass 0 for TagId. If values are provided for both TagId and TagName, this method .

Please refer to the File Tags topic for more information.

Note: This method can be called only when Active is .

FileTimeToNanoseconds Method (CBVaultDrive Module)

This method returns the subsecond part of the time expressed in nanoseconds.

Syntax

public func fileTimeToNanoseconds(fileTime: Date) throws -> Int32
- (int)fileTimeToNanoseconds:(NSDate*)fileTime;

Remarks

Use this method to obtain the subsecond part of the FileTime value, expressed in nanoseconds.

FileTimeToUnixTime Method (CBVaultDrive Module)

This method converts FileTime to Unix time format.

Syntax

public func fileTimeToUnixTime(fileTime: Date) throws -> Int64
- (long long)fileTimeToUnixTime:(NSDate*)fileTime;

Remarks

Use this method to convert the FileTime value to Unix time format. The subsecond part of the value is not preserved; to obtain it, use the FileTimeToNanoseconds method.

FindClose Method (CBVaultDrive Module)

This method closes a search operation and releases any associated resources.

Syntax

public func findClose(searchId: Int64) throws -> Void
- (void)findClose:(long long)searchId;

Remarks

This method closes the search operation identified by SearchId, releasing any previously allocated resources associated with it.

The value passed for SearchId must be a search operation Id returned by FindFirst or FindFirstByQuery.

Note: This method can be called only when Active is .

FindFirst Method (CBVaultDrive Module)

This method searches for the first vault item that matches the specified name and attributes.

Syntax

public func findFirst(fileMask: String, attributes: Int32, flags: Int32) throws -> Int64
- (long long)findFirst:(NSString*)fileMask :(int)attributes :(int)flags;

Remarks

This method initiates a search operation based on the specified FileMask, Attributes, and Flags. If there are any matching vault items (files, directories, symbolic links, or alternate streams), then a search operation Id is returned. If there are no matching vault items, then -1 is returned.

To obtain information about a search result, pass the returned search handle to the following methods:

To retrieve the next search result, pass the returned search handle to the FindNext method. When an application is finished with (or wants to abandon) a search operation, it must pass the associated search handle to the FindClose method to release the resources associated with it.

Because each search operation is identified by the search handle associated with it, applications may initiate additional search operations at any time and may process each operation's search results in any manner it desires (e.g., sequentially, round robin).

The FileMask parameter specifies both the directory path to search within and the file name mask to match against (e.g., \directory\to\search\*.txt). Or, when searching a file's alternate streams, it specifies the file path and stream name mask (e.g., \path\to\file:*). Only the mask may contain wildcards. The path must be specified in vault-local absolute format. Also note that files without an extension will match *, but not *.*.

The Attributes parameter specifies the attributes to match against; items will match only if they have one or more of the specified attributes. The value passed for this parameter should be constructed by ORing together zero or more of the following values. Passing 0 will allow any file in a directory (or, any alternate stream in a file) to match; it is equivalent to VAULT_FATTR_FILE | VAULT_FATTR_DATA_STREAM.

VAULT_FATTR_FILE0x00000001The entry is a file.

VAULT_FATTR_DIRECTORY0x00000002The entry is a directory.

VAULT_FATTR_DATA_STREAM0x00000004The entry is an alternate data stream.

VAULT_FATTR_COMPRESSED0x00000008The file or stream is compressed.

VAULT_FATTR_ENCRYPTED0x00000010The file or stream is encrypted.

VAULT_FATTR_SYMLINK0x00000020The entry is a symbolic link.

VAULT_FATTR_READONLY0x00000040The file is read-only.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_ARCHIVE0x00000080The file requires archiving.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_HIDDEN0x00000100The file is hidden.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_SYSTEM0x00000200The file is a system file.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_TEMPORARY0x00000400The file is temporary.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_DELETE_ON_CLOSE0x00000800The file should be deleted when the last handle to the file is closed.

This attribute is currently not supported by CBFS Storage.

VAULT_FATTR_RESERVED_00x00001000Reserved.

VAULT_FATTR_RESERVED_10x00002000Reserved.

VAULT_FATTR_RESERVED_20x00004000Reserved.

VAULT_FATTR_RESERVED_30x00008000Reserved.

VAULT_FATTR_NO_USER_CHANGE0x0000F03FA mask that includes all attributes that cannot be changed.

Applications cannot use the SetFileAttributes method to directly change any of the following attributes: FILE, DIRECTORY, DATA_STREAM, COMPRESSED, ENCRYPTED, SYMLINK, RESERVED_0, RESERVED_1, RESERVED_2, or RESERVED_3.

VAULT_FATTR_USER_DEFINED0x7FF00000A mask for application-defined attributes.

Applications can use the SetFileAttributes method to set custom attributes, as long as their values are covered by this mask.

VAULT_FATTR_ANY_FILE0x7FFFFFFFA mask that includes any and all attributes.

The Flags parameter controls search behavior. Among other things, it can be used to request that only specific pieces of information be returned, which can greatly improve performance. The value passed for this parameter should be constructed by ORing together zero or more of the following values:

VAULT_FF_NEED_NAME0x00000001Include entry names (without paths) when returning search results.

VAULT_FF_NEED_FULL_NAME0x00000002Include fully qualified entry names when returning search results.

VAULT_FF_NEED_ATTRIBUTES0x00000004Include entry attributes when returning search results.

VAULT_FF_NEED_SIZE0x00000008Include entry sizes when returning search results.

VAULT_FF_NEED_METADATA_SIZE0x00000010Include entry metadata sizes when returning search results.

VAULT_FF_NEED_TIMES0x00000020Include entry times when returning search results.

VAULT_FF_NEED_LINK_DEST0x00000040Include symbolic link destinations when returning search results.

VAULT_FF_EMULATE_FAT0x00001000Inserts . and .. pseudo-entries into search results for all directories except the root one.

VAULT_FF_RECURSIVE0x00002000Search recursively in all subdirectories.

VAULT_FF_CASE_INSENSITIVE0x00004000Forces case-insensitive search, even if the vault is case-sensitive.

If Flags is 0, the class uses 0x0000006F (i.e., all VAULT_FF_NEED_* flags except VAULT_FF_NEED_METADATA).

Note: This method can be called only when Active is , and it cannot be called within events.

FindFirstByQuery Method (CBVaultDrive Module)

This method searches for the first file or directory whose file tags match the specified query.

Syntax

public func findFirstByQuery(directory: String, query: String, flags: Int32) throws -> Int64
- (long long)findFirstByQuery:(NSString*)directory :(NSString*)query :(int)flags;

Remarks

This method initiates a search operation within the specified Directory for files and subdirectories whose typed file tags match the specified Query. If there are any matching files or directories, then a search operation Id is returned. If there are no matching files or directories, then -1 is returned.

To obtain information about a search result, pass the returned search handle to the following methods:

To retrieve the next search result, pass the returned search handle to the FindNext method. When an application is finished with (or wants to abandon) a search operation, it must pass the associated search handle to the FindClose method to release the resources associated with it.

Because each search operation is identified by the search handle associated with it, applications may initiate additional search operations at any time and may process each operation's search results in any manner it desires (e.g., sequentially, round robin).

The value passed for Directory must be a vault-local absolute path.

The value passed for Query must be a search query constructed using the CBFS Storage Query Language; please refer to that topic for more information.

The Flags parameter controls search behavior. Among other things, it can be used to request that only specific pieces of information be returned, which can greatly improve performance. The value passed for this parameter should be constructed by ORing together zero or more of the following values:

VAULT_FF_NEED_NAME0x00000001Include entry names (without paths) when returning search results.

VAULT_FF_NEED_FULL_NAME0x00000002Include fully qualified entry names when returning search results.

VAULT_FF_NEED_ATTRIBUTES0x00000004Include entry attributes when returning search results.

VAULT_FF_NEED_SIZE0x00000008Include entry sizes when returning search results.

VAULT_FF_NEED_METADATA_SIZE0x00000010Include entry metadata sizes when returning search results.

VAULT_FF_NEED_TIMES0x00000020Include entry times when returning search results.

VAULT_FF_NEED_LINK_DEST0x00000040Include symbolic link destinations when returning search results.

VAULT_FF_EMULATE_FAT0x00001000Inserts . and .. pseudo-entries into search results for all directories except the root one.

VAULT_FF_RECURSIVE0x00002000Search recursively in all subdirectories.

VAULT_FF_CASE_INSENSITIVE0x00004000Forces case-insensitive search, even if the vault is case-sensitive.

If Flags is 0, the class uses 0x0000006F (i.e., all VAULT_FF_NEED_* flags except VAULT_FF_NEED_METADATA).

Note: This method can be called only when Active is , and it cannot be called within events.

FindNext Method (CBVaultDrive Module)

This method searches for the next vault item that matches an ongoing search operation.

Syntax

public func findNext(searchId: Int64) throws -> Bool
- (BOOL)findNext:(long long)searchId;

Remarks

This method searches for the next vault item (file, directory, symbolic link, or alternate stream) that matches the ongoing search operation identified by SearchId. If a matching vault item is found, this method returns ; otherwise, it returns .

The value passed for SearchId must be a search operation Id returned by FindFirst or FindFirstByQuery. Please refer to the methods' documentation for more information about search operations.

Note: This method can be called only when Active is , and it cannot be called within events.

ForceUnmount Method (CBVaultDrive Module)

Forcefully unmounts the virtual drive associated with the specified vault (Windows only).

Syntax

public func forceUnmount(vaultFile: String) throws -> Void
- (void)forceUnmount:(NSString*)vaultFile;

Remarks

This method instructs the CBFS Storage driver to forcefully unmount the virtual drive associated with the vault storage file specified by VaultFile. Typically, this is only necessary if an application crashes without first unmounting the virtual drive(s) that it created.

Please note that only the processes which have access to a vault storage file may forcefully unmount a virtual drive associated with it.

The value passed for VaultFile must be a fully-qualified file path formatted according to OS conventions.

Note: This method cannot be called within events.

FormatVolume Method (CBVaultDrive Module)

Formats a storage volume or partition with the CBFS Storage filesystem (Windows only).

Syntax

public func formatVolume(volumeName: String, flags: Int32) throws -> Void
- (void)formatVolume:(NSString*)volumeName :(int)flags;

Remarks

This method formats the storage volume or partition specified by VolumeName with the CBFS Storage filesystem, allowing it to be opened as a vault using the OpenVolume method.

The VolumeName parameter specifies the fully-qualified name of a storage volume or partition. DOS names, such as X:, are also valid.

The Flags parameter is used to control formatting options, and should be set by OR'ing together zero or more of the following flags:

VAULT_FMF_FAST_FORMAT0x00000001Perform a fast format; only initialize the pages necessary for storing the filesystem structure.

When this flag is not set, all pages of the new vault are initialized.

Note that formatting a large storage partition or volume can take a significant amount of time, and this method will block until the formatting process is complete.

Note: This method cannot be called when Active is , and it cannot be called within events.

GetDriverStatus Method (CBVaultDrive Module)

Retrieves the status of the system driver.

Syntax

public func getDriverStatus(productGUID: String, module: Int32) throws -> Int32
- (int)getDriverStatus:(NSString*)productGUID :(int)module;

Remarks

This method retrieves the status of the system driver module specified by Module. This status can then be used to verify whether it has been properly installed and is ready for use.

The value returned by the method corresponds to the dwCurrentState field of the SERVICE_STATUS structure from the Windows API. It will be one of the following:

MODULE_STATUS_NOT_PRESENT0x00000000The specified module is not present on the system.

This flag is not used on non-Windows systems.

MODULE_STATUS_STOPPED0x00000001The specified module is in the Stopped state.

This flag is not used on non-Windows systems.

MODULE_STATUS_RUNNING0x00000004The specified module is loaded and running.

This flag is not used on non-Windows systems.

ProductGUID is used to distinguish between driver installations performed by different applications. Such information is necessary to guard against unexpected situations such as, e.g., the driver being uninstalled by one application despite other applications still needing it.

The GUID must be specified in so-called "Registry Format" (e.g., "{1FAD0EF2-9A03-4B87-B4BC-645B7035ED90}") with curly braces included.

To ensure proper operation, it is critical that each individual application have its own unique ProductGUID value, and that applications (and their installation scripts) use that value when calling any of the following methods:

The Module parameter specifies which driver module to query the status of. Possible values are:

MODULE_DRIVER_PNP_BUS0x00000001PnP Bus Driver (.sys file).

This module must be installed if the application wishes to make use of Plug-and-Play (PnP) storage features class in Windows. PnP storage devices are those visible as disks in the Device Manager, and the system treats such storage devices differently from other purely virtual devices.

The virtual disk driver must be re-installed anytime this module is added or removed.

MODULE_DRIVER_BLOCK0x00000002Virtual disk driver (.sys file).

The product's virtual disk driver module, which provides core functionality; it must be installed for the class to function correctly.

MODULE_DRIVER_FS0x00000004Filesystem driver (.sys file).

The product's filesystem driver module, which provides core functionality; it must be installed for the class to function correctly.

MODULE_HELPER_DLL0x00010000Shell Helper DLL (CBVaultDriveShellHelper2024.dll)

This module provides supplementary functionality for the class; please refer to the Helper DLL topic for more information.

Note: Not applicable when calling the GetDriverStatus method.

This method is available in both the class API and the Installer DLL included with the product; please refer to the Driver Installation in Windows topic for more information about the latter.

Note: This method cannot be called within events.

GetFileAttributes Method (CBVaultDrive Module)

This method retrieves the attributes of a vault item.

Syntax

public func getFileAttributes(fileName: String) throws -> Int32
- (int)getFileAttributes:(NSString*)fileName;

Remarks

This method retrieves the attributes of the vault item (e.g., file, directory, symbolic link, or alternate stream) specified by FileName.

The value passed for FileName must be a vault-local absolute path.

The specified vault item's attributes are returned as a 32-bit integer composed of one or more of the following values:

VAULT_FATTR_FILE0x00000001The entry is a file.

VAULT_FATTR_DIRECTORY0x00000002The entry is a directory.

VAULT_FATTR_DATA_STREAM0x00000004The entry is an alternate data stream.

VAULT_FATTR_COMPRESSED0x00000008The file or stream is compressed.

VAULT_FATTR_ENCRYPTED0x00000010The file or stream is encrypted.

VAULT_FATTR_SYMLINK0x00000020The entry is a symbolic link.

VAULT_FATTR_READONLY0x00000040The file is read-only.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_ARCHIVE0x00000080The file requires archiving.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_HIDDEN0x00000100The file is hidden.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_SYSTEM0x00000200The file is a system file.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_TEMPORARY0x00000400The file is temporary.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_DELETE_ON_CLOSE0x00000800The file should be deleted when the last handle to the file is closed.

This attribute is currently not supported by CBFS Storage.

VAULT_FATTR_RESERVED_00x00001000Reserved.

VAULT_FATTR_RESERVED_10x00002000Reserved.

VAULT_FATTR_RESERVED_20x00004000Reserved.

VAULT_FATTR_RESERVED_30x00008000Reserved.

VAULT_FATTR_NO_USER_CHANGE0x0000F03FA mask that includes all attributes that cannot be changed.

Applications cannot use the SetFileAttributes method to directly change any of the following attributes: FILE, DIRECTORY, DATA_STREAM, COMPRESSED, ENCRYPTED, SYMLINK, RESERVED_0, RESERVED_1, RESERVED_2, or RESERVED_3.

VAULT_FATTR_USER_DEFINED0x7FF00000A mask for application-defined attributes.

Applications can use the SetFileAttributes method to set custom attributes, as long as their values are covered by this mask.

VAULT_FATTR_ANY_FILE0x7FFFFFFFA mask that includes any and all attributes.

Note: This method can be called only when Active is .

GetFileCompression Method (CBVaultDrive Module)

This method retrieves the compression mode of a file or alternate stream.

Syntax

public func getFileCompression(fileName: String) throws -> Int32
- (int)getFileCompression:(NSString*)fileName;

Remarks

This method retrieves the compression mode of the file or alternate stream specified by FileName.

The value passed for FileName must be a vault-local absolute path.

The returned compression mode will be one of the following values:

VAULT_CM_NONE0Do not use compression.

VAULT_CM_DEFAULT1Use default compression (zlib).

VAULT_CM_CUSTOM2Use event-based custom compression.

This compression level is not used.

VAULT_CM_ZLIB3Use zlib compression.

Valid compression levels are 1-9.

VAULT_CM_RLE4Use RLE compression.

This compression level is not used.

Applications that use custom compression must implement the DataCompress and DataDecompress events. Please refer to the Compression topic for more information.

Note: This method can be called only when Active is .

GetFileCreationTime Method (CBVaultDrive Module)

This method retrieves the creation time of a vault item.

Syntax

public func getFileCreationTime(fileName: String) throws -> Date
- (NSDate*)getFileCreationTime:(NSString*)fileName;

Remarks

This method retrieves the creation time of the vault item (e.g., file, directory, symbolic link, or alternate stream) specified by FileName. The timestamps returned by this method are specified .

The value passed for FileName must be a vault-local absolute path.

Note: This method can be called only when Active is .

GetFileEncryption Method (CBVaultDrive Module)

This method retrieves the encryption mode of a file or alternate stream.

Syntax

public func getFileEncryption(fileName: String) throws -> Int32
- (int)getFileEncryption:(NSString*)fileName;

Remarks

This method retrieves the encryption mode of the file or alternate stream specified by FileName.

The value passed for FileName must be a vault-local absolute path.

The returned encryption mode will be one of the following values:

VAULT_EM_NONE0x0Do not use encryption.

VAULT_EM_DEFAULT0x1Use default encryption (VAULT_EM_XTS_AES256_PBKDF2_HMAC_SHA256).

VAULT_EM_XTS_AES256_PBKDF2_HMAC_SHA2560x2Use AES256 encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

VAULT_EM_CUSTOM256_PBKDF2_HMAC_SHA2560x3Use event-based custom 256-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 256-bit (32-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM512_PBKDF2_HMAC_SHA2560x4Use event-based custom 512-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 512-bit (64-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM1024_PBKDF2_HMAC_SHA2560x5Use event-based custom 1024-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 1024-bit (128-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM256_CUSTOM_KEY_DERIVE0x23Use event-based custom 256-bit encryption with custom key derivation.

