From f78f1d3f789fdf4027a44db94a2eb613e3ac9b71 Mon Sep 17 00:00:00 2001 From: hkx3upper <3173566138@qq.com> Date: Fri, 3 Jun 2022 10:12:55 +0800 Subject: [PATCH 1/5] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b3bf6ae..c860851 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ 5.特权加密和特权解密使用重入(Reentry)的方式,使驱动加密解密文件; 6.解决FileRenameInformationEx和FileRenameInformation问题,因此可以自动加密解密docx,doc,pptx,ppt,xlsx,xls等使用tmp文件重命名方式读写的文件; 7.注册进程相关回调,使用链表统一管理授权与非授权进程;注册进程与线程对象回调,保护进程EPROCESS,ETHREAD对象;对授权进程的代码段进行完整性校验。 -8.设置机密文件夹,文件处于该文件夹下才会透明加密,并可以从桌面PocUser配置机密文件夹与需管控的文件扩展名 @wangzhankun +8.设置机密文件夹,文件处于该文件夹下才会透明加密,并可以从桌面PocUser配置机密文件夹与目标扩展名 @wangzhankun **It's a minifilter used for transparent-encrypting.** **Companies** often choose to encrypt important data in order to prevent data leakage, which, however, will cause inconvenience to its applications. To this end, a double-cache transparent encryption and decryption system based on minifilter is designed in this project to realize the encryption and protection of files with specific file extension and facilitate data use on the premise of ensuring data security. From 0ada1ca74745eb62c278cc9071d2ecdf068b48be Mon Sep 17 00:00:00 2001 From: hkx3upper <3173566138@qq.com> Date: Fri, 3 Jun 2022 10:13:33 +0800 Subject: [PATCH 2/5] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c860851..816dd1a 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ 4.Write和Read使用SwapBuffers的方式进行透明加密解密; 5.特权加密和特权解密使用重入(Reentry)的方式,使驱动加密解密文件; 6.解决FileRenameInformationEx和FileRenameInformation问题,因此可以自动加密解密docx,doc,pptx,ppt,xlsx,xls等使用tmp文件重命名方式读写的文件; -7.注册进程相关回调,使用链表统一管理授权与非授权进程;注册进程与线程对象回调,保护进程EPROCESS,ETHREAD对象;对授权进程的代码段进行完整性校验。 -8.设置机密文件夹,文件处于该文件夹下才会透明加密,并可以从桌面PocUser配置机密文件夹与目标扩展名 @wangzhankun +7.注册进程相关回调,使用链表统一管理授权与非授权进程;注册进程与线程对象回调,保护进程EPROCESS,ETHREAD对象;对授权进程的代码段进行完整性校验; +8.设置机密文件夹,文件处于该文件夹下才会透明加密,并可以从桌面PocUser配置机密文件夹与目标扩展名@wangzhankun **It's a minifilter used for transparent-encrypting.** **Companies** often choose to encrypt important data in order to prevent data leakage, which, however, will cause inconvenience to its applications. To this end, a double-cache transparent encryption and decryption system based on minifilter is designed in this project to realize the encryption and protection of files with specific file extension and facilitate data use on the premise of ensuring data security. From 80b5c1e70a83aa2b1a7803bfc160316013c8a437 Mon Sep 17 00:00:00 2001 From: hkx3upper <3173566138@qq.com> Date: Fri, 3 Jun 2022 11:52:22 +0800 Subject: [PATCH 3/5] Update README.md --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 816dd1a..74f8f17 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ 本项目5月12号以前的版本已作为毕设,如有雷同,纯属雷同s(-__-)b ## 简介: -本项目是一个使用minifilter框架的透明加密解密过滤驱动,当进程有写入特定的文件扩展名(比如txt,docx)文件的倾向时自动加密。授权进程想要读取密文文件时自动解密,非授权进程不解密,显示密文,且不允许修改密文,这里的加密或解密只针对NonCachedIo。桌面端也可以发送特权加密和特权解密命令,实现单独加密或解密。 +本项目是一个使用minifilter框架的透明加密解密过滤驱动,当进程有写入特定的文件扩展名(比如txt,docx)文件的倾向时自动加密。授权进程想要读取密文文件时自动解密,非授权进程不解密,显示密文,且不允许修改密文,这里的加密或解密只针对NonCachedIo。桌面端也可以发送特权加密和特权解密命令,实现单独加密或解密,以及配置进程权限,设置机密文件夹和目标扩展名。 1.本项目使用双缓冲,授权进程和非授权进程分别使用明文缓冲和密文缓冲; 2.使用StreamContext存放驱动运行时的文件信息,使用文件标识尾的方式,在文件的尾部4KB储存文件的解密信息; 3.使用AES-128 ECB模式,16个字节以内扩展文件大小,大于16个字节,使用密文挪用(Ciphertext stealing)的方法,避免明文必须分块对齐(padding)的问题; @@ -31,7 +31,7 @@ https://www.microsoft.com/en-us/download/details.aspx?id=30688 链接器的常规->附加库目录C:\Windows Kits\10\Cryptographic Provider Development Kit\Lib\x64 输入->附加依赖项一定要设置为ksecdd.lib 2.在`Config.c`中设置目标文件扩展名,设置机密文件夹,以及设置授权进程 -3.使用Visual Studio 2019编译Debug x64驱动,[编译User、UserDll和UserPanel(不影响驱动使用)] +3.使用Visual Studio 2019编译Debug x64驱动,编译User、UserDll和UserPanel(不影响驱动使用)] 4.建议在Windows 10 x64 17763.2928 LTSC,NTFS环境运行,此环境为开发测试环境 ## 贡献者: @@ -78,7 +78,8 @@ PT_DBG_PRINT(PTDBG_TRACE_ROUTINES, /*--------------------------------------------------------- 函数名称: 函数描述: -作者: +作者: +时间: 更新维护: 时间+维护者+修复的bug或添加的新功能 ---------------------------------------------------------*/ ``` From 3c3d653ada60b6c0f69e14ac31702c2fbf5c219c Mon Sep 17 00:00:00 2001 From: hkx3upper <3173566138@qq.com> Date: Mon, 6 Jun 2022 20:05:22 +0800 Subject: [PATCH 4/5] Update README.md --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 74f8f17..a391ee5 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,9 @@ +

