Re: wpp example
From: Maxim S. Shatskih (maxim_at_storagecraft.com)
Date: 06/16/04
- Next message: Maxim S. Shatskih: "Re: NAT implementation in an IM driver"
- Previous message: Vincent MALISOVA: "Visual C / BulkUsb"
- In reply to: shahar: "Re: wpp example"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 16 Jun 2004 12:39:59 +0400
FAT is mainly used for single-user installations like laptops. On such a
machine, the owner is the "administrator", and so hiding anything from him is
pointless.
-- Maxim Shatskih, Windows DDK MVP StorageCraft Corporation maxim@storagecraft.com http://www.storagecraft.com "shahar" <shahar@discussions.microsoft.com> wrote in message news:BC1FBDB0-98DF-4B71-9506-6483CE909F7C@microsoft.com... > If my log is written to a NTFS partition, setting the file permissions to grant read access only to administrators will be sufficient to my needs and encryption will not be needed at all. > But I have to consider a case where my log is written to a FAT partition, where there is no permision mechanism (and surely no EFS), in that case I want to encrypt the file so the user will not be able to understand it's content. > > "Pavel A." wrote: > > > Ok maybe then saving the log to NTFS encrypted file (EFS) will do what you want? > > > > --PA > > > > "shahar" <shahar@discussions.microsoft.com> wrote in message news:4028EEB1-8792-4EA4-A063-F1AC11366B9A@microsoft.com... > > > Even if users don't have the tmf file they can still understand some of the logs, after all string variables are > > written to the log in plain text. I can't allow them to see those strings. > > > > > > also - A resourcefull user will surely be able to put his hands on my tmf file someday, and when that happens he will > > be able to read every log on every system. This is unsecured like using the same key for all the doors in the world. > > > > > > I don't know what file system the users will use so I can't use the file system permissions to prevent the users from > > reading the file, therefore the only sollution I could come up with is encryption. > > > I am not writing tons of logs so I don't mind "burning cpu time" a bit. > > > > > > Are you saying that if I'm not using the built in lazy writer I'm better off not using the wpp for event firing at all > > ? > > > > > > Can you answer my fourth question please ? > > > > > > 4) As I understand I can set permissions to a tracing session in > > > "CurrentControlSet\Control\WMI\Security", where can i find a tool to edit > > > the binary form of the security descriptors there ? > > > > > > Thanks a lot for all the help, > > > Shahar. > > > > > > > > > > > > "Doron Holan [MS]" wrote: > > > > > > > the logs are written by a lazy writer. there is no callback at that time > > > > for you to modify the data. the whole point of this logging is to log in a > > > > standardized fashion, so encryption would defeat the purpose. Without the > > > > tmf file, you can't understand the log anyways (since the strings and > > > > formatting is in the tmf file). > > > > > > > > if you don't use WPP, you are back to square one and will have to format > > > > each trace message yourself using sprintf (or variant thereof). You will > > > > burn lots of cpu time just memcpying your messages, which is what WPP was > > > > designed to avoid. > > > > > > > > d > > > > > > > > -- > > > > Please do not send e-mail directly to this alias. this alias is for > > > > newsgroup purposes only. > > > > This posting is provided "AS IS" with no warranties, and confers no rights. > > > > > > > > > > > > "shahar" <shahar@discussions.microsoft.com> wrote in message > > > > news:ABBC8EFC-CFF1-4DC8-8DD7-55995F4461B3@microsoft.com... > > > > > Thank you, that was very helpfull and my program works now. > > > > > I still have a few questions about the tracing mechanism: > > > > > 1) Who actually writes to the log file ? is this thread running in user > > > > mode or kernel mode ? > > > > > 2) Is it possible to configure that thread to call a certain function > > > > (let's say in a dll) with the buffer just before it writes it to the disk (I > > > > want to encrypt the buffer) ? > > > > > 3) If not, does this mean I have to intercept the tracings myself, encrypt > > > > them, and write them to disk (without using the tracelog) or is there a > > > > simpler way ? > > > > > 4) As I understand I can set permissions to a tracing session in > > > > "CurrentControlSet\Control\WMI\Security", where can i find a tool to edit > > > > the binary form of the security descriptors there ? > > > > > > > > > > Thanks for the help, > > > > > Shahar. > > > > > > > > > > > > > > > "Doron Holan [MS]" wrote: > > > > > > > > > > > there aren't any that you will find from microsoft. first step you need > > > > to > > > > > > do is wrap each #include of a tmh file with extern "C", ie > > > > > > > > > > > > extern "C" { > > > > > > #include "MyFile.tmh" > > > > > > } > > > > > > > > > > > > also, to avoid default constructors being run when WPP initializes, > > > > specify > > > > > > the -dll option on the WPP cmd line (i think that is WPP_OPTIONS). > > > > > > > > > > > > d > > > > > > > > > > > > -- > > > > > > Please do not send e-mail directly to this alias. this alias is for > > > > > > newsgroup purposes only. > > > > > > This posting is provided "AS IS" with no warranties, and confers no > > > > rights. > > > > > > > > > > > > > > > > > > "shahar" <shahar@discussions.microsoft.com> wrote in message > > > > > > news:BD4676D3-837C-4C96-A8E8-9392A57D1354@microsoft.com... > > > > > > > can someone please send me an example of a c++ driver that is using > > > > wpp > > > > > > macros ? > > > > > > > i converted the tracedrv example to c++ and now it does'nt work (page > > > > > > faults). > > > > > > > > > > > > > > shahar@safend.com > > > > > > > > > > > > > > thanks. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Maxim S. Shatskih: "Re: NAT implementation in an IM driver"
- Previous message: Vincent MALISOVA: "Visual C / BulkUsb"
- In reply to: shahar: "Re: wpp example"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