A 256-bit (32-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM512_CUSTOM_KEY_DERIVE0x24Use event-based custom 512-bit encryption with custom key derivation.

A 512-bit (64-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM1024_CUSTOM_KEY_DERIVE0x25Use event-based custom 1024-bit encryption with custom key derivation.

A 1024-bit (128-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM256_DIRECT_KEY0x43Use event-based custom 256-bit encryption with no key derivation.

A 256-bit (32-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_CUSTOM512_DIRECT_KEY0x44Use event-based custom 512-bit encryption with no key derivation.

A 512-bit (64-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_CUSTOM1024_DIRECT_KEY0x45Use event-based custom 1024-bit encryption with no key derivation.

A 1024-bit (128-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_UNKNOWN0xFFUnidentified or unknown encryption.

Applications that use custom encryption must implement at least the DataEncrypt and DataDecrypt events. Certain custom encryption modes may require that the HashCalculate or KeyDerive event be implemented as well. Please refer to the Encryption topic for more information.

Note: This method can be called only when Active is .

GetFileLastAccessTime Method (CBVaultDrive Module)

This method retrieves the last access time of a vault item.

Syntax

public func getFileLastAccessTime(fileName: String) throws -> Date
- (NSDate*)getFileLastAccessTime:(NSString*)fileName;

Remarks

This method retrieves the creation time of the vault item (e.g., file, directory, symbolic link, or alternate stream) specified by FileName. The timestamps returned by this method are specified .

Note: Vault items' last access times are updated only if the UseAccessTime property is enabled.

The value passed for FileName must be a vault-local absolute path.

Note: This method can be called only when Active is .

GetFileModificationTime Method (CBVaultDrive Module)

This method retrieves the modification time of a vault item.

Syntax

public func getFileModificationTime(fileName: String) throws -> Date
- (NSDate*)getFileModificationTime:(NSString*)fileName;

Remarks

This method retrieves the modification time of the vault item (e.g., file, directory, symbolic link, or alternate stream) specified by FileName. The timestamps returned by this method are specified .

The value passed for FileName must be a vault-local absolute path.

Note: This method can be called only when Active is .

GetFileSize Method (CBVaultDrive Module)

This method retrieves the size of a file or alternate stream.

Syntax

public func getFileSize(fileName: String) throws -> Int64
- (long long)getFileSize:(NSString*)fileName;

Remarks

This method retrieves the size, in bytes, of the file or alternate stream specified by FileName.

Note: For files, the returned value reflects only the size of the file's immediate contents, it does not account for any alternate streams the file may or may not contain.

The value passed for FileName must be a vault-local absolute path.

Note: This method can be called only when Active is .

GetFileTag Method (CBVaultDrive Module)

This method retrieves the binary data held by a raw file tag attached to the specified vault item.

Syntax

public func getFileTag(fileName: String, tagId: Int32) throws -> Data
- (NSData*)getFileTag:(NSString*)fileName :(int)tagId;

Remarks

This method retrieves the binary data held by a raw file tag, identified by TagId, attached to the vault item (e.g., file, directory, or alternate stream) specified by FileName. If a raw file tag with the specified TagId is not attached to the specified vault item, this method .

The value passed for FileName must be a vault-local absolute path. The value passed for TagId must be in the range 0x0001 to 0xCFFF (inclusive).

Please refer to the File Tags topic for more information.

Note: This method can be called only when Active is .

GetFileTagAsAnsiString Method (CBVaultDrive Module)

This method retrieves the value of an AnsiString-typed file tag attached to the specified vault item.

Syntax

public func getFileTagAsAnsiString(fileName: String, tagName: String) throws -> String
- (NSString*)getFileTagAsAnsiString:(NSString*)fileName :(NSString*)tagName;

Remarks

This method retrieves the value of an AnsiString-typed file tag, identified by TagName, attached to the vault item (e.g., file, directory, or alternate stream) specified by FileName. If an AnsiString-typed file tag with the specified TagName is not attached to the specified vault item, this method .

The value passed for FileName must be a vault-local absolute path. The value passed for TagName may be up to 4095 characters in length (not including the null terminator).

Please refer to the File Tags topic for more information.

This method can only retrieve typed file tags created with the SetFileTagAsAnsiString method. Typed file tags created with the SetFileTagAsString method must be retrieved using the GetFileTagAsString method.

Note: This method can be called only when Active is .

GetFileTagAsBoolean Method (CBVaultDrive Module)

This method retrieves the value of a Boolean-typed file tag attached to the specified vault item.

Syntax

public func getFileTagAsBoolean(fileName: String, tagName: String) throws -> Bool
- (BOOL)getFileTagAsBoolean:(NSString*)fileName :(NSString*)tagName;

Remarks

This method retrieves the value of a Boolean-typed file tag, identified by TagName, attached to the vault item (e.g., file, directory, or alternate stream) specified by FileName. If a Boolean-typed file tag with the specified TagName is not attached to the specified vault item, this method .

The value passed for FileName must be a vault-local absolute path. The value passed for TagName may be up to 4095 characters in length (not including the null terminator).

Please refer to the File Tags topic for more information.

Note: This method can be called only when Active is .

GetFileTagAsDateTime Method (CBVaultDrive Module)

This method retrieves the value of a DateTime-typed file tag attached to the specified vault item.

Syntax

public func getFileTagAsDateTime(fileName: String, tagName: String) throws -> Date
- (NSDate*)getFileTagAsDateTime:(NSString*)fileName :(NSString*)tagName;

Remarks

This method retrieves the value of a DateTime-typed file tag, identified by TagName, attached to the vault item (e.g., file, directory, or alternate stream) specified by FileName. If a DateTime-typed file tag with the specified TagName is not attached to the specified vault item, this method .

The timestamps returned by this method are specified .

The value passed for FileName must be a vault-local absolute path. The value passed for TagName may be up to 4095 characters in length (not including the null terminator).

Please refer to the File Tags topic for more information.

Note: This method can be called only when Active is .

GetFileTagAsNumber Method (CBVaultDrive Module)

This method retrieves the value of a Number-typed file tag attached to the specified vault item.

Syntax

public func getFileTagAsNumber(fileName: String, tagName: String) throws -> Int64
- (long long)getFileTagAsNumber:(NSString*)fileName :(NSString*)tagName;

Remarks

This method retrieves the value of a Number-typed file tag, identified by TagName, attached to the vault item (e.g., file, directory, or alternate stream) specified by FileName. If a Number-typed file tag with the specified TagName is not attached to the specified vault item, this method .

The value passed for FileName must be a vault-local absolute path. The value passed for TagName may be up to 4095 characters in length (not including the null terminator).

Please refer to the File Tags topic for more information.

Note: This method can be called only when Active is .

GetFileTagAsString Method (CBVaultDrive Module)

This method retrieves the value of a String-typed file tag attached to the specified vault item.

Syntax

public func getFileTagAsString(fileName: String, tagName: String) throws -> String
- (NSString*)getFileTagAsString:(NSString*)fileName :(NSString*)tagName;

Remarks

This method retrieves the value of a String-typed file tag, identified by TagName, attached to the vault item (e.g., file, directory, or alternate stream) specified by FileName. If a String-typed file tag with the specified TagName is not attached to the specified vault item, this method .

The value passed for FileName must be a vault-local absolute path. The value passed for TagName may be up to 4095 characters in length (not including the null terminator).

Please refer to the File Tags topic for more information.

This method can only retrieve typed file tags created with the SetFileTagAsString method. Typed file tags created with the SetFileTagAsAnsiString method must be retrieved using the GetFileTagAsAnsiString method.

Note: This method can be called only when Active is .

GetFileTagDataType Method (CBVaultDrive Module)

This method retrieves the data type of a typed file tag attached to a specific vault item.

Syntax

public func getFileTagDataType(fileName: String, tagName: String) throws -> Int32
- (int)getFileTagDataType:(NSString*)fileName :(NSString*)tagName;

Remarks

This method retrieves the data type of a typed file tag, identified by TagName, attached to the vault item (e.g., file, directory, or alternate stream) specified by FileName. If a typed file tag with the specified TagName is not attached to the specified vault item, this method .

The value passed for FileName must be a vault-local absolute path. The value passed for TagName may be up to 4095 characters in length (not including the null terminator).

The value returned by this method will be one of the following (except VAULT_TDT_RAWDATA, which is not applicable):

VAULT_TDT_RAWDATA0x0The tag is untyped and must be addressed by Id.

VAULT_TDT_BOOLEAN0x1The tag contains Boolean data and must be addressed by name.

VAULT_TDT_STRING0x2The tag contains String (UTF-16LE) data and must be addressed by name.

VAULT_TDT_DATETIME0x3The tag contains DateTime data and must be addressed by name.

VAULT_TDT_NUMBER0x4The tag contains numeric (signed 64-bit) data and must be addressed by name.

VAULT_TDT_ANSISTRING0x5The tag contains AnsiString (8-bit string) data and must be addressed by name.

Please refer to the File Tags topic for more information.

Note: This method can be called only when Active is .

GetFileTagSize Method (CBVaultDrive Module)

This method retrieves the size of a raw file tag attached to the specified vault item.

Syntax

public func getFileTagSize(fileName: String, tagId: Int32) throws -> Int32
- (int)getFileTagSize:(NSString*)fileName :(int)tagId;

Remarks

This method retrieves the size of the binary data held by a raw file tag, identified by TagId, attached to the vault item (e.g., file, directory, or alternate stream) specified by FileName. If a raw file tag with the specified TagId is not attached to the specified vault item, this method returns 0 as the tag size.

The value passed for FileName must be a vault-local absolute path. The value passed for TagId must be in the range 0x0001 to 0xCFFF (inclusive).

Please refer to the File Tags topic for more information.

Note: This method can be called only when Active is .

GetModuleVersion Method (CBVaultDrive Module)

Retrieves the version of a given product module.

Syntax

public func getModuleVersion(productGUID: String, module: Int32) throws -> Int64
- (long long)getModuleVersion:(NSString*)productGUID :(int)module;

Remarks

This method retrieves the version of the product module specified by Module. The value is returned as a 64-bit integer composed of four 16-bit words that each correspond to a piece of the overall module version. For example, a version of 2.32.6.28 would cause the value 0x000200200006001C to be returned.

If the specified module is not installed, this method returns 0.

ProductGUID is used to distinguish between driver installations performed by different applications. Such information is necessary to guard against unexpected situations such as, e.g., the driver being uninstalled by one application despite other applications still needing it.

The GUID must be specified in so-called "Registry Format" (e.g., "{1FAD0EF2-9A03-4B87-B4BC-645B7035ED90}") with curly braces included.

To ensure proper operation, it is critical that each individual application have its own unique ProductGUID value, and that applications (and their installation scripts) use that value when calling any of the following methods:

The Module parameter specifies which driver module to query the status of. Possible values are:

MODULE_DRIVER_PNP_BUS0x00000001PnP Bus Driver (.sys file).

This module must be installed if the application wishes to make use of Plug-and-Play (PnP) storage features class in Windows. PnP storage devices are those visible as disks in the Device Manager, and the system treats such storage devices differently from other purely virtual devices.

The virtual disk driver must be re-installed anytime this module is added or removed.

MODULE_DRIVER_BLOCK0x00000002Virtual disk driver (.sys file).

The product's virtual disk driver module, which provides core functionality; it must be installed for the class to function correctly.

MODULE_DRIVER_FS0x00000004Filesystem driver (.sys file).

The product's filesystem driver module, which provides core functionality; it must be installed for the class to function correctly.

MODULE_HELPER_DLL0x00010000Shell Helper DLL (CBVaultDriveShellHelper2024.dll)

This module provides supplementary functionality for the class; please refer to the Helper DLL topic for more information.

Note: Not applicable when calling the GetDriverStatus method.

This method is available in both the class API and the Installer DLL included with the product; please refer to the Driver Installation in Windows topic for more information about the latter.

Note: This method cannot be called within events.

GetOriginatorProcessId Method (CBVaultDrive Module)

Retrieves the Id of the process (PID) that initiated the operation.

Syntax

public func getOriginatorProcessId() throws -> Int32
- (int)getOriginatorProcessId;

Remarks

This method can be called within the FilePasswordNeeded and FileAccess events to retrieve the Id of the process (PID) that initiated the operation. If the query fails, this method returns 0.

Please note that PIDs are not unique, and may be reused by different processes over time (though in practice, this is uncommon).

CBVaultDrive/Windows-specific: Applications cannot use this method to retrieve information about remote processes accessing virtual drives shared on the network. Windows does not provide such information due to the nature of remote access.

GetOriginatorProcessName Method (CBVaultDrive Module)

Retrieves the name of the process that initiated the operation.

Syntax

public func getOriginatorProcessName() throws -> String
- (NSString*)getOriginatorProcessName;

Remarks

This method can be called within the FilePasswordNeeded and and FileAccess events to retrieve the name of the process that initiated the operation. If the query fails, this method returns empty string.

CBVaultDrive/Windows-specific: Applications cannot use this method to retrieve information about remote processes accessing virtual drives shared on the network. Windows does not provide such information due to the nature of remote access.

GetOriginatorThreadId Method (CBVaultDrive Module)

Retrieves the Id of the thread that initiated the operation (Windows only).

Syntax

public func getOriginatorThreadId() throws -> Int32
- (int)getOriginatorThreadId;

Remarks

This method can be called within the FilePasswordNeeded and FileAccess events to retrieve the Id of the thread that initiated the operation. If the query fails, this method returns 0.

Please note that thread Ids are not unique, and may be reused by different threads over time.

GetOriginatorToken Method (CBVaultDrive Module)

Retrieves the security token associated with the process that initiated the operation (Windows only).

Syntax

public func getOriginatorToken() throws -> Int64
- (long long)getOriginatorToken;

Remarks

This method can be called within the FilePasswordNeeded event to retrieve the security token associated with the process that initiated the operation. If the query fails, this method returns INVALID_HANDLE_VALUE.

The security token returned by this method can be passed to the Windows API's GetTokenInformation function to obtain more information about the process.

Important: When applications are finished using the returned security token, they must close it using the Windows API's CloseHandle function.

Network Access Notes (CBVaultDrive-specific)

For virtual drives shared on the network, applications may wish to obtain information about the network users accessing it (e.g., account names). Drives can be shared in several modes in Windows, which can affect the information retrievable via the security token this method returns:

  • Authenticated mode, in which case the Helper DLL (which, in general, is responsible for relaying remote drive requests to and from the system driver) will impersonate the network user, allowing that account's actual information to be retrieved.
  • Guest mode, in which case the retrievable information is for the system's GUEST account.
  • Administrative shares (those which exist by default and whose names end with '$'; e.g., C$, ADMIN$, etc.), in which case the retrievable information is for the LOCAL_SYSTEM account.

GetSearchResultAttributes Method (CBVaultDrive Module)

This method retrieves the attributes of a vault item found during a search operation.

Syntax

public func getSearchResultAttributes(searchId: Int64) throws -> Int32
- (int)getSearchResultAttributes:(long long)searchId;

Remarks

This method retrieves the attributes of a vault item (e.g., file, directory, symbolic link, or alternate stream) found via FindFirst/FindFirstByQuery/FindNext as part of the search operation identified by SearchId. Please refer to those methods' documentation for more information.

The value passed for SearchId must be a search operation Id returned by FindFirst or FindFirstByQuery.

The vault item's attributes are returned as a 32-bit integer composed of one or more of the following values:

VAULT_FATTR_FILE0x00000001The entry is a file.

VAULT_FATTR_DIRECTORY0x00000002The entry is a directory.

VAULT_FATTR_DATA_STREAM0x00000004The entry is an alternate data stream.

VAULT_FATTR_COMPRESSED0x00000008The file or stream is compressed.

VAULT_FATTR_ENCRYPTED0x00000010The file or stream is encrypted.

VAULT_FATTR_SYMLINK0x00000020The entry is a symbolic link.

VAULT_FATTR_READONLY0x00000040The file is read-only.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_ARCHIVE0x00000080The file requires archiving.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_HIDDEN0x00000100The file is hidden.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_SYSTEM0x00000200The file is a system file.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_TEMPORARY0x00000400The file is temporary.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_DELETE_ON_CLOSE0x00000800The file should be deleted when the last handle to the file is closed.

This attribute is currently not supported by CBFS Storage.

VAULT_FATTR_RESERVED_00x00001000Reserved.

VAULT_FATTR_RESERVED_10x00002000Reserved.

VAULT_FATTR_RESERVED_20x00004000Reserved.

VAULT_FATTR_RESERVED_30x00008000Reserved.

VAULT_FATTR_NO_USER_CHANGE0x0000F03FA mask that includes all attributes that cannot be changed.

Applications cannot use the SetFileAttributes method to directly change any of the following attributes: FILE, DIRECTORY, DATA_STREAM, COMPRESSED, ENCRYPTED, SYMLINK, RESERVED_0, RESERVED_1, RESERVED_2, or RESERVED_3.

VAULT_FATTR_USER_DEFINED0x7FF00000A mask for application-defined attributes.

Applications can use the SetFileAttributes method to set custom attributes, as long as their values are covered by this mask.

VAULT_FATTR_ANY_FILE0x7FFFFFFFA mask that includes any and all attributes.

If, however, attributes were not requested as part of the specified search operation (by passing either 0 or a value including VAULT_FF_NEED_ATTRIBUTES for the FindFirst/FindFirstByQuery method's Flags parameter), this method will always return 0. Please refer to the documentation for these methods for more information.

Note: This method can be called only when Active is .

GetSearchResultCreationTime Method (CBVaultDrive Module)

This method retrieves the creation time of a vault item found during a search operation.

Syntax

public func getSearchResultCreationTime(searchId: Int64) throws -> Date
- (NSDate*)getSearchResultCreationTime:(long long)searchId;

Remarks

This method retrieves the creation time of a vault item (e.g., file, directory, symbolic link, or alternate stream) found via FindFirst/FindFirstByQuery/FindNext as part of the search operation identified by SearchId. Please refer to those methods' documentation for more information.

The value passed for SearchId must be a search operation Id returned by FindFirst or FindFirstByQuery.

The timestamps returned by this method are specified .