+[![License](https://img.shields.io/badge/License-GPLv3-blue.svg "License")](https://www.gnu.org/licenses/gpl-3.0 "License") +[![Driver](https://img.shields.io/badge/Driver-passing-green.svg "Driver")](https://github.com/hkx3upper "Driver") +[![PR](https://img.shields.io/badge/PR-welcome-blue.svg "PR")](https://github.com/hkx3upper/FOKS-TROT/pulls "PR") +[![Issue](https://img.shields.io/badge/Issue-welcome-blue.svg "Issue")](https://github.com/hkx3upper/FOKS-TROT/issues "Issue") +

# FOKS-TROT ## 基于Minifilter框架的双缓冲透明加解密驱动 From a9220d2ff2ada3e9ae4eda50b7dc574bbc7d50e1 Mon Sep 17 00:00:00 2001 From: hkx3upper <3173566138@qq.com> Date: Mon, 6 Jun 2022 20:05:49 +0800 Subject: [PATCH 5/5] Update README.md --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index a391ee5..c08bb2c 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,7 @@ -

[![License](https://img.shields.io/badge/License-GPLv3-blue.svg "License")](https://www.gnu.org/licenses/gpl-3.0 "License") [![Driver](https://img.shields.io/badge/Driver-passing-green.svg "Driver")](https://github.com/hkx3upper "Driver") [![PR](https://img.shields.io/badge/PR-welcome-blue.svg "PR")](https://github.com/hkx3upper/FOKS-TROT/pulls "PR") [![Issue](https://img.shields.io/badge/Issue-welcome-blue.svg "Issue")](https://github.com/hkx3upper/FOKS-TROT/issues "Issue") -

# FOKS-TROT ## 基于Minifilter框架的双缓冲透明加解密驱动