If times were not requested as part of the specified search operation (by passing either 0 or a value including VAULT_FF_NEED_TIMES for the FindFirst/FindFirstByQuery method's Flags parameter), this method will always return January 1, 1601 00:00:00 UTC. Please refer to the documentation for these methods for more information.

Note: This method can be called only when Active is .

GetSearchResultFullName Method (CBVaultDrive Module)

This method retrieves the fully qualified name of a vault item found during a search operation.

Syntax

public func getSearchResultFullName(searchId: Int64) throws -> String
- (NSString*)getSearchResultFullName:(long long)searchId;

Remarks

This method retrieves the fully qualified name of a vault item (e.g., file, directory, symbolic link, or alternate stream) found via FindFirst/FindFirstByQuery/FindNext as part of the search operation identified by SearchId (i.e., the vault item's vault-local absolute path). Please refer to those methods' documentation for more information.

The value passed for SearchId must be a search operation Id returned by FindFirst or FindFirstByQuery.

If fully qualified names were not requested as part of the specified search operation (by passing either 0 or a value including VAULT_FF_NEED_FULL_NAME for the FindFirst/FindFirstByQuery method's Flags parameter), this method will always return an empty string. Please refer to the documentation for these methods for more information.

Note: This method can be called only when Active is .

GetSearchResultLastAccessTime Method (CBVaultDrive Module)

This method retrieves the last access time of a vault item found during a search operation.

Syntax

public func getSearchResultLastAccessTime(searchId: Int64) throws -> Date
- (NSDate*)getSearchResultLastAccessTime:(long long)searchId;

Remarks

This method retrieves the creation time of a vault item (e.g., file, directory, symbolic link, or alternate stream) found via FindFirst/FindFirstByQuery/FindNext as part of the search operation identified by SearchId. Please refer to those methods' documentation for more information.

The value passed for SearchId must be a search operation Id returned by FindFirst or FindFirstByQuery.

The timestamps returned by this method are specified .

If times were not requested as part of the specified search operation (by passing either 0 or a value including VAULT_FF_NEED_TIMES for the FindFirst/FindFirstByQuery method's Flags parameter), this method will always return January 1, 1601 00:00:00 UTC. Please refer to the documentation for these methods for more information.

Note: Vault items' last access times are updated only if the UseAccessTime property is enabled.

Note: This method can be called only when Active is .

GetSearchResultLinkDestination Method (CBVaultDrive Module)

This method retrieves the destination of a symbolic link found during a search operation.

Syntax

public func getSearchResultLinkDestination(searchId: Int64) throws -> String
- (NSString*)getSearchResultLinkDestination:(long long)searchId;

Remarks

This method retrieves the fully qualified name of a symbolic link found via FindFirst/FindFirstByQuery/FindNext as part of the search operation identified by SearchId. Please refer to those methods' documentation for more information.

The value passed for SearchId must be a search operation Id returned by FindFirst or FindFirstByQuery.

If the most recently found vault item is not a symbolic link, or if symbolic link destinations were not requested as part of the specified search operation (by passing either 0 or a value including VAULT_FF_NEED_LINK_DEST for the FindFirst/FindFirstByQuery method's Flags parameter), this method will always return an empty string. Please refer to the documentation for these methods for more information.

Note: This method can be called only when Active is .

GetSearchResultMetadataSize Method (CBVaultDrive Module)

This method retrieves the size of the metadata associated with a vault item found during a search operation.

Syntax

public func getSearchResultMetadataSize(searchId: Int64) throws -> Int64
- (long long)getSearchResultMetadataSize:(long long)searchId;

Remarks

This method retrieves the size of the metadata associated with a vault item (e.g., file, directory, symbolic link, or alternate stream) found via FindFirst/FindFirstByQuery/FindNext as part of the search operation identified by SearchId. Please refer to those methods' documentation for more information.

The metadata size of a vault item reflects the total size of all vault pages associated with it that do not contain actual file/stream data; this includes file tags (both internal and application defined), index pages, B-trees, and all other "filesystem information".

The value passed for SearchId must be a search operation Id returned by FindFirst or FindFirstByQuery.

If metadata sizes were not requested as part of the specified search operation (by passing either 0 or a value including VAULT_FF_NEED_METADATA_SIZE for the FindFirst/FindFirstByQuery method's Flags parameter), this method will always return 0. Please refer to the documentation for these methods for more information.

Note: This method can be called only when Active is .

GetSearchResultModificationTime Method (CBVaultDrive Module)

This method retrieves the modification time of a vault item found during a search operation.

Syntax

public func getSearchResultModificationTime(searchId: Int64) throws -> Date
- (NSDate*)getSearchResultModificationTime:(long long)searchId;

Remarks

This method retrieves the modification time of a vault item (e.g., file, directory, symbolic link, or alternate stream) found via FindFirst/FindFirstByQuery/FindNext as part of the search operation identified by SearchId. Please refer to those methods' documentation for more information.

The value passed for SearchId must be a search operation Id returned by FindFirst or FindFirstByQuery.

The timestamps returned by this method are specified .

If times were not requested as part of the specified search operation (by passing either 0 or a value including VAULT_FF_NEED_TIMES for the FindFirst/FindFirstByQuery method's Flags parameter), this method will always return January 1, 1601 00:00:00 UTC. Please refer to the documentation for these methods for more information.

Note: This method can be called only when Active is .

GetSearchResultName Method (CBVaultDrive Module)

This method retrieves the name of a vault item found during a search operation.

Syntax

public func getSearchResultName(searchId: Int64) throws -> String
- (NSString*)getSearchResultName:(long long)searchId;

Remarks

This method retrieves the name of a vault item (e.g., file, directory, symbolic link, or alternate stream) found via FindFirst/FindFirstByQuery/FindNext as part of the search operation identified by SearchId. Please refer to those methods' documentation for more information.

The value passed for SearchId must be a search operation Id returned by FindFirst or FindFirstByQuery.

The names returned by this method do not include a path; use GetSearchResultFullName if a path is needed.

If names were not requested as part of the specified search operation (by passing either 0 or a value including VAULT_FF_NEED_NAME for the FindFirst/FindFirstByQuery method's Flags parameter), this method will always return an empty string. Please refer to the documentation for these methods for more information.

Note: This method can be called only when Active is .

GetSearchResultSize Method (CBVaultDrive Module)

This method retrieves the size of a vault item found during a search operation.

Syntax

public func getSearchResultSize(searchId: Int64) throws -> Int64
- (long long)getSearchResultSize:(long long)searchId;

Remarks

This method retrieves the size of a vault item (e.g., file, directory, symbolic link, or alternate stream) found via FindFirst/FindFirstByQuery/FindNext as part of the search operation identified by SearchId. Please refer to those methods' documentation for more information.

Note: For files, the returned value reflects only the size of the file's immediate contents; it does not account for any alternate streams the file may or may not contain.

The value passed for SearchId must be a search operation Id returned by FindFirst or FindFirstByQuery.

If the vault item is a directory, or if sizes were not requested as part of the specified search operation (by passing either 0 or a value including VAULT_FF_NEED_SIZE for the FindFirst/FindFirstByQuery method's Flags parameter), this method will always return 0. Please refer to the documentation for these methods for more information.

Note: This method can be called only when Active is .

Initialize Method (CBVaultDrive Module)

This method initializes the component.

Syntax

public func initialize(productGUID: String) throws -> Void
- (void)initialize:(NSString*)productGUID;

Remarks

This method initializes the class and must be called each time the application starts before attempting to call any of the class's other methods with the exception of installation-related methods.

ProductGUID is used to distinguish between driver installations performed by different applications. Such information is necessary to guard against unexpected situations such as, e.g., the driver being uninstalled by one application despite other applications still needing it.

The GUID must be specified in so-called "Registry Format" (e.g., "{1FAD0EF2-9A03-4B87-B4BC-645B7035ED90}") with curly braces included.

To ensure proper operation, it is critical that each individual application have its own unique ProductGUID value, and that applications (and their installation scripts) use that value when calling any of the following methods:

If the required driver was not installed using the Install method with the same value of ProductGUID, Initialize will return a ERROR_FILE_NOT_FOUND error (Win32 error code 2).

If the loaded kernel-mode driver is older than the user-mode API, Initialize will return a ERROR_INVALID_KERNEL_INFO_VERSION error (Win32 error code 340). In this situation, an update of the driver using the Install method is required before the class can be used.

Install Method (CBVaultDrive Module)

Installs (or upgrades) the product's system drivers and/or the helper DLL (Windows only).

Syntax

public func install(cabFileName: String, productGUID: String, pathToInstall: String, modulesToInstall: Int32, flags: Int32) throws -> Int32
- (int)install:(NSString*)cabFileName :(NSString*)productGUID :(NSString*)pathToInstall :(int)modulesToInstall :(int)flags;

Remarks

This method is used to install or upgrade the product's various modules (i.e., the system drivers and the Helper DLL). The ModulesToInstall parameter selects which modules should be installed. If the system must be rebooted to complete the installation process, this method will return a non-zero value indicating which module(s) requested the reboot (out of those initially selected).

Important: To upgrade the product's modules, use only the Install method. Previously installed versions of the modules should not be uninstalled first. Calling the Install method will upgrade the previously installed version.

Please refer to the Driver Installation in Windows topic for more information.

CabFileName must be the path of the .cab file containing the product modules. Important: This .cab file must remain on the target system (or be available in some other way) after installation, as it is required for uninstalling the modules from the system.

ProductGUID is used to distinguish between driver installations performed by different applications. Such information is necessary to guard against unexpected situations such as, e.g., the driver being uninstalled by one application despite other applications still needing it.

The GUID must be specified in so-called "Registry Format" (e.g., "{1FAD0EF2-9A03-4B87-B4BC-645B7035ED90}") with curly braces included.

To ensure proper operation, it is critical that each individual application have its own unique ProductGUID value, and that applications (and their installation scripts) use that value when calling any of the following methods:

PathToInstall controls where the modules are installed. Pass empty string (highly recommended) to automatically install them to the appropriate Windows system directory.

ModulesToInstall should contain one or more of the following flags, OR'd together:

MODULE_DRIVER_PNP_BUS0x00000001PnP Bus Driver (.sys file).

This module must be installed if the application wishes to make use of Plug-and-Play (PnP) storage features class in Windows. PnP storage devices are those visible as disks in the Device Manager, and the system treats such storage devices differently from other purely virtual devices.

The virtual disk driver must be re-installed anytime this module is added or removed.

MODULE_DRIVER_BLOCK0x00000002Virtual disk driver (.sys file).

The product's virtual disk driver module, which provides core functionality; it must be installed for the class to function correctly.

MODULE_DRIVER_FS0x00000004Filesystem driver (.sys file).

The product's filesystem driver module, which provides core functionality; it must be installed for the class to function correctly.

MODULE_HELPER_DLL0x00010000Shell Helper DLL (CBVaultDriveShellHelper2024.dll)

This module provides supplementary functionality for the class; please refer to the Helper DLL topic for more information.

Note: Not applicable when calling the GetDriverStatus method.

Flags specifies various installation options, and should contain zero or more of the following flags, OR'd together:

INSTALL_REMOVE_OLD_VERSIONS0x00000001Uninstall drivers and helper DLLs from previous class versions (e.g., 2017).

This flag is not used on non-Windows systems.

INSTALL_KEEP_START_TYPE0x00000002Keep the driver's current start type setting in the registry.

If this flag is not set (default), the installation logic will reset the driver's start type setting in the Windows registry to the default value. Setting this flag causes the installation logic to preserve the current value, which may be necessary if the user (or the application itself) set it previously. This flag is not used on non-Windows systems.

INSTALL_OVERWRITE_SAME_VERSION0x00000004Install files when their version is the same as the version of already installed files.

If this flag is not set (default), the installation logic will overwrite the existing file only if the version number of the file being installed is larger than the version of the file being overwritten. Setting this flag causes the installation logic to overwrite the file even when it has the same version. This flag is not used on non-Windows systems.

This method is available in both the class API and the Installer DLL included with the product; please refer to the Driver Installation in Windows topic for more information about the latter.

This method requires administrative rights to execute successfully. If the user account of the process that calls this method doesn't have such rights, the call will fail with an ERROR_PRIVILEGE_NOT_HELD () error.

Note: This method cannot be called within events.

IsDirectoryEmpty Method (CBVaultDrive Module)

This method checks whether a directory is empty.

Syntax

public func isDirectoryEmpty(directory: String) throws -> Bool
- (BOOL)isDirectoryEmpty:(NSString*)directory;

Remarks

This method checks whether the directory specified by Directory is empty (i.e., does not contain any files, subdirectories, or symbolic links). If the specified directory is empty, this method returns ; otherwise, it returns .

The value passed for Directory must be a vault-local absolute path.

Note: This method can be called only when Active is .

IsIconRegistered Method (CBVaultDrive Module)

Checks whether the specified icon is registered (Windows only).

Syntax

public func isIconRegistered(iconId: String) throws -> Bool
- (BOOL)isIconRegistered:(NSString*)iconId;

Remarks

This method checks whether an icon with the specified IconId has been registered. If such an icon has been registered, this method returns ; otherwise it returns .

Icons can be registered using the RegisterIcon method. Please refer to that method's documentation, as well as the Custom Drive Icons topic, for more information.

The Helper DLL must be installed in order for this method to function correctly. Applications can check to see whether the Helper DLL is installed using the GetModuleVersion method, and install it using the Install method if necessary.

IsValidVault Method (CBVaultDrive Module)

This method checks whether a local file is a CBFS Storage vault.

Syntax

public func isValidVault() throws -> Bool
- (BOOL)isValidVault;

Remarks

This method checks whether the file specified by the VaultFile property is a CBFS Storage vault that can be opened by the class. The file being checked must be fully closed when this method is called.

If the specified file is a CBFS Storage vault, this method returns ; otherwise, it returns .

If the CallbackMode property is enabled, the check will be performed by the appropriate Vault* events (and the value held by VaultFile is simply passed to such events for the application to use).

Note: This method uses a simple detection mechanism; it does not perform a full consistency check or attempt any repairs, so applications may still need to call CheckAndRepair even if this method returns . If an error occurs during the detection process, this method .

Note: This method cannot be called when Active is , and it cannot be called within events.

IsValidVaultVolume Method (CBVaultDrive Module)

Checks whether a storage partition or volume is formatted with the CBFS Storage filesystem (Windows only).

Syntax

public func isValidVaultVolume(volumeName: String) throws -> Bool
- (BOOL)isValidVaultVolume:(NSString*)volumeName;

Remarks

This method checks whether the storage partition or volume specified by VolumeName is formatted with the CBFS Storage filesystem. If the specified storage volume or partition is formatted with the CBFS Storage filesystem, this method returns ; otherwise it returns .

A storage volume or partition formatted with the CBFS Storage filesystem can be opened as a vault using the OpenVolume method.

The VolumeName parameter specifies the fully-qualified name of a storage volume or partition. DOS names, such as X:, are also valid.

Note that this method uses a simple detection mechanism; it doesn't perform a full consistency check or attempt any repairs, so applications may still need to call CheckAndRepair even if this method returns . If an error occurs during the detection process, this method .

Note: This method cannot be called within events.

MoveFile Method (CBVaultDrive Module)

This method renames or moves a vault item.

Syntax

public func moveFile(oldFileName: String, newFileName: String, overwrite: Bool) throws -> Void
- (void)moveFile:(NSString*)oldFileName :(NSString*)newFileName :(BOOL)overwrite;

Remarks

This method renames or moves a vault item (e.g., file, directory, symbolic link, or alternate stream) from the specified OldFileName to the specified NewFileName. For alternate streams, renaming is always possible, but moving them from one file to another is allowed only if the AllowMoveStreamsBetweenFiles configuration setting is enabled.

The values passed for OldFileName and NewFileName must both be vault-local absolute paths (including the item's old and new names, respectively) in the same vault.

The Overwrite parameter specifies what to do if a vault item with the specified NewFileName already exists. If Overwrite is , and such an item exists, it will be overwritten by the item specified by OldFileName. But if such an item exists, and Overwrite is , this method .

Note: The usual rules of deletion still apply for an item being overwritten. Notably, a nonempty directory cannot be overwritten.

Note: This method can be called only when Active is , and it cannot be called within events.

OpenFile Method (CBVaultDrive Module)

This method opens a new or existing file or alternate stream in the vault.

Syntax

public func openFile(fileName: String, openMode: Int32, readEnabled: Bool, writeEnabled: Bool, password: String) throws -> CBFSStorageStream
- (CBFSStorageStream*)openFile:(NSString*)fileName :(int)openMode :(BOOL)readEnabled :(BOOL)writeEnabled :(NSString*)password;

Remarks

This method opens the file or alternate stream specified by FileName, creating it if necessary based on the specified OpenMode, and returns a stream object that provides access to its data.

Note: Files and alternate streams cannot be created or written to if the vault is open in ReadOnly mode.

The value passed for FileName must be a vault-local absolute path.

The OpenMode parameter specifies what behavior to use when opening a file or alternate stream. Valid values are as follows:

VAULT_FOM_CREATE_NEW0Creates a new file or alternate stream if possible, failing if one already exists.

VAULT_FOM_CREATE_ALWAYS1Creates a new file or stream, overwriting an existing one if necessary.

VAULT_FOM_OPEN_EXISTING2Opens a file or stream if it exists; fails otherwise.

VAULT_FOM_OPEN_ALWAYS3Opens a file or stream if it exists; creates a new one otherwise.

The ReadEnabled and WriteEnabled parameters specify which kinds of access the returned stream object should permit.

Note: WriteEnabled is ignored if ReadOnly is .

The Password parameter works as follows:

  • If the specified file or alternate stream already exists and is encrypted, the specified Password is used to decrypt and access its data.
  • If a new file or alternate stream is created, and the DefaultFileEncryption property is not VAULT_EM_NONE, the specified Password is used to encrypt it.
If the value passed for Password is null or empty string and the password is needed, the class will use the current value of either the DefaultFileCreatePassword or DefaultFileAccessPassword property depending on whether the file is being created or opened.

Internally, this method simply calls OpenFileEx, passing on all shared parameters' values and using the following defaults for the others:

Please refer to the OpenFileEx method's documentation for more information.

Note: This method can be called only when Active is , and it cannot be called within events.

OpenFileEx Method (CBVaultDrive Module)

This method opens a new or existing file or alternate stream in the vault.

Syntax

public func openFileEx(fileName: String, openMode: Int32, readEnabled: Bool, writeEnabled: Bool, shareDenyRead: Bool, shareDenyWrite: Bool, encryption: Int32, password: String, compression: Int32, compressionLevel: Int32, pagesPerBlock: Int32) throws -> CBFSStorageStream
- (CBFSStorageStream*)openFileEx:(NSString*)fileName :(int)openMode :(BOOL)readEnabled :(BOOL)writeEnabled :(BOOL)shareDenyRead :(BOOL)shareDenyWrite :(int)encryption :(NSString*)password :(int)compression :(int)compressionLevel :(int)pagesPerBlock;

Remarks

This method opens the file or alternate stream specified by FileName, creating it if necessary based on the specified OpenMode, and returns a stream object that provides access to its data.

Note: Files and alternate streams cannot be created or written to if the vault is open in ReadOnly mode.

The value passed for FileName must be a vault-local absolute path.

The OpenMode parameter specifies what behavior to use when opening a file or alternate stream. Valid values are as follows:

VAULT_FOM_CREATE_NEW0Creates a new file or alternate stream if possible, failing if one already exists.

VAULT_FOM_CREATE_ALWAYS1Creates a new file or stream, overwriting an existing one if necessary.

VAULT_FOM_OPEN_EXISTING2Opens a file or stream if it exists; fails otherwise.

VAULT_FOM_OPEN_ALWAYS3Opens a file or stream if it exists; creates a new one otherwise.

The ReadEnabled and WriteEnabled parameters specify which kinds of access the returned stream object should permit.

Note: WriteEnabled is ignored if ReadOnly is .

The ShareDenyRead and ShareDenyWrite parameters specify whether other accessors may read and/or write the specified file or alternate stream simultaneously. To prevent simultaneous read and/or write access, pass ; to allow it, pass .

The Encryption parameter specifies the encryption mode to use when creating a file or alternate stream. Valid values are as follows:

VAULT_EM_NONE0x0Do not use encryption.

VAULT_EM_DEFAULT0x1Use default encryption (VAULT_EM_XTS_AES256_PBKDF2_HMAC_SHA256).

VAULT_EM_XTS_AES256_PBKDF2_HMAC_SHA2560x2Use AES256 encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

VAULT_EM_CUSTOM256_PBKDF2_HMAC_SHA2560x3Use event-based custom 256-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 256-bit (32-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM512_PBKDF2_HMAC_SHA2560x4Use event-based custom 512-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 512-bit (64-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM1024_PBKDF2_HMAC_SHA2560x5Use event-based custom 1024-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 1024-bit (128-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM256_CUSTOM_KEY_DERIVE0x23Use event-based custom 256-bit encryption with custom key derivation.

A 256-bit (32-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM512_CUSTOM_KEY_DERIVE0x24Use event-based custom 512-bit encryption with custom key derivation.

A 512-bit (64-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM1024_CUSTOM_KEY_DERIVE0x25Use event-based custom 1024-bit encryption with custom key derivation.

A 1024-bit (128-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM256_DIRECT_KEY0x43Use event-based custom 256-bit encryption with no key derivation.

A 256-bit (32-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_CUSTOM512_DIRECT_KEY0x44Use event-based custom 512-bit encryption with no key derivation.

A 512-bit (64-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_CUSTOM1024_DIRECT_KEY0x45Use event-based custom 1024-bit encryption with no key derivation.

A 1024-bit (128-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_UNKNOWN0xFFUnidentified or unknown encryption.

Applications that use custom encryption must implement at least the DataEncrypt and DataDecrypt events. Certain custom encryption modes may require that the HashCalculate or KeyDerive event be implemented as well. Please refer to the Encryption topic for more information.

The Password parameter works as follows:

  • If the specified file or alternate stream already exists and is encrypted, the specified Password is used to decrypt and access its data.
  • If a file or alternate stream is created, and Encryption is not VAULT_EM_NONE, the specified Password is used to encrypt it.
If the value passed for Password is null or empty string and the password is needed, the class will use the current value of either the DefaultFileCreatePassword or DefaultFileAccessPassword property depending on whether the file is being created or opened.

The Compression parameter specifies the compression mode to use when creating a file or alternate stream. Valid values are as follows:

VAULT_CM_NONE0Do not use compression.

VAULT_CM_DEFAULT1Use default compression (zlib).

VAULT_CM_CUSTOM2Use event-based custom compression.

This compression level is not used.

VAULT_CM_ZLIB3Use zlib compression.

Valid compression levels are 1-9.

VAULT_CM_RLE4Use RLE compression.

This compression level is not used.

Applications that use custom compression must implement the DataCompress and DataDecompress events. Please refer to the Compression topic for more information.

The CompressionLevel parameter specifies the compression level to use, if applicable.

The PagesPerBlock parameter specifies how many pages should be compressed as a single block, if applicable. Valid values are powers of 2 up to and including 128 (i.e., 2, 4, 8, 16, 32, 64, or 128), or 0, which is interpreted as "default" (currently 16 for both zlib and run-length encoding [RLE]). Larger values allow for more efficient compression; however, because a block must be decompressed (and, for writes, recompressed) anytime its data are accessed, larger values can also cause excessive slowdown, especially for random access.

Note: This method can be called only when Active is , and it cannot be called within events.

OpenRootData Method (CBVaultDrive Module)

This method opens the vault's root data stream.

Syntax

public func openRootData() throws -> CBFSStorageStream
- (CBFSStorageStream*)openRootData;

Remarks

This method opens the vault's root data stream, returning a stream object that provides access to its data.

Please refer to the Using RootData topic for more information.

Note: This method can be called only when Active is , and it cannot be called within events.

OpenVault Method (CBVaultDrive Module)

This method opens a new or existing vault.

Syntax

public func openVault(openMode: Int32, journalingMode: Int32) throws -> Void
- (void)openVault:(int)openMode :(int)journalingMode;

Remarks

This method opens a vault, creating it if necessary based on the specified OpenMode.

The OpenMode parameter specifies what behavior to use when opening a vault. Valid values are as follows:

VAULT_OM_CREATE_NEW0Creates a new vault if possible, failing if one already exists.

VAULT_OM_CREATE_ALWAYS1Creates a new vault, overwriting an existing one if necessary.

VAULT_OM_OPEN_EXISTING2Opens a vault if it exists; fails otherwise.

VAULT_OM_OPEN_ALWAYS3Opens a vault if it exists; creates a new one otherwise.

The JournalingMode parameter specifies whether any form of journaling should be used when working with the vault. Valid values are as follows:

VAULT_JM_NONE0No journaling is used.

This mode ensures the fastest operations, but if the application crashes, corruption of the vault is possible.

VAULT_JM_METADATA1Journaling is used only for metadata (filesystem structure and directory contents).

This mode is a balance between speed and reliability.

VAULT_JM_FULL2Journaling is used for both filesystem structure and file data and metadata.

This mode is the slowest but the most reliable option.

When a vault is being created or opened, the VaultFile and/or CallbackMode properties are used to specify its location. If CallbackMode is disabled (default), the class creates or opens a file-based vault at the path specified by VaultFile.

If CallbackMode is enabled, then the application controls where the vault is located and how it is accessed by the Vault* events (and the value held by VaultFile is simply passed to said events for the application to use). For brevity, vaults created and accessed using callback mode are referred to as "callback mode vaults"; please refer to the Callback Mode topic for more information.

The class also has a number of other properties and configuration settings used when creating or opening a vault, all of which are listed below. Please refer to each one's documentation for more information, including usage restrictions.

If a file-based vault's storage file (or the storage device it is located on) is marked as read-only, then the ReadOnly property must be enabled before this method is called. If an application attempts to open a vault with a read-only storage file in read-write mode, this method .

For the CBVaultDrive class on Windows, an attempt to open a vault file that is compressed or encrypted using NTFS capabilities will lead to an error being reported by this method. It is necessary to not use NTFS compression or encryption on the file to avoid a systemwide deadlock in Windows internals.

Note: This method cannot be called when Active is , and it cannot be called within events.

OpenVolume Method (CBVaultDrive Module)

Opens a storage volume or partition formatted with the CBFS Storage filesystem as a vault (Windows only).

Syntax

public func openVolume(volumeName: String, journalingMode: Int32) throws -> Void
- (void)openVolume:(NSString*)volumeName :(int)journalingMode;

Remarks

This method opens the storage volume or partition specified by VolumeName as a vault.

If the specified volume or partition is not formatted with the CBFS Storage filesystem, this method .

The JournalingMode parameter specifies whether any form of journaling should be used when working with the vault. Valid values are:

VAULT_JM_NONE0No journaling is used.

This mode ensures the fastest operations, but if the application crashes, corruption of the vault is possible.

VAULT_JM_METADATA1Journaling is used only for metadata (filesystem structure and directory contents).

This mode is a balance between speed and reliability.

VAULT_JM_FULL2Journaling is used for both filesystem structure and file data and metadata.

This mode is the slowest but the most reliable option.

The VolumeName parameter specifies the fully-qualified name of a storage volume or partition. DOS names, such as X:, are also valid.

Note: This method cannot be called when Active is , and it cannot be called within events.

RegisterIcon Method (CBVaultDrive Module)

Registers an icon that can be displayed as an overlay on the virtual drive in Windows File Explorer (Windows only).

Syntax

public func registerIcon(iconPath: String, productGUID: String, iconId: String) throws -> Bool
- (BOOL)registerIcon:(NSString*)iconPath :(NSString*)productGUID :(NSString*)iconId;

Remarks

This method registers an icon in the file specified by IconPath so that it can later be used to display an overlay on the virtual drive in Windows File Explorer. If the system must be rebooted before the icon can be used, this method returns , otherwise it returns .

Please note that this method only registers overlay icons; Applications should call the SetIcon and ResetIcon methods to select an icon for display. Please refer to the Custom Drive Icons topic for more information.

IconPath must be the full path and file name of the .ico file whose icon should be registered. The file must exist and remain available in order for the icon to be used until the icon is unregistered using UnregisterIcon.

ProductGUID is used to distinguish between driver installations performed by different applications. Such information is necessary to guard against unexpected situations such as, e.g., the driver being uninstalled by one application despite other applications still needing it.

The GUID must be specified in so-called "Registry Format" (e.g., "{1FAD0EF2-9A03-4B87-B4BC-645B7035ED90}") with curly braces included.

To ensure proper operation, it is critical that each individual application have its own unique ProductGUID value, and that applications (and their installation scripts) use that value when calling any of the following methods:

IconId specifies an identifier that can later be passed to the SetIcon and UnregisterIcon methods. Each registered icon should have a unique IconId value; if a value is passed that is already in use, the existing icon will be removed (by calling UnregisterIcon internally) before the new one is registered.

This method is available in both the class API and the Installer DLL included with the product; please refer to the Driver Installation in Windows topic for more information about the latter. The Helper DLL must be installed in order for this method to function correctly. Applications can check to see whether the Helper DLL is installed using the GetModuleVersion method, and install it using the Install method if necessary.

This method requires administrative rights to execute successfully. If the user account of the process that calls this method doesn't have such rights, the call will fail with an ERROR_PRIVILEGE_NOT_HELD () error.

Note: This method cannot be called within events.

RemoveDeniedProcess Method (CBVaultDrive Module)

Removes a rule that prevents a process from accessing the virtual drive.

Syntax

public func removeDeniedProcess(processFileName: String, processId: Int32) throws -> Void
- (void)removeDeniedProcess:(NSString*)processFileName :(int)processId;

Remarks

When the ProcessRestrictionsEnabled property is enabled, this method can be used to remove an access rule previously added with the AddDeniedProcess method.

Pass the same values for ProcessFileName and ProcessId as were used to add the rule when AddDeniedProcess was called previously. Please refer to that method's documentation for more information.

Note: This method can be called only when Active is , and it cannot be called within events.

The methods and properties related to process access lists are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of process access information occurs in a thread-safe manner.

RemoveGrantedProcess Method (CBVaultDrive Module)

Removes a rule that allows a process to access the virtual drive.

Syntax

public func removeGrantedProcess(processFileName: String, processId: Int32) throws -> Void
- (void)removeGrantedProcess:(NSString*)processFileName :(int)processId;

Remarks

When the ProcessRestrictionsEnabled property is enabled, this method can be used to remove an access rule previously added with the AddGrantedProcess method.

Pass the same values for ProcessFileName and ProcessId as were used to add the rule when AddGrantedProcess was called previously. Please refer to that method's documentation for more information.

Note: This method can be called only when Active is , and it cannot be called within events.

The methods and properties related to process access lists are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of process access information occurs in a thread-safe manner.

RemoveMountingPoint Method (CBVaultDrive Module)

Removes a mounting point for the virtual drive.

Syntax

public func removeMountingPoint(index: Int32, mountingPoint: String, flags: Int32, authenticationId: Int64) throws -> Void
- (void)removeMountingPoint:(int)index :(NSString*)mountingPoint :(int)flags :(long long)authenticationId;

Remarks

This method removes a previously-created mounting point for the virtual drive.

Index must be set to the index of an item in the MountingPoint* properties, or to -1 to remove an item based on the other method parameters.

If Index is -1, then the same values must be passed for MountingPoint, Flags, AuthenticationId as were used to add the mounting point when AddMountingPoint was called previously. Please refer to that method's documentation for more information. (If Index is not -1, these parameters are ignored.)

The sgSTGMPDRIVELETTERNOTIFYASYNC; flag may be passed in Flags to send notifications about removal of the mounting point asynchronously. Do not use this flag if the process quits right after a call to this method because asynchronous delivery involves a secondary thread, which will be terminated when the process quits.

Note: This method cannot be called within events.

The methods and properties related to mounting points are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of mounting points occurs in a thread-safe manner.

ResetIcon Method (CBVaultDrive Module)

Resets the virtual drive's icon back to default by deselecting the active overlay icon (Windows only).

Syntax

public func resetIcon() throws -> Void
- (void)resetIcon;

Remarks

This method deselects the overlay icon currently in use, thus resetting the virtual drive's icon back to its default state (i.e., displayed without any overlay icons).

Please refer to the SetIcon method, as well as the Custom Drive Icons topic, for more information.

The Helper DLL must be installed in order for this method to function correctly. Applications can check to see whether the Helper DLL is installed using the GetModuleVersion method, and install it using the Install method if necessary.

Note: This method can be called only after creating a virtual drive, and it cannot be called within events.

ResolveLink Method (CBVaultDrive Module)

This method retrieves the destination of a symbolic link.

Syntax

Remarks

This method retrieves the destination pointed to by the symbolic link specified by LinkName.

The value passed for LinkName must be a vault-local absolute path.

As the CreateLink method's documentation describes, symbolic links can be created with either relative or absolute vault-local paths. The Normalize parameter specifies whether the class should normalize the specified link's destination before returning it. Passing will ensure a vault-local absolute path is always returned; passing will cause the original destination path to be returned.

Note: This method can be called only when Active is .

SetFileAttributes Method (CBVaultDrive Module)

This method sets the attributes of a vault item.

Syntax

public func setFileAttributes(fileName: String, attributes: Int32) throws -> Void
- (void)setFileAttributes:(NSString*)fileName :(int)attributes;

Remarks

This method sets the attributes of the vault item (e.g., file, directory, symbolic link, or alternate stream) specified by FileName.

The value passed for FileName must be a vault-local absolute path.

The Attributes parameter specifies the new attributes for the vault item, which should be constructed by ORing together one or more of the following values:

VAULT_FATTR_FILE0x00000001The entry is a file.

VAULT_FATTR_DIRECTORY0x00000002The entry is a directory.

VAULT_FATTR_DATA_STREAM0x00000004The entry is an alternate data stream.

VAULT_FATTR_COMPRESSED0x00000008The file or stream is compressed.

VAULT_FATTR_ENCRYPTED0x00000010The file or stream is encrypted.

VAULT_FATTR_SYMLINK0x00000020The entry is a symbolic link.

VAULT_FATTR_READONLY0x00000040The file is read-only.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_ARCHIVE0x00000080The file requires archiving.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_HIDDEN0x00000100The file is hidden.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_SYSTEM0x00000200The file is a system file.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_TEMPORARY0x00000400The file is temporary.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_DELETE_ON_CLOSE0x00000800The file should be deleted when the last handle to the file is closed.

This attribute is currently not supported by CBFS Storage.

VAULT_FATTR_RESERVED_00x00001000Reserved.

VAULT_FATTR_RESERVED_10x00002000Reserved.

VAULT_FATTR_RESERVED_20x00004000Reserved.

VAULT_FATTR_RESERVED_30x00008000Reserved.

VAULT_FATTR_NO_USER_CHANGE0x0000F03FA mask that includes all attributes that cannot be changed.

Applications cannot use the SetFileAttributes method to directly change any of the following attributes: FILE, DIRECTORY, DATA_STREAM, COMPRESSED, ENCRYPTED, SYMLINK, RESERVED_0, RESERVED_1, RESERVED_2, or RESERVED_3.

VAULT_FATTR_USER_DEFINED0x7FF00000A mask for application-defined attributes.

Applications can use the SetFileAttributes method to set custom attributes, as long as their values are covered by this mask.

VAULT_FATTR_ANY_FILE0x7FFFFFFFA mask that includes any and all attributes.

Note: This method can be called only when Active is , and it cannot be called within events.

SetFileCompression Method (CBVaultDrive Module)

This method compresses or decompresses a file or alternate stream.

Syntax

public func setFileCompression(fileName: String, compression: Int32, compressionLevel: Int32, pagesPerBlock: Int32, password: String) throws -> Void
- (void)setFileCompression:(NSString*)fileName :(int)compression :(int)compressionLevel :(int)pagesPerBlock :(NSString*)password;

Remarks

This method changes the compression mode used to compress the file or alternate stream specified by FileName.

The value passed for FileName must be a vault-local absolute path.

The Compression parameter specifies the new compression mode to use. Valid values are as follows:

VAULT_CM_NONE0Do not use compression.

VAULT_CM_DEFAULT1Use default compression (zlib).

VAULT_CM_CUSTOM2Use event-based custom compression.

This compression level is not used.

VAULT_CM_ZLIB3Use zlib compression.

Valid compression levels are 1-9.

VAULT_CM_RLE4Use RLE compression.

This compression level is not used.

Applications that use custom compression must implement the DataCompress and DataDecompress events. Please refer to the Compression topic for more information.

The CompressionLevel parameter specifies the compression level to use, if applicable.

The PagesPerBlock parameter specifies how many pages should be compressed as a single block, if applicable. Valid values are powers of 2 up to and including 128 (i.e., 2, 4, 8, 16, 32, 64, or 128), or 0, which is interpreted as "default" (currently 16 for both zlib and run-length encoding [RLE]). Larger values allow for more efficient compression; however, because a block must be decompressed (and, for writes, recompressed) anytime its data are accessed, larger values can also cause excessive slowdown, especially for random access.

The Password parameter specifies the password to use to access the file's data, if it is encrypted.

Note: This method can be called only when Active is , and it cannot be called within events.

SetFileCreationTime Method (CBVaultDrive Module)

This method sets the creation time of a vault item.

Syntax

public func setFileCreationTime(fileName: String, creationTime: Date) throws -> Void
- (void)setFileCreationTime:(NSString*)fileName :(NSDate*)creationTime;

Remarks

This method sets the creation time of the vault item (e.g., file, directory, symbolic link, or alternate stream) specified by FileName.

The value passed for FileName must be a vault-local absolute path.

The CreationTime parameter specifies the new creation time for the vault item, which must be specified .

Note: This method can be called only when Active is , and it cannot be called within events.

SetFileEncryption Method (CBVaultDrive Module)

This method encrypts, decrypts, or changes the encryption password of a file or alternate stream.

Syntax

public func setFileEncryption(fileName: String, encryption: Int32, oldPassword: String, newPassword: String) throws -> Void
- (void)setFileEncryption:(NSString*)fileName :(int)encryption :(NSString*)oldPassword :(NSString*)newPassword;

Remarks

This method changes the encryption mode or password used to encrypt the file or alternate stream specified by FileName.

The value passed for FileName must be a vault-local absolute path.

The Encryption parameter specifies the new encryption mode to use. Valid values are as follows:

VAULT_EM_NONE0x0Do not use encryption.

VAULT_EM_DEFAULT0x1Use default encryption (VAULT_EM_XTS_AES256_PBKDF2_HMAC_SHA256).

VAULT_EM_XTS_AES256_PBKDF2_HMAC_SHA2560x2Use AES256 encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

VAULT_EM_CUSTOM256_PBKDF2_HMAC_SHA2560x3Use event-based custom 256-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 256-bit (32-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM512_PBKDF2_HMAC_SHA2560x4Use event-based custom 512-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 512-bit (64-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM1024_PBKDF2_HMAC_SHA2560x5Use event-based custom 1024-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 1024-bit (128-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM256_CUSTOM_KEY_DERIVE0x23Use event-based custom 256-bit encryption with custom key derivation.

A 256-bit (32-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM512_CUSTOM_KEY_DERIVE0x24Use event-based custom 512-bit encryption with custom key derivation.

A 512-bit (64-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM1024_CUSTOM_KEY_DERIVE0x25Use event-based custom 1024-bit encryption with custom key derivation.

A 1024-bit (128-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM256_DIRECT_KEY0x43Use event-based custom 256-bit encryption with no key derivation.

A 256-bit (32-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_CUSTOM512_DIRECT_KEY0x44Use event-based custom 512-bit encryption with no key derivation.

A 512-bit (64-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_CUSTOM1024_DIRECT_KEY0x45Use event-based custom 1024-bit encryption with no key derivation.

A 1024-bit (128-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_UNKNOWN0xFFUnidentified or unknown encryption.

Applications that use custom encryption must implement at least the DataEncrypt and DataDecrypt events. Certain custom encryption modes may require that the HashCalculate or KeyDerive event be implemented as well. Please refer to the Encryption topic for more information.

The OldPassword parameter specifies the current encryption password, if applicable.

The NewPassword parameter specifies the new encryption password to use, if applicable.

Note: This method can be called only when Active is , and it cannot be called within events.

SetFileLastAccessTime Method (CBVaultDrive Module)

This method sets the last access time of a vault item.

Syntax

public func setFileLastAccessTime(fileName: String, lastAccessTime: Date) throws -> Void
- (void)setFileLastAccessTime:(NSString*)fileName :(NSDate*)lastAccessTime;

Remarks

This method sets the last access time of the vault item (e.g., file, directory, symbolic link, or alternate stream) specified by FileName.

The value passed for FileName must be a vault-local absolute path.

The LastAccessTime parameter specifies the new last access time for the vault item, which must be specified .

Note: This method can be called only when Active is , and it cannot be called within events.

SetFileModificationTime Method (CBVaultDrive Module)

This method sets the modification time of a vault item.

Syntax

public func setFileModificationTime(fileName: String, modificationTime: Date) throws -> Void
- (void)setFileModificationTime:(NSString*)fileName :(NSDate*)modificationTime;

Remarks

This method sets the modification time of the vault item (e.g., file, directory, symbolic link, or alternate stream) specified by FileName.

The value passed for FileName must be a vault-local absolute path.

The ModificationTime parameter specifies the new modification time for the vault item, which must be specified .

Note: This method can be called only when Active is , and it cannot be called within events.

SetFileSize Method (CBVaultDrive Module)

This method sets the size of a file or alternate stream.

Syntax

public func setFileSize(fileName: String, size: Int64, password: String) throws -> Void
- (void)setFileSize:(NSString*)fileName :(long long)size :(NSString*)password;

Remarks

This method sets the size of the file or alternate stream specified by FileName.

The value passed for FileName must be a vault-local absolute path.

The Size parameter specifies the new size of the file or alternate stream, which must be greater than or equal to 0.

Applications can also change the size of a file or alternate stream using the stream objects returned by the OpenFile and OpenFileEx methods.

Note: This method can be called only when Active is , and it cannot be called within events.

SetFileTag Method (CBVaultDrive Module)

This method attaches a raw file tag with binary data to the specified vault item.

Syntax

public func setFileTag(fileName: String, tagId: Int32, data: Data) throws -> Void
- (void)setFileTag:(NSString*)fileName :(int)tagId :(NSData*)data;

Remarks

This method attaches a raw file tag with binary data to the vault item (e.g., file, directory, or alternate stream) specified by FileName using the specified TagId. If a raw file tag with the specified TagId is already attached to the specified vault item, it is replaced.

The value passed for FileName must be a vault-local absolute path. The value passed for TagId must be in the range 0x0001 to 0xCFFF (inclusive).

The Data parameter specifies the raw binary data to store in the file tag; it may be up to 65531 bytes in length.

Please refer to the File Tags topic for more information.

Note: This method can be called only when Active is , and it cannot be called within events.

SetFileTagAsAnsiString Method (CBVaultDrive Module)

This method attaches an AnsiString-typed file tag to the specified vault item.

Syntax

public func setFileTagAsAnsiString(fileName: String, tagName: String, value: String) throws -> Void
- (void)setFileTagAsAnsiString:(NSString*)fileName :(NSString*)tagName :(NSString*)value;

Remarks

This method attaches an AnsiString-typed file tag to the vault item (e.g., file, directory, or alternate stream) specified by FileTag using the specified TagName. If a typed file tag with the specified TagName is already attached to the specified vault item, it is replaced.

The value passed for FileName must be a vault-local absolute path. The value passed for TagName may be up to 4095 characters in length (not including the null terminator).

The Value parameter specifies the AnsiString value to store in the file tag; it may be up to 65529 - (name_length * 2) bytes in length (where name_length is measured in characters), including null terminators for both the AnsiString value and the name.

Please refer to the File Tags topic for more information.

Note: AnsiString file tag values are converted to UTF-16LE when referenced in a search query string. To reduce the chance of string-conversion-related issues, it is recommended that applications only store ASCII characters in AnsiString-typed file tags, and prefer String-typed file tags (created using SetFileTagAsString) in all other cases.

Note: This method can be called only when Active is , and it cannot be called within events.

SetFileTagAsBoolean Method (CBVaultDrive Module)

This method attaches a Boolean-typed file tag to the specified vault item.

Syntax

public func setFileTagAsBoolean(fileName: String, tagName: String, value: Bool) throws -> Void
- (void)setFileTagAsBoolean:(NSString*)fileName :(NSString*)tagName :(BOOL)value;

Remarks

This method attaches a Boolean-typed file tag to the vault item (e.g., file, directory, or alternate stream) specified by FileTag using the specified TagName. If a typed file tag with the specified TagName is already attached to the specified vault item, it is replaced.

The value passed for FileName must be a vault-local absolute path. The value passed for TagName may be up to 4095 characters in length (not including the null terminator).

The Value parameter specifies the Boolean value to store in the file tag.

Please refer to the File Tags topic for more information.

Note: This method can be called only when Active is , and it cannot be called within events.

SetFileTagAsDateTime Method (CBVaultDrive Module)

This method attaches a DateTime-typed file tag to the specified vault item.

Syntax

public func setFileTagAsDateTime(fileName: String, tagName: String, value: Date) throws -> Void
- (void)setFileTagAsDateTime:(NSString*)fileName :(NSString*)tagName :(NSDate*)value;

Remarks

This method attaches a DateTime-typed file tag to the vault item (e.g., file, directory, or alternate stream) specified by FileTag using the specified TagName. If a typed file tag with the specified TagName is already attached to the specified vault item, it is replaced.

The value passed for FileName must be a vault-local absolute path. The value passed for TagName may be up to 4095 characters in length (not including the null terminator).

The Value parameter specifies the DateTime value to store in the file tag, which must be specified .

Please refer to the File Tags topic for more information.

Note: This method can be called only when Active is , and it cannot be called within events.

SetFileTagAsNumber Method (CBVaultDrive Module)

This method attaches a Number-typed file tag to the specified vault item.

Syntax

public func setFileTagAsNumber(fileName: String, tagName: String, value: Int64) throws -> Void
- (void)setFileTagAsNumber:(NSString*)fileName :(NSString*)tagName :(long long)value;

Remarks

This method attaches a Number-typed file tag to the vault item (e.g., file, directory, or alternate stream) specified by FileTag using the specified TagName. If a typed file tag with the specified TagName is already attached to the specified vault item, it is replaced.

The value passed for FileName must be a vault-local absolute path. The value passed for TagName may be up to 4095 characters in length (not including the null terminator).

The Value parameter specifies the Number value to store in the file tag.

Please refer to the File Tags topic for more information.

Note: This method can be called only when Active is , and it cannot be called within events.

SetFileTagAsString Method (CBVaultDrive Module)

This method attaches a String-typed file tag to the specified vault item.

Syntax

public func setFileTagAsString(fileName: String, tagName: String, value: String) throws -> Void
- (void)setFileTagAsString:(NSString*)fileName :(NSString*)tagName :(NSString*)value;

Remarks

This method attaches a String-typed file tag to the vault item (e.g., file, directory, or alternate stream) specified by FileTag using the specified TagName. If a typed file tag with the specified TagName is already attached to the specified vault item, it is replaced.

The value passed for FileName must be a vault-local absolute path. The value passed for TagName may be up to 4095 characters in length (not including the null terminator).

The Value parameter specifies the UTF-16LE String value to store in the file tag; it may be up to 65529 - (name_length * 2) bytes in length (where name_length is measured in characters), including null terminators for both the String value and the name.

Please refer to the File Tags topic for more information.

Note: This method can be called only when Active is , and it cannot be called within events.

SetIcon Method (CBVaultDrive Module)

Selects a registered overlay icon for display on the virtual drive in Windows File Explorer (Windows only).

Syntax

public func setIcon(iconId: String) throws -> Void
- (void)setIcon:(NSString*)iconId;

Remarks

This method selects the overlay icon specified by IconId for display, causing it to be shown on the virtual drive in Windows File Explorer. The desired icon must have already been registered using the RegisterIcon method, and the value passed for IconId must match the one passed RegisterIcon at that time.

To switch to a different overlay icon later, call this method again with a different IconId. To reset the virtual drive's icon back to its default state (i.e., displayed without any overlay icons), call the ResetIcon method. Please refer to the Custom Drive Icons topic for more information.

The Helper DLL must be installed in order for this method to function correctly. Applications can check to see whether the Helper DLL is installed using the GetModuleVersion method, and install it using the Install method if necessary.

Note: This method can be called only after creating a virtual drive, and it cannot be called within events. Also, note that the effects of this method only last until the virtual drive is destroyed; applications that always want to have some overlay icon displayed must call this method each time the virtual drive is created.

ShutdownSystem Method (CBVaultDrive Module)

Shuts down or reboots the operating system.

Syntax

public func shutdownSystem(shutdownPrompt: String, timeout: Int32, forceCloseApps: Bool, reboot: Bool) throws -> Bool
- (BOOL)shutdownSystem:(NSString*)shutdownPrompt :(int)timeout :(BOOL)forceCloseApps :(BOOL)reboot;

Remarks

This method shuts down or (if Reboot is ) reboots the operating system. If the appropriate privileges cannot be obtained, or if the InitiateSystemShutdown system call returns , then this method will return ; otherwise, it returns . This method can be used if the installation or uninstallation function requires the system to be rebooted in order to complete.

ShutdownPrompt, if non-empty, specifies a message that the OS should display to the user for Timeout seconds. If empty string is passed for ShutdownPrompt, no message is displayed and the Timeout parameter's value is ignored.

ForceCloseApps specifies whether the OS should forcefully close all applications. Please keep in mind that forceful closing of applications with unsaved data can lead to data loss.

Reboot specifies whether the OS should reboot () or just shut down ().

This method is available in both the class API and the Installer DLL included with the product; please refer to the Driver Installation in Windows topic for more information about the latter.

Note: This method cannot be called within events.

Uninstall Method (CBVaultDrive Module)

Uninstalls the product's system drivers and/or helper DLL (Windows only).

Syntax

public func uninstall(cabFileName: String, productGUID: String, installedPath: String, flags: Int32) throws -> Int32
- (int)uninstall:(NSString*)cabFileName :(NSString*)productGUID :(NSString*)installedPath :(int)flags;

Remarks

This method is used to uninstall the product's various modules (i.e., the system drivers and Helper DLL). If the system must be rebooted to complete the uninstallation process, this method will return a non-zero value indicating which module(s) requested the reboot (see Install for possible values).

Important: To upgrade the product's modules, use only the Install method. Previously installed versions of the modules should not be uninstalled first. Calling the Install method will upgrade the previously installed version.

Please refer to the Driver Installation in Windows topic for more information.

The same values must be passed for the CabFileName, ProductGUID, and InstalledPath parameters as were passed when Install was called; please refer to its documentation for more information.

Flags specifies which versions of the product's modules should be uninstalled, and should be set by OR'ing together one or more of the following values:

UNINSTALL_VERSION_PREVIOUS0x00000001Uninstall modules from previous product versions.

This flag is not used on non-Windows systems.

UNINSTALL_VERSION_CURRENT0x00000002Uninstall modules from the current product version.

This flag is not used on non-Windows systems.

UNINSTALL_VERSION_ALL0x00000003Uninstall modules from all product versions.

This flag is not used on non-Windows systems.

This method is available in both the class API and the Installer DLL included with the product; please refer to the Driver Installation in Windows topic for more information about the latter.

This method requires administrative rights to execute successfully. If the user account of the process that calls this method doesn't have such rights, the call will fail with an ERROR_PRIVILEGE_NOT_HELD () error.

Note: This method cannot be called within events.

UnixTimeToFileTime Method (CBVaultDrive Module)

This method converts the date/time in Unix format to the Windows FileTime format.

Syntax

public func unixTimeToFileTime(unixTime: Int64, nanoseconds: Int32) throws -> Date
- (NSDate*)unixTimeToFileTime:(long long)unixTime :(int)nanoseconds;

Remarks

Use this method to convert the date/time in Unix format to the Windows FileTime format.

Pass the Unix time value to UnixTime and optionally pass the subsecond part of the time, expressed in nanoseconds, to the Nanoseconds parameter. If the subsecond part of the time is not available, set Nanoseconds to zero (0) value.

UnregisterIcon Method (CBVaultDrive Module)

Unregisters an existing overlay icon (Windows only).

Syntax

public func unregisterIcon(productGUID: String, iconId: String) throws -> Bool
- (BOOL)unregisterIcon:(NSString*)productGUID :(NSString*)iconId;

Remarks

This method unregisters the overlay icon identified by IconId. If the system must be rebooted to completely remove the icon, this method returns , otherwise it returns .

The same values must be passed for the ProductGUID and IconId parameters as were passed when RegisterIcon was called; please refer to its documentation, as well as the Custom Drive Icons topic, for more information.

This method is available in both the class API and the Installer DLL included with the product; please refer to the Driver Installation in Windows topic for more information about the latter. The Helper DLL must be installed in order for this method to function correctly. Applications can check to see whether the Helper DLL is installed using the GetModuleVersion method, and install it using the Install method if necessary.

This method requires administrative rights to execute successfully. If the user account of the process that calls this method doesn't have such rights, the call will fail with an ERROR_PRIVILEGE_NOT_HELD () error.

Note: This method cannot be called within events.

UpdateVaultEncryption Method (CBVaultDrive Module)

This method encrypts, decrypts, or changes the encryption password of the vault.

Syntax

public func updateVaultEncryption(encryption: Int32, oldPassword: String, newPassword: String) throws -> Void
- (void)updateVaultEncryption:(int)encryption :(NSString*)oldPassword :(NSString*)newPassword;

Remarks

This method changes the encryption mode or password used to encrypt the vault.

The Encryption parameter specifies the new encryption mode to use. Valid values are as follows:

VAULT_EM_NONE0x0Do not use encryption.

VAULT_EM_DEFAULT0x1Use default encryption (VAULT_EM_XTS_AES256_PBKDF2_HMAC_SHA256).

VAULT_EM_XTS_AES256_PBKDF2_HMAC_SHA2560x2Use AES256 encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

VAULT_EM_CUSTOM256_PBKDF2_HMAC_SHA2560x3Use event-based custom 256-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 256-bit (32-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM512_PBKDF2_HMAC_SHA2560x4Use event-based custom 512-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 512-bit (64-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM1024_PBKDF2_HMAC_SHA2560x5Use event-based custom 1024-bit encryption with PBKDF2 key derivation based on a HMAC_SHA256 key hash.

A 1024-bit (128-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM256_CUSTOM_KEY_DERIVE0x23Use event-based custom 256-bit encryption with custom key derivation.

A 256-bit (32-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM512_CUSTOM_KEY_DERIVE0x24Use event-based custom 512-bit encryption with custom key derivation.

A 512-bit (64-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM1024_CUSTOM_KEY_DERIVE0x25Use event-based custom 1024-bit encryption with custom key derivation.

A 1024-bit (128-byte) block size is used with this encryption mode.

VAULT_EM_CUSTOM256_DIRECT_KEY0x43Use event-based custom 256-bit encryption with no key derivation.

A 256-bit (32-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_CUSTOM512_DIRECT_KEY0x44Use event-based custom 512-bit encryption with no key derivation.

A 512-bit (64-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_CUSTOM1024_DIRECT_KEY0x45Use event-based custom 1024-bit encryption with no key derivation.

A 1024-bit (128-byte) block size is used with this encryption mode. This mode is useful for cases in which the password is an identifier for an external key and should not be used for key derivation.

VAULT_EM_UNKNOWN0xFFUnidentified or unknown encryption.

Applications that use custom encryption must implement at least the DataEncrypt and DataDecrypt events. Certain custom encryption modes may require that the HashCalculate or KeyDerive event be implemented as well. Please refer to the Encryption topic for more information.

The OldPassword parameter specifies the current encryption password, if applicable.

The NewPassword parameter specifies the new encryption password to use, if applicable.

Note: This method can be called only when Active is , and it cannot be called within events.

DataCompress Event (CBVaultDrive Module)

This event fires to compress a block of data using a custom compression algorithm.

Syntax

func onDataCompress(inData: Data, inSize: Int32, outData: NSMutableData, outSize: inout Int32, compressionLevel: Int32, resultCode: inout Int32)
- (void)onDataCompress:(NSMutableData*)inData :(int)inSize :(NSMutableData*)outData :(int*)outSize :(int)compressionLevel :(int*)resultCode;

Remarks

This event fires when the class needs to compress a block of data using an application-defined compression algorithm. Please refer to the Compression topic for more information.

This event only needs to be handled by applications that use the VAULT_CM_CUSTOM compression mode. To handle this event properly, applications must compress all InSize bytes of data in the InData buffer, write the compressed data to the OutData buffer, and set OutSize to reflect the total number of bytes written to OutData.

Note: OutSize is initially set to the capacity of the OutData buffer. If the OutData buffer is not large enough to accommodate all of the data after compression (which, while uncommon, may occur with some compression algorithms), do not write any data to OutData. Instead, set ResultCode to VAULT_ERR_BUFFER_TOO_SMALL to inform the class that the current block of data should remain uncompressed.

Please see the Buffer Parameters topic for more information on how to work with memory buffer event parameters.

The CompressionLevel specifies the requested compression level. Possible values are 0 through 9; where 0 means "use the default compression level". Applications may ignore this value if it is not needed by their compression algorithm.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

DataDecompress Event (CBVaultDrive Module)

This event fires to decompress a block of data using a custom compression algorithm.

Syntax

func onDataDecompress(inData: Data, inSize: Int32, outData: NSMutableData, outSize: inout Int32, resultCode: inout Int32)
- (void)onDataDecompress:(NSMutableData*)inData :(int)inSize :(NSMutableData*)outData :(int*)outSize :(int*)resultCode;

Remarks

This event fires when the class needs to decompress a block of data using an application-defined compression algorithm. Please refer to the Compression topic for more information.

This event only needs to be handled by applications that use the VAULT_CM_CUSTOM compression mode. To handle this event properly, applications must decompress all InSize bytes of data in the InData buffer, write the decompressed data to the OutData buffer, and set OutSize to reflect the total number of bytes written to OutData.

Note: OutSize is initially set to the capacity of the OutData buffer, which (under normal circumstances) should be large enough to accommodate all of the decompressed data. Only if the vault is corrupted should the OutData buffer ever be too small to hold the decompressed data; so if this occurs, do not write any data to OutData. Instead, set ResultCode to VAULT_ERR_VAULT_CORRUPTED.

Please see the Buffer Parameters topic for more information on how to work with memory buffer event parameters.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

DataDecrypt Event (CBVaultDrive Module)

This event fires to decrypt a block of data using a custom encryption implementation.

Syntax

func onDataDecrypt(key: Data, keyLength: Int32, salt1: Data, salt1Size: Int32, salt2: Data, salt2Size: Int32, data: NSMutableData, dataSize: Int32, resultCode: inout Int32)
- (void)onDataDecrypt:(NSMutableData*)key :(int)keyLength :(NSMutableData*)salt1 :(int)salt1Size :(NSMutableData*)salt2 :(int)salt2Size :(NSMutableData*)data :(int)dataSize :(int*)resultCode;

Remarks

This event fires when the class needs to decrypt a block of data using an application-defined encryption implementation. Please refer to the Encryption topic for more information.

This event only needs to be handled by applications that use one of the VAULT_EM_CUSTOM* encryption modes. To handle this event properly, applications must decrypt all DataSize bytes of data in the Data buffer. After decrypting the data, applications must write it back to the Data buffer. The size of the decrypted data must match DataSize, which is always a multiple of 32.

The Key buffer contains the encryption key (e.g., password) specified for the file, alternate stream, or vault whose data are being decrypted. The KeyLength parameter specifies the length, in bytes, of Key.

The Salt1 and Salt2 buffers contain the same salt values provided when the data were encrypted in an earlier DataEncrypt event. The Salt1Size and Salt2Size parameters specify the length, in bytes, of Salt1 and Salt2.

Please see the Buffer Parameters topic for more information on how to work with memory buffer event parameters.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

DataEncrypt Event (CBVaultDrive Module)

This event fires to encrypt a block of data using a custom encryption implementation.

Syntax

func onDataEncrypt(key: Data, keyLength: Int32, salt1: Data, salt1Size: Int32, salt2: Data, salt2Size: Int32, data: NSMutableData, dataSize: Int32, resultCode: inout Int32)
- (void)onDataEncrypt:(NSMutableData*)key :(int)keyLength :(NSMutableData*)salt1 :(int)salt1Size :(NSMutableData*)salt2 :(int)salt2Size :(NSMutableData*)data :(int)dataSize :(int*)resultCode;

Remarks

This event fires when the class needs to encrypt a block of data using an application-defined encryption implementation. Please refer to the Encryption topic for more information.

This event only needs to be handled by applications that use one of the VAULT_EM_CUSTOM* encryption modes. To handle this event properly, applications must encrypt all DataSize bytes of data in the Data buffer. After encrypting the data, applications must write it back to the Data buffer. The size of the encrypted data must match DataSize, which is always a multiple of 32.

The Key buffer contains the encryption key (e.g., password) specified for the file, alternate stream, or vault whose data are being decrypted. The KeyLength parameter specifies the length, in bytes, of Key.

The Salt1 and Salt2 buffers contain salt values that can be used to strengthen encryption, if desired. The Salt1Size and Salt2Size parameters specify the length, in bytes, of Salt1 and Salt2.

Please see the Buffer Parameters topic for more information on how to work with memory buffer event parameters.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

Ejected Event (CBVaultDrive Module)

Fires when the media and virtual drive have been ejected (Windows only).

Syntax

func onEjected(resultCode: inout Int32)
- (void)onEjected:(int*)resultCode;

Remarks

This event fires when a user has ejected the media and virtual drive using the Eject command in Windows File Explorer.

For ejection via the system notification area (tray) to work correctly, the StorageType property must be set to STGT_DISK_PNP, and the StorageCharacteristics property must include ejection-related flags.

This event is optional; it is provided to give applications a chance to, e.g., free up resources associated with the virtual drive. Since the virtual drive has already been destroyed by the time this event fires, applications must not call CloseVault (it is called automatically with its Force parameter set to ) .

The ResultCode parameter will always be initially set to the result of a storage deletion operation. The expected value is 0. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource isn't available, security checks failed, etc.), set it to a non-zero value to report an appropriate error. Note that as ejection has already occured, this non-zero value will not have effect on the media's state. Please refer to the Error Reporting and Handling topic for more information.

Error Event (CBVaultDrive Module)

This event fires if an unhandled error occurs during an event.

Syntax

func onError(errorCode: Int32, description: String)
- (void)onError:(int)errorCode :(NSString*)description;

Remarks

This event fires if an unhandled error occurs during another event. Developers can use this information to track down unhandled errors in an application's event handlers.

FileAccess Event (CBVaultDrive Module)

Fires when the OS wants to create or open a file or directory.

Syntax

func onFileAccess(fileName: String, existingAttributes: Int32, desiredAccess: Int32, attributes: Int32, options: Int32, shareMode: Int32, resultCode: inout Int32)
- (void)onFileAccess:(NSString*)fileName :(int)existingAttributes :(int)desiredAccess :(int)attributes :(int)options :(int)shareMode :(int*)resultCode;

Remarks

This optional event fires when the OS wants to create or open the existing file or directory specified by FileName. It can be used to control and optionally restrict access to files and directories. The event fires when FireFileAccessEvent setting is enabled (by default, it is disabled for performance reasons).

This event also fires when the OS wants to create or open a named data stream in a file. Such requests are distinguished by the presence of a colon (:) in the FileName value; the text before the colon is the name of the file itself, and the text after the colon is the name of the stream to open.

The ExistingAttributes parameter contains the attributes of the file or directory being opened, if one already exists; otherwise, it contains 0. To determine whether the request is for a file or a directory, compare ExistingAttributes against the VAULT_FATTR_DIRECTORY or VAULT_FATTR_FILE constant respectively, like so: // Check whether the request is for a file or a directory. bool isDirectory = ExistingAttributes & CBFSVAULT_FATTR_DIRECTORY == CBFSVAULT_FATTR_DIRECTORY; bool isFile = ExistingAttributes & CBFSVAULT_FATTR_FILE == CBFSVAULT_FATTR_FILE;

The DesiredAccess parameter specifies the mode of access to the file or directory desired by the process that initiated the request. It can be one of the following values:

STG_DACCESS_READ0x00000001Grant/deny read access.

STG_DACCESS_WRITE0x00000002Grant/deny write access.

STG_DACCESS_READWRITE0x00000003Grant/deny read and write access.

The Attributes parameter contains the value of Attributes, passed by the originator process; it may contain zero or more of the following attributes:

VAULT_FATTR_FILE0x00000001The entry is a file.

VAULT_FATTR_DIRECTORY0x00000002The entry is a directory.

VAULT_FATTR_DATA_STREAM0x00000004The entry is an alternate data stream.

VAULT_FATTR_COMPRESSED0x00000008The file or stream is compressed.

VAULT_FATTR_ENCRYPTED0x00000010The file or stream is encrypted.

VAULT_FATTR_SYMLINK0x00000020The entry is a symbolic link.

VAULT_FATTR_READONLY0x00000040The file is read-only.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_ARCHIVE0x00000080The file requires archiving.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_HIDDEN0x00000100The file is hidden.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_SYSTEM0x00000200The file is a system file.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_TEMPORARY0x00000400The file is temporary.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_DELETE_ON_CLOSE0x00000800The file should be deleted when the last handle to the file is closed.

This attribute is currently not supported by CBFS Storage.

VAULT_FATTR_RESERVED_00x00001000Reserved.

VAULT_FATTR_RESERVED_10x00002000Reserved.

VAULT_FATTR_RESERVED_20x00004000Reserved.

VAULT_FATTR_RESERVED_30x00008000Reserved.

VAULT_FATTR_NO_USER_CHANGE0x0000F03FA mask that includes all attributes that cannot be changed.

Applications cannot use the SetFileAttributes method to directly change any of the following attributes: FILE, DIRECTORY, DATA_STREAM, COMPRESSED, ENCRYPTED, SYMLINK, RESERVED_0, RESERVED_1, RESERVED_2, or RESERVED_3.

VAULT_FATTR_USER_DEFINED0x7FF00000A mask for application-defined attributes.

Applications can use the SetFileAttributes method to set custom attributes, as long as their values are covered by this mask.

VAULT_FATTR_ANY_FILE0x7FFFFFFFA mask that includes any and all attributes.

Windows: The Options parameter includes flags and options that are described in the CreateOptions parameter of the Native API's ZwCreateFile function. Most of those flags correspond to flags passed in the FlagsAndAttributes parameter of the Windows API's CreateFile function, but some flags are specific to Native API. If you need those flags, check both functions' descriptions.

Linux, macOS: this parameter is not used.

The ShareMode parameter specifies the access sharing mode desired by the process that initiated the request; it may contain zero or more of the following share mode flags:

FILE_SYS_SHARE_READ0x00000001Enables subsequent open operations on a file to request read access.

Otherwise, other processes cannot open the file if they request read access. If this flag is not specified, but the file has been opened for read access, file creation or opening fails.

FILE_SYS_SHARE_WRITE0x00000002Enables subsequent open operations on a file to request write access.

Otherwise, other processes cannot open the file if they request write access. If this flag is not specified, but the file has been opened for write access or has a file mapping with write access, file creation or opening fails.

FILE_SYS_SHARE_DELETE0x00000004Enables subsequent open operations on a file to request delete access.

Otherwise, other processes cannot open the file if they request delete access. If this flag is not specified, but the file has been opened for delete access, the function fails.

Note: Delete access allows both delete and rename operations.

The ResultCode parameter will always be 0 when the event is fired. Applications may perform the necessary access control using one of GetOriginator* methods, and set ResultCode to 0 to indicate that the file or directory may be opened, or to a system-specific error code to tell the OS about an error. Please refer to the Error Reporting and Handling topic for more information.

Note: an application may not access the drive and its contents from an event handler, as this will cause a deadlock.

FileAfterCopy Event (CBVaultDrive Module)

This event fires after the file has been copied during file export/import operations.

Syntax

func onFileAfterCopy(sourcePath: String, destinationPath: String, attributes: Int32, resultCode: inout Int32)
- (void)onFileAfterCopy:(NSString*)sourcePath :(NSString*)destinationPath :(int)attributes :(int*)resultCode;

Remarks

This event fires when the class is executing the CopyToVault or CopyFromVault method after the file specified by SourcePath has been copied to a file identified by DestinationPath.

For a directory, the event fires after the directory identified by SourcePath has been created as DestinationPath and all of the source directory's contents have been processed.

The event will fire only if the VAULT_CFF_FIRE_COPY_EVENTS flag is included in the Flags parameter of the CopyFromVault or CopyToVault method. Also, the event will not fire for the base directory that was passed to the CopyToVault or CopyFromVault method.

A process may check whether it was a file or directory copied by inspecting the value of the Attributes parameter, which contains the attributes of the file as a 32-bit integer. The attributes are composed of one or more of the following values:

VAULT_FATTR_FILE0x00000001The entry is a file.

VAULT_FATTR_DIRECTORY0x00000002The entry is a directory.

VAULT_FATTR_DATA_STREAM0x00000004The entry is an alternate data stream.

VAULT_FATTR_COMPRESSED0x00000008The file or stream is compressed.

VAULT_FATTR_ENCRYPTED0x00000010The file or stream is encrypted.

VAULT_FATTR_SYMLINK0x00000020The entry is a symbolic link.

VAULT_FATTR_READONLY0x00000040The file is read-only.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_ARCHIVE0x00000080The file requires archiving.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_HIDDEN0x00000100The file is hidden.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_SYSTEM0x00000200The file is a system file.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_TEMPORARY0x00000400The file is temporary.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_DELETE_ON_CLOSE0x00000800The file should be deleted when the last handle to the file is closed.

This attribute is currently not supported by CBFS Storage.

VAULT_FATTR_RESERVED_00x00001000Reserved.

VAULT_FATTR_RESERVED_10x00002000Reserved.

VAULT_FATTR_RESERVED_20x00004000Reserved.

VAULT_FATTR_RESERVED_30x00008000Reserved.

VAULT_FATTR_NO_USER_CHANGE0x0000F03FA mask that includes all attributes that cannot be changed.

Applications cannot use the SetFileAttributes method to directly change any of the following attributes: FILE, DIRECTORY, DATA_STREAM, COMPRESSED, ENCRYPTED, SYMLINK, RESERVED_0, RESERVED_1, RESERVED_2, or RESERVED_3.

VAULT_FATTR_USER_DEFINED0x7FF00000A mask for application-defined attributes.

Applications can use the SetFileAttributes method to set custom attributes, as long as their values are covered by this mask.

VAULT_FATTR_ANY_FILE0x7FFFFFFFA mask that includes any and all attributes.

To cancel further copying, return the VAULT_ERR_INTERRUPTED_BY_USER error code via ResultCode.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

FileBeforeCopy Event (CBVaultDrive Module)

This event fires before the file is copied during file export/import operations.

Syntax

func onFileBeforeCopy(sourcePath: String, destinationPath: String, attributes: inout Int32, destinationExists: Bool, skip: inout Bool, resultCode: inout Int32)
- (void)onFileBeforeCopy:(NSString*)sourcePath :(NSString*)destinationPath :(int*)attributes :(BOOL)destinationExists :(int*)skip :(int*)resultCode;

Remarks

This event fires when the class is executing the CopyToVault or CopyFromVault method before the file specified by SourcePath is copied to a file identified by DestinationPath or before the directory identified by SourcePath is about to be created as DestinationPath.

This event will fire only if the VAULT_CFF_FIRE_COPY_EVENTS flag is included in the Flags parameter of the CopyFromVault or CopyToVault method. Also, the event will not fire for the base directory that was passed to the CopyToVault or CopyFromVault method.

A process may check whether it is a file or a directory being copied by inspecting the value of the Attributes parameter, which contains the attributes of the file as a 32-bit integer. The attributes are composed of one or more of the following values:

VAULT_FATTR_FILE0x00000001The entry is a file.

VAULT_FATTR_DIRECTORY0x00000002The entry is a directory.

VAULT_FATTR_DATA_STREAM0x00000004The entry is an alternate data stream.

VAULT_FATTR_COMPRESSED0x00000008The file or stream is compressed.

VAULT_FATTR_ENCRYPTED0x00000010The file or stream is encrypted.

VAULT_FATTR_SYMLINK0x00000020The entry is a symbolic link.

VAULT_FATTR_READONLY0x00000040The file is read-only.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_ARCHIVE0x00000080The file requires archiving.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_HIDDEN0x00000100The file is hidden.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_SYSTEM0x00000200The file is a system file.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_TEMPORARY0x00000400The file is temporary.

This attribute is not used by CBFS Storage, but it can be set and retrieved.

VAULT_FATTR_DELETE_ON_CLOSE0x00000800The file should be deleted when the last handle to the file is closed.

This attribute is currently not supported by CBFS Storage.

VAULT_FATTR_RESERVED_00x00001000Reserved.

VAULT_FATTR_RESERVED_10x00002000Reserved.

VAULT_FATTR_RESERVED_20x00004000Reserved.

VAULT_FATTR_RESERVED_30x00008000Reserved.

VAULT_FATTR_NO_USER_CHANGE0x0000F03FA mask that includes all attributes that cannot be changed.

Applications cannot use the SetFileAttributes method to directly change any of the following attributes: FILE, DIRECTORY, DATA_STREAM, COMPRESSED, ENCRYPTED, SYMLINK, RESERVED_0, RESERVED_1, RESERVED_2, or RESERVED_3.

VAULT_FATTR_USER_DEFINED0x7FF00000A mask for application-defined attributes.

Applications can use the SetFileAttributes method to set custom attributes, as long as their values are covered by this mask.

VAULT_FATTR_ANY_FILE0x7FFFFFFFA mask that includes any and all attributes.

An event handler may change the following attributes: VAULT_FATTR_READONLY, VAULT_FATTR_ARCHIVE, VAULT_FATTR_HIDDEN, VAULT_FATTR_SYSTEM, VAULT_FATTR_TEMPORARY. When files are imported to the vault, an event handler may set user-defined flags that match the VAULT_FATTR_USER_DEFINED mask.

The DestinationExists flag indicates the presence of the file or directory at the moment when the event is fired.

Note: When copying the files from the vault, it is possible that a file gets created or deleted outside of the class; the value of this parameter may become inaccurate.

To skip the file, set the Skip parameter to true. When the file is skipped, FileAfterCopy does not fire.

To cancel copying, return the VAULT_ERR_INTERRUPTED_BY_USER error code via ResultCode.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

FilePasswordNeeded Event (CBVaultDrive Module)

This event fires if a password is needed to open an encrypted file.

Syntax

func onFilePasswordNeeded(fileName: String, password: inout NSString?, ttlInCache: inout Int32, resultCode: inout Int32)
- (void)onFilePasswordNeeded:(NSString*)fileName :(NSString**)password :(int*)TTLInCache :(int*)resultCode;

Remarks

This event fires when the encrypted file specified by FileName is being opened if a valid password has not been provided (either directly, or via the DefaultFileAccessPassword property or CacheFilePassword method). This event will not fire if a valid password has already been provided, or if the file specified by FileName does not exist in the vault.

To allow access to the specified file, set the Password parameter to the correct password.

If an invalid password is provided by the event handler, the event will fire again.

To prevent access to the specified file or to stop being asked for a password in a loop, return the VAULT_ERR_INVALID_PASSWORD error code via ResultCode.

The TTLInCache parameter specifies time to seconds that the class keeps the password in the internal cache to reduce the number of requests for a password. The value of 0 tells the class to discard the password after the first use.

Note: This event can be fired on different threads, and possibly even on several threads concurrently. As an alternative to handling this event, applications can provide a default file encryption password using the DefaultFileAccessPassword property or can call the CacheFilePassword method (before a file is opened) to specify a one-time-use password.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

HashCalculate Event (CBVaultDrive Module)

This event fires to calculate a password hash using a custom hashing implementation.

Syntax

func onHashCalculate(password: Data, passwordSize: Int32, salt: Data, saltSize: Int32, hash: NSMutableData, hashSize: Int32, resultCode: inout Int32)
- (void)onHashCalculate:(NSMutableData*)password :(int)passwordSize :(NSMutableData*)salt :(int)saltSize :(NSMutableData*)hash :(int)hashSize :(int*)resultCode;

Remarks

This event fires when the class needs to calculate a password hash using an application-defined hashing implementation. The calculated hash is used to check the password's validity before using it for encryption. Please refer to the Encryption topic for more information.

This event needs to be handled only by applications that use one of the VAULT_EM_CUSTOM*_DIRECT_KEY encryption modes. To handle this event property, applications must calculate a hash of the data in the Password buffer (whose length, in bytes, is specified by PasswordSize). The calculated hash must be written to the Hash buffer. The size of the calculated hash must not exceed HashSize.

Applications may perform, if desired, their own password validation and return a predefined value for the hash. Applications should not use the same process for key derivation and hash calculation (or should, at the very least, ensure that Salt is used in both operations).

The Salt buffer contains a salt value that can be used (if desired) to strengthen security by increasing the uniqueness of the hash. The SaltSize parameter specifies the length, in bytes, of Salt.

Please see the Buffer Parameters topic for more information on how to work with memory buffer event parameters.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

KeyDerive Event (CBVaultDrive Module)

This event fires to derive an encryption key using a custom key derivation implementation.

Syntax

func onKeyDerive(password: Data, passwordSize: Int32, salt: Data, saltSize: Int32, key: NSMutableData, keySize: Int32, resultCode: inout Int32)
- (void)onKeyDerive:(NSMutableData*)password :(int)passwordSize :(NSMutableData*)salt :(int)saltSize :(NSMutableData*)key :(int)keySize :(int*)resultCode;

Remarks

This event fires when the class needs to derive an encryption key using an application-defined key derivation implementation. Please refer to the Encryption topic for more information.

This event needs to be handled only by applications that use one of the VAULT_EM_CUSTOM*_CUSTOM_KEY_DERIVE encryption modes. To handle this event properly, applications must derive an encryption key from the data in the Password buffer (whose length, in bytes, is specified by PasswordSize). The derived encryption key must be written to the Key buffer. The size of the derived encryption key must not exceed KeySize.

Applications should not use the same process for key derivation and hash calculation (or should, at the very least, ensure that Salt is used in both operations).

The Salt buffer contains a salt value that can be used (if desired) to strengthen security by increasing the uniqueness of the derived key. The SaltSize parameter specifies the length, in bytes, of Salt.

Please see the Buffer Parameters topic for more information on how to work with memory buffer event parameters.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

Progress Event (CBVaultDrive Module)

This event fires to indicate the progress of long-running vault operations.

Syntax

func onProgress(operation: Int32, fileName: String, progress: Int32, total: Int32, canStop: Bool, stop: inout Bool)
- (void)onProgress:(int)operation :(NSString*)fileName :(int)progress :(int)total :(BOOL)canStop :(int*)stop;

Remarks

This event fires anytime the class needs to report the progress of a long-running vault operation. Certain operations may cause this event to fire repeatedly.

The Operation parameter specifies which long-running operation caused this event to fire. Possible values are as follows:

VAULT_PO_FORMATTING0Formatting a vault.

VAULT_PO_CHECKING_11Checking a vault (stage 1).

VAULT_PO_CHECKING_22Checking a vault (stage 2).

VAULT_PO_CHECKING_33Checking a vault (stage 3).

VAULT_PO_CHECKING_44Checking a vault (stage 4).

VAULT_PO_CHECKING_55Checking a vault (stage 5).

VAULT_PO_PAGE_CORRUPTED8Processing a corrupted vault page.

VAULT_PO_PAGE_ORPHANED9Processing an orphaned vault page.

VAULT_PO_COMPRESSING10Compressing a file or alternate stream.

VAULT_PO_DECOMPRESSING11Decompressing a file or alternate stream.

VAULT_PO_ENCRYPTING12Encrypting a vault, file, or alternate stream.

VAULT_PO_DECRYPTING13Decrypting a vault, file, or alternate stream

VAULT_PO_COMPACTING14Compacting a vault.

VAULT_PO_RESIZING15Resizing a vault.

VAULT_PO_CALCULATING_SIZE16Calculating a vault's size.

VAULT_PO_COPYING_FILES_TO_VAULT17Copying files to a vault.

VAULT_PO_COPYING_FILES_FROM_VAULT18Copying files from a vault.

When the operation is copying files from or to the vault, FileName contains the path of the source file being copied.

The Progress and Total parameters reflect the current and maximum progress values. Both will be 0 if the operation's progression cannot be determined.

The CanStop parameter indicates whether the application may interrupt the operation by setting the Stop parameter to .

Note: Some operations can be interrupted only at certain points over the course of their lifetime.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

VaultClose Event (CBVaultDrive Module)

This event fires to close a callback mode vault.

Syntax

func onVaultClose(vaultHandle: Int64, resultCode: inout Int32)
- (void)onVaultClose:(long long)vaultHandle :(int*)resultCode;

Remarks

This event fires when the class needs to close the callback mode vault specified by VaultHandle.

This event needs to be handled only if the CallbackMode property is enabled; please refer to the Callback Mode topic for more information. To handle this event properly, applications must close the vault specified by VaultHandle and invalidate the handle itself.

The VaultHandle parameter contains an application-defined information, associated with an open callback mode vault, as returned by the application in an earlier VaultOpen event.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

VaultDelete Event (CBVaultDrive Module)

This event fires to delete a callback mode vault.

Syntax

func onVaultDelete(vault: String, resultCode: inout Int32)
- (void)onVaultDelete:(NSString*)vault :(int*)resultCode;

Remarks

This event fires when the class needs to delete the callback mode vault identified by Vault.

This event needs to be handled only if the CallbackMode property is enabled; please refer to the Callback Mode topic for more information. To handle this event properly, applications must delete the vault identified by Vault.

The Vault parameter contains an application-defined vault identifier (e.g., name, file path). The value of this parameter will always match the current value of the VaultFile property.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

VaultFlush Event (CBVaultDrive Module)

This event fires to flush a callback mode vault's data out to storage.

Syntax

func onVaultFlush(vaultHandle: Int64, resultCode: inout Int32)
- (void)onVaultFlush:(long long)vaultHandle :(int*)resultCode;

Remarks

This event fires when the class needs to flush the data of the callback mode vault specified by VaultHandle out to storage.

This event needs to be handled only if the CallbackMode property is enabled; please refer to the Callback Mode topic for more information. To handle this event properly, applications must flush all data currently buffered for the vault specified by VaultHandle out to storage. For example, if the application is storing vault data in a file on disk, it could call FlushFileBuffers() on Windows.

The VaultHandle parameter contains an application-defined information, associated with an open callback mode vault, as returned by the application in an earlier VaultOpen event.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

VaultGetParentSize Event (CBVaultDrive Module)

This event fires to determine how much free space is available for growing a callback mode vault.

Syntax

func onVaultGetParentSize(vault: String, vaultHandle: Int64, freeSpace: inout Int64, resultCode: inout Int32)
- (void)onVaultGetParentSize:(NSString*)vault :(long long)vaultHandle :(long long*)freeSpace :(int*)resultCode;

Remarks

This event fires when the class needs to determine how much free space is available for growing the callback mode vault specified by VaultHandle.

This event needs to be handled only if the CallbackMode property is enabled; please refer to the Callback Mode topic for more information. To handle this event properly, applications must set FreeSpace to indicate how many bytes of free space are available in the "parent storage" of the vault specified by VaultHandle. For example:

  • If the vault is stored in a file, return the amount of free space on the associated disk.
  • If the vault is stored in memory, return the amount of memory available to the application (keeping in mind any other memory needs the application may have).
  • If the vault is stored on some remote system, query it to determine how much free space is available.

The Vault parameter contains an application-defined vault identifier (e.g., name, file path). The value of this parameter will always match the current value of the VaultFile property.

The VaultHandle parameter contains an application-defined information, associated with an open callback mode vault, as returned by the application in an earlier VaultOpen event.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

VaultGetSize Event (CBVaultDrive Module)

This event fires to determine the size of a callback mode vault.

Syntax

func onVaultGetSize(vaultHandle: Int64, size: inout Int64, resultCode: inout Int32)
- (void)onVaultGetSize:(long long)vaultHandle :(long long*)size :(int*)resultCode;

Remarks

This event fires when the class needs to determine the size of the callback mode vault specified by VaultHandle.

This event needs to be handled only if the CallbackMode property is enabled; please refer to the Callback Mode topic for more information. To handle this event properly, applications must set Size to indicate the size, in bytes, of the vault specified by VaultHandle.

The VaultHandle parameter contains an application-defined information, associated with an open callback mode vault, as returned by the application in an earlier VaultOpen event.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

VaultOpen Event (CBVaultDrive Module)

This event fires to open a new or existing callback mode vault.

Syntax

func onVaultOpen(vault: String, vaultHandle: inout Int64, openMode: Int32, readOnly: inout Bool, resultCode: inout Int32)
- (void)onVaultOpen:(NSString*)vault :(long long*)vaultHandle :(int)openMode :(int*)readOnly :(int*)resultCode;

Remarks

This event fires when the class wants to open the callback mode vault identified by Vault.

This event needs to be handled only if the CallbackMode property is enabled; please refer to the Callback Mode topic for more information. To handle this event properly, applications must open the vault identified by Vault, creating it if necessary based on the specified OpenMode, and return any associated information in VaultHandle.

If the ReadOnly parameter is initially , the application must open the vault in read-only mode. If ReadOnly is initially , the application may choose whether to open the vault in read-only or read-write mode. It should update the ReadOnly parameter accordingly, if necessary.

If, for any reason, the vault cannot be opened in a manner consistent with the specified OpenMode, the application must return an appropriate error code via ResultCode.

The Vault parameter contains an application-defined vault identifier (e.g., name, file path). The value of this parameter will always match the current value of the VaultFile property.

The VaultHandle parameter is used to return some application-defined handle that uniquely identifies the opened vault. The class uses the returned handle to populate the VaultHandle parameters of the other Vault* events fired for the vault later.

The OpenMode parameter specifies what behavior to use when opening the vault. Valid values are as follows:

VAULT_OM_CREATE_NEW0Creates a new vault if possible, failing if one already exists.

VAULT_OM_CREATE_ALWAYS1Creates a new vault, overwriting an existing one if necessary.

VAULT_OM_OPEN_EXISTING2Opens a vault if it exists; fails otherwise.

VAULT_OM_OPEN_ALWAYS3Opens a vault if it exists; creates a new one otherwise.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

VaultRead Event (CBVaultDrive Module)

This event fires to read data from a callback mode vault.

Syntax

func onVaultRead(vaultHandle: Int64, offset: Int64, buffer: NSMutableData, count: Int32, resultCode: inout Int32)
- (void)onVaultRead:(long long)vaultHandle :(long long)offset :(NSMutableData*)buffer :(int)count :(int*)resultCode;

Remarks

This event fires when the class needs to read data from the callback mode vault specified by VaultHandle.

This event needs to be handled only if the CallbackMode property is enabled; please refer to the Callback Mode topic for more information. To handle this event properly, applications must read Count bytes of data from the vault specified by VaultHandle into Buffer, starting at the specified Offset in the vault.

Count is always a multiple of the vault's PageSize. If, for any reason, an application cannot read exactly Count bytes of data from the vault, it must return an appropriate error code via ResultCode.

Please see the Buffer Parameters topic for more information on how to work with memory buffer event parameters.

The VaultHandle parameter contains an application-defined information, associated with an open callback mode vault, as returned by the application in an earlier VaultOpen event.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

VaultSetSize Event (CBVaultDrive Module)

This event fires to resize a callback mode vault.

Syntax

func onVaultSetSize(vaultHandle: Int64, newSize: Int64, resultCode: inout Int32)
- (void)onVaultSetSize:(long long)vaultHandle :(long long)newSize :(int*)resultCode;

Remarks

This event fires when the class needs to resize the callback mode vault specified by VaultHandle.

This event needs to be handled only if the CallbackMode property is enabled; please refer to the Callback Mode topic for more information. To handle this event properly, applications must grow or shrink the vault specified by VaultHandle to reach the specified NewSize. When growing a vault, applications do not need to sanitize newly allocated space.

The VaultHandle parameter contains an application-defined information, associated with an open callback mode vault, as returned by the application in an earlier VaultOpen event.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

VaultWrite Event (CBVaultDrive Module)

This event fires to write data to a callback mode vault.

Syntax

func onVaultWrite(vaultHandle: Int64, offset: Int64, buffer: Data, count: Int32, resultCode: inout Int32)
- (void)onVaultWrite:(long long)vaultHandle :(long long)offset :(NSMutableData*)buffer :(int)count :(int*)resultCode;

Remarks

This event fires when the class needs to write data to the callback mode vault specified by VaultHandle.

This event needs to be handled only if the CallbackMode property is enabled; please refer to the Callback Mode topic for more information. To handle this event properly, applications must write Count bytes of data from Buffer to the vault specified by VaultHandle, starting at the specified Offset in the vault.

Count is always a multiple of the vault's PageSize. If, for any reason, an application cannot write exactly Count bytes of data to the vault, it must return an appropriate error code via ResultCode.

Please see the Buffer Parameters topic for more information on how to work with memory buffer event parameters.

The VaultHandle parameter contains an application-defined information, associated with an open callback mode vault, as returned by the application in an earlier VaultOpen event.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

Note: An application should not attempt to call class's methods from handlers of this event. Doing this is guaranteed to cause a deadlock.

Note: When a storage is opened concurrently in read-only mode by several applications using CBVaultDrive or CBMemoryDrive class, the event will fire only in the first application. To prevent such a situation, always open a vault in read-write mode.

WorkerThreadCreation Event (CBVaultDrive Module)

Fires just after a new worker thread is created.

Syntax

func onWorkerThreadCreation(resultCode: inout Int32)
- (void)onWorkerThreadCreation:(int*)resultCode;

Remarks

This event fires just after a worker thread is created, in the context of that worker thread.

This event is optional; it is provided to give applications a chance to perform additional processing when a new worker thread is created, such as allocating per-thread objects.

The class maintains a pool of worker threads and uses them to fire events; please refer to the Threading and Concurrency topic for more information.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource is not available or security checks failed), set it to a nonzero value to report an appropriate error. Please see the Error Reporting and Handling topic for more information.

WorkerThreadTermination Event (CBVaultDrive Module)

Fires just before a worker thread is terminated.

Syntax

func onWorkerThreadTermination()
- (void)onWorkerThreadTermination;

Remarks

This event fires just before a worker thread is terminated, in the context of that worker thread.

This event is optional; it is provided to give applications a chance to perform additional processing before a worker thread is terminated, such as deallocating per-thread objects.

The class maintains a pool of worker threads and uses them to fire events; please refer to the Threading and Concurrency topic for more information.

Any errors that occur during this event are ignored.

MountingPoint Type

Represents a mounting point for the virtual drive.

Remarks

This type represents a mounting point for the virtual drive.

Fields

authenticationId
Int64 (read-only)

Default Value: 0

The Authentication ID used when creating the mounting point, if applicable.

If the STGMP_LOCAL flag is included in the value, this property reflects the Authentication ID of the user session in which the mounting point was added. Will be 0 if the mounting point was added in the current user session or globally.

flags
Int32 (read-only)

Default Value: 0

The flags used to create the mounting point.

This property reflects the flags used to create the mounting point. It is a combination of zero or more of the following:

STGMP_SIMPLE0x00010000Create a simple mounting point.

Simple mounting points may be local or global; and when local, can be made visible in either the current user session or another one.

This flag cannot be combined with STGMP_MOUNT_MANAGER or STGMP_NETWORK, and is implied if neither of those flags are present.

STGMP_MOUNT_MANAGER0x00020000Create a mounting point that appears to the system as a physical device.

When the StorageType property is set to STGT_DISK_PNP, mounting points created using the system mount manager appear as physical devices in the Disk Management snap-in of the Microsoft Management Console (mmc.exe).

This flag is a necessary prerequisite for creating a folder mounting point, which makes a drive accessible via an otherwise empty directory on another NTFS volume.

This flag cannot be combined with STGMP_SIMPLE, STGMP_NETWORK, or STGMP_LOCAL.

Only one mounting point of this type can be added to a virtual drive.

STGMP_NETWORK0x00040000Create a network mounting point.

Network mounting points can be further configured using the various STGMP_NETWORK_* flags described below. Applications that plan to make use of network mounting points must be sure to install the Helper DLL before doing so, otherwise Windows File Explorer will not correctly recognize the "network" drive.

This flag cannot be combined with STGMP_SIMPLE or STGMP_MOUNT_MANAGER.

STGMP_LOCAL0x10000000Specifies that a local mounting point should be created.

This flag specifies that a local mounting point should be created rather than a global one. When this flag is set, applications must also pass an appropriate value for the AddMountingPoint method's AuthenticationId parameter.

Passing 0 for AuthenticationId will make the mounting point visible in the current user session. To make the mounting point visible in a different user session instead, pass the target session's Authentication ID.

This flag is valid when combined with STGMP_SIMPLE or STGMP_NETWORK; it cannot be combined with STGMP_MOUNT_MANAGER. Please note that a mounting point can be made available to other computers as a network share, and network shares are always globally visible on the local machine, even if this flag is set.

STGMP_NETWORK_ALLOW_MAP_AS_DRIVE0x00000001Indicates that users may assign a drive letter to the share (e.g., using the 'Map network drive...' context menu item in Windows File Explorer).

STGMP_NETWORK_HIDDEN_SHARE0x00000002Indicates that the share should be skipped during enumeration.

Such shares are only accessible when their name is already known to the accessor.

STGMP_NETWORK_READ_ACCESS0x00000004Makes a read-only share available for the mounting point.

When this flag is specified, the <Server Name> part of the MountingPoint parameter value must be empty. Please refer to the Mounting Points topic for more information. This flag makes the class use the Windows API's NetShareAdd function. As per MSDN, "Only members of the Administrators, System Operators, or Power Users local group can add file shares with a call to the NetShareAdd function."

STGMP_NETWORK_WRITE_ACCESS0x00000008Makes a read/write share available for the mounting point.

When this flag is specified, the <Server Name> part of the MountingPoint parameter value must be empty. Please refer to the Mounting Points topic for more information. This flag makes the class use the Windows API's NetShareAdd function. As per MSDN, "Only members of the Administrators, System Operators, or Power Users local group can add file shares with a call to the NetShareAdd function."

STGMP_NETWORK_CLAIM_SERVER_NAME0x00000010Specifies that the server name is unique.

When this flag is specified, the driver handles IOCTL_REDIR_QUERY_PATH[_EX] requests by instructing the OS to direct all requests going to the <Server Name> part of the MountingPoint parameter's value to the driver instead.

This flag should be used when the <Server Name> is unique within the local system (e.g., when the application's name is used). Using this flag allows the system to avoid delays caused by certain network requests made by various processes.

This flag is also required for "net view" command to be able to show the share in the list.
STGMP_DRIVE_LETTER_NOTIFY_ASYNC0x20000000Causes the method to return immediately without waiting for mounting notifications to be sent to the system.

STGMP_AUTOCREATE_DRIVE_LETTER0x40000000Tells the class that it should assign the drive letter automatically.

When this flag is specified, the class will automatically assign a drive letter from the list of available letters. The assigned letter is added to the end of the list of mounting points, and can be retrieved from there.

Do not include a drive letter in the MountingPoint parameter's value when specifying this flag.

name
String (read-only)

Default Value: ""

The mounting point name.

This property reflects the name of the mounting point (i.e., the value passed to the AddMountingPoint method's MountingPoint parameter).

OpenFile Type

Represents an open filesystem object from the virtual drive.

Remarks

This type represents an open filesystem object (file, directory, etc.) from the virtual drive.

Fields

name
String (read-only)

Default Value: ""

The name of the open file.

This property reflects the name of the open file.

processId
Int32 (read-only)

Default Value: 0

The Id of the process that opened the file.

This property reflects the Id of the process (PID) that opened the file.

processName
String (read-only)

Default Value: ""

The name of the process that opened the file.

This property reflects the name of the process that opened the file.

ProcessAccessRule Type

Represents an access rule granting or denying some process a specific access right.

Remarks

This type represents an access rule that grants or denies some process a specific access right.

Fields

desiredAccess
Int32 (read-only)

Default Value: 0

The kind of access granted or denied.

This property specifies what kind of access is granted or denied by the rule. Possible values are:

STG_DACCESS_READ0x00000001Grant/deny read access.

STG_DACCESS_WRITE0x00000002Grant/deny write access.

STG_DACCESS_READWRITE0x00000003Grant/deny read and write access.

includeChildren
Bool (read-only)

Default Value: False

Whether child processes are affected.

This property indicates whether the rule applies to children of the target process.

processId
Int32 (read-only)

Default Value: 0

The Id of the target process.

This property reflects the target process's Id (PID). Will be 0 if the target process was specified by , or -1 if the rule applies to all processes.

processName
String (read-only)

Default Value: ""

The filename of the target process's executable.

This property reflects the full file name of the target process's executable. Will be empty if the target process was specified by (or if the rule applies to all processes, in which case will be -1).

CBFSStorageStream Type

Syntax

CBFSStorageStream (declared in cbfsstorage.h)

Remarks

The CBFSStorageStream type is returned by some of the CBVaultDrive class's methods. All stream types in CBFS Storage share a common API, documented below.

Config Settings (CBVaultDrive Module)

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

CBVaultDrive Config Settings

AllowMoveStreamsBetweenFiles:   Whether alternate streams may be moved from one file to another.

This configuration setting specifies whether alternate streams may be moved from one file to another using MoveFile or (for the CBVaultDrive or CBMEMORYDRIVE class) directly by the OS.

By default, this setting is disabled, and alternate streams can be renamed only within the same file, and cannot be moved between them.

Note: This setting cannot be changed within events.

AsyncDeleteStorageNotifications:   Whether system broadcasts for virtual drive deletion are sent asynchronously.

This setting specifies whether the WM_DEVICECHANGE broadcast is sent asynchronously () or synchronously () when the virtual drive is deleted using CloseVault.

By default, this setting is enabled, and the broadcast is sent asynchronously. This is typically sufficient, but applications may disable this setting if they find that Windows File Explorer is still presenting virtual drives as available after they've been deleted (which may occur if the application exits immediately after deleting a virtual drive).

AutoCompactDelay:   How long a vault must remain idle before starting automatic compaction.

When a vault is open, and the AutoCompactAt property is set to a nonzero value, the class will automatically compact the vault in the background, as necessary (assuming it is eligible for automatic compaction, as described by the AutoCompactAt documentation). This configuration setting specifies how many milliseconds a vault must remain idle before starting automatic compaction operations.

By default, this setting is set to 0, and automatic compaction operations will start without delay.

Note: This setting cannot be changed within events.

DefaultFileCompressionLevel:   The default compression level to use when creating files and alternate streams.

This configuration setting specifies the default compression level that the class should use when creating files and alternate streams, if applicable. Valid values are 0 through 9; where 0 means "use the default compression level for the selected compression algorithm".

By default, this setting is set to 0.

FireFileAccessEvent:   Whether FileAccess event is fired.

This setting specifies whether FileAccess event is fired; it is disabled by default.

LoggingEnabled:   Whether extended logging is enabled.

This setting specifies whether extended logging is enabled for this class; it is disabled by default. Please refer to the Error Reporting and Handling topic for more information.

This setting's value is stored in the registry and is persistent; it requires administrative rights to be changed.

MaxNonPagedNameLength:   The maximum number of name characters to store directly within a vault item.

This configuration setting specifies the maximum number of name characters that may be stored within a vault item directly. If a vault item's name is longer than the specified value, then the first MaxNonPagedNameLength characters are stored directly, and the rest are stored in a dedicated vault page. The minimum valid nonpaged name length is four characters (4).

A vault's maximum nonpaged name length is permanent, and it cannot be changed after the vault is created. When a vault is open, this configuration setting cannot be changed, and it can be queried only to obtain the value used by the vault.

By default, this setting is set to 0, and the class will automatically choose an optimal value when creating a vault based on PageSize.

Note: This setting cannot be changed when Active is , and it cannot be changed within events.

MaxWorkerThreadCount:   The maximum number of worker threads to use to fire events.

This setting specifies the maximum number of worker threads the class may create to fire events on when the SerializeEvents property is set to seOnMultipleThreads. (If other cases, this setting does not apply.)

By default, this setting is set to 0, and the driver automatically chooses an optimal number of threads using this equation: 4 * number_of_processors.

MinWorkerThreadCount:   The minimum number of worker threads to use to fire events.

This setting specifies the minimum number of worker threads the class should create to fire events on when the SerializeEvents property is set to seOnMultipleThreads. (In other cases, this setting does not apply.)

By default, this setting is set to 0, and the driver automatically chooses an optimal number of threads using this equation: max(number_of_processors, 4). If this setting's value exceeds the MaxWorkerThreadCount value, the latter is used instead.

PageCacheSize:   The size of the in-memory vault page cache.

This configuration setting controls the size of the built-in data cache; it is specified in bytes. The cache must be large enough to contain at least eight pages, so this setting's minimum valid value is eight times the value of the PageSize property.

By default, this configuration setting is set to 16777216 (16 MB).

Note: This setting can be changed only when Active is .

PartSize:   The part size used by a multipart vault.

This configuration setting controls the part size to use when creating new multipart vaults, and it reflects the part size used by the currently open vault. Part size is specified in bytes.

A multipart vault's part size is permanent, and it cannot be changed after the vault is created. When a vault is open, this configuration setting cannot be changed, and it can be queried only to obtain the value used by the vault.

By default, this setting is set to 0, and the class will not create multipart vaults.

Note: This setting cannot be changed when Active is , and it cannot be changed within events.

SupportSearchIndexer:   Specifies whether the driver must take additional measures to support indexing by Windows Search.

The Search Indexer of Windows 10 has been recently modified in the way that Search Indexer stopped indexing virtual disks. This happens because of the missing mounting point when the disk is created.

This setting, when enabled, tells the driver to create a fake mounting point and use it to work around the Search Indexer bug. By default, this setting is disabled.

Note: This property cannot be changed within events.

VolumeGuidName:   The GUID of the mounted volume.

Use this setting to obtain the guild of the created disk device. The value is returned as a string in the "Volume{GUID}" format, where GUID is the actual GUID.

WorkerInitialStackSize:   The initial stack size to create worker threads with.

This setting specifies the initial size of the stack each worker thread is created with. The system rounds this value to the nearest page.

By default, this setting is set to 0, and the driver uses a default stack size (currently, 1 MB).

Note: This setting cannot be changed when Active is , and it cannot be changed within events.

Trappable Errors (CBVaultDrive Module)

The class uses the error codes shown below, all of which are also available as constants for applications' convenience. System error codes, all of which are positive, may also be used as necessary for virtual-drive-related errors. Please refer to the Error Reporting and Handling topic for more information.

CBVaultDrive Errors

-1   The specified file is not a CBFS Storage vault. (VAULT_ERR_INVALID_VAULT_FILE)
-2   The specified page size is not valid. (VAULT_ERR_INVALID_PAGE_SIZE)
-3   The vault is corrupted. Please call CheckAndRepair. (VAULT_ERR_VAULT_CORRUPTED)
-4   Too many transactions active. (VAULT_ERR_TOO_MANY_TRANSACTIONS)
-5   A file, directory, symbolic link, or alternate stream with the specified name already exists. (VAULT_ERR_FILE_ALREADY_EXISTS)
-6   One or more transactions are still active. (VAULT_ERR_TRANSACTIONS_STILL_ACTIVE)
-7   The specified file tag already exists. (VAULT_ERR_TAG_ALREADY_EXISTS)
-8   The specified file, directory, symbolic link, or alternate stream was not found. (VAULT_ERR_FILE_NOT_FOUND)
-9   The specified path was not found. (VAULT_ERR_PATH_NOT_FOUND)
-10   The specified file or alternate stream is already open in an exclusive access mode. (VAULT_ERR_SHARING_VIOLATION)
-11   Cannot seek beyond the end of a file or alternate stream. (VAULT_ERR_SEEK_BEYOND_EOF)
-12   No other files, directories, symbolic links, or alternate streams match the search criteria. (VAULT_ERR_NO_MORE_FILES)
-13   The specified name is not valid. (VAULT_ERR_INVALID_FILE_NAME)
-14   The requested operation cannot be performed while a vault is open. (VAULT_ERR_VAULT_ACTIVE)
-15   A vault must be open before the requested operation can be performed. (VAULT_ERR_VAULT_NOT_ACTIVE)
-16   The specified password is incorrect. (VAULT_ERR_INVALID_PASSWORD)
-17   The requested operation cannot be performed; the vault is open in read-only mode. (VAULT_ERR_VAULT_READ_ONLY)
-18   Cannot use custom encryption; no custom encryption event handlers provided. (VAULT_ERR_NO_ENCRYPTION_HANDLERS)
-19   Out of memory. (VAULT_ERR_OUT_OF_MEMORY)
-20   A symbolic link's destination file could not be found. (VAULT_ERR_SYMLINK_DESTINATION_NOT_FOUND)
-21   The specified file is not a symbolic link. (VAULT_ERR_FILE_IS_NOT_SYMLINK)
-22   The specified buffer is too small to hold the requested value. (VAULT_ERR_BUFFER_TOO_SMALL)
-23   Decompression failed (possibly due to corruption). (VAULT_ERR_BAD_COMPRESSED_DATA)
-24   Invalid parameter. (VAULT_ERR_INVALID_PARAMETER)
-25   The vault is full (and cannot be automatically resized). (VAULT_ERR_VAULT_FULL)
-26   Operation interrupted by user. (VAULT_ERR_INTERRUPTED_BY_USER)
-27   The specified file tag was not found. (VAULT_ERR_TAG_NOT_FOUND)
-28   The specified directory is not empty. (VAULT_ERR_DIRECTORY_NOT_EMPTY)
-29   The file or alternate stream was closed unexpectedly; the handle is no longer valid. (VAULT_ERR_HANDLE_CLOSED)
-30   Invalid file or alternate stream handle. (VAULT_ERR_INVALID_STREAM_HANDLE)
-31   Access denied. (VAULT_ERR_FILE_ACCESS_DENIED)
-32   Cannot use custom compression; no custom compression event handlers provided. (VAULT_ERR_NO_COMPRESSION_HANDLERS)
-33   Not implemented in this version of CBFS Storage. (VAULT_ERR_NOT_IMPLEMENTED)
-35   The CBFS Storage system driver has not been installed. (VAULT_ERR_DRIVER_NOT_INSTALLED)
-37   The specified vault cannot be opened, it was created using a newer version of CBFS Storage. (VAULT_ERR_NEW_VAULT_VERSION)
-38   The specified file is not a directory. (VAULT_ERR_FILE_IS_NOT_DIRECTORY)
-39   The specified file tag data type is not valid. (VAULT_ERR_INVALID_TAG_DATA_TYPE)
-40   The specified vault storage file does not exist. (VAULT_ERR_VAULT_FILE_DOES_NOT_EXIST)
-41   The specified vault storage file already exists. (VAULT_ERR_VAULT_FILE_ALREADY_EXISTS)
-42   Some callback mode event handler has returned an unidentified error. (VAULT_ERR_CALLBACK_MODE_FAILURE)
-43   External library could not be initialized or used. (VAULT_ERR_EXTERNAL_ERROR)

Special Use Errors

21   ERROR_NOT_READY: Reported by the methods of the class if Initialize has not been called or did not succeed.
575   ERROR_APP_INIT_FAILURE: Reported by the methods of the class if Initialize has not been called or did not succeed. Differs from ERROR_NOT_READY (21) in that it indicates a specific situation in the internal code.
588   ERROR_FS_DRIVER_REQUIRED: Reported if the required system module was not correctly installed for the given ProductGUID.
614   ERROR_NO_CALLBACK_ACTIVE: Reported by any method that can only be called within event handlers if it is called outside an event handler.
618   ERROR_UNSUPPORTED_COMPRESSION: Reported by the OpenVault method of CBVaultDrive when the vault file is compressed or encrypted (e.g., using built-in NTFS mechanisms), which is not supported.
1292   ERROR_IMPLEMENTATION_LIMIT: Reported when the timeout value provided is less than 3 seconds.
1314   ERROR_PRIVILEGE_NOT_HELD: Reported by any method that requires elevated permissions if it is called without such permissions.
6002   ERROR_FILE_ENCRYPTED: Reported by the by the OpenVault method of CBVaultDrive when the vault file is encrypted, which is not supported.