Winapi 捕获加密的USB解密事件?
您好,我使用的是有密码保护的Kingston DT4000 G2 USB驱动器 我可以通过调用RegisterDeviceNotification()跟踪windows下的磁盘插入和输出事件, 并接收WM_DEVICECHANGE的通知 问题是在我输入密码之前媒体不可用。 在解密之前,我可以看到设备和系统将显示“请将磁盘插入USB驱动器(E:)” 但当数据被解密并且媒体真的对我可用时,我无法捕获事件。Winapi 捕获加密的USB解密事件?,winapi,encryption,usb,usb-drive,Winapi,Encryption,Usb,Usb Drive,您好,我使用的是有密码保护的Kingston DT4000 G2 USB驱动器 我可以通过调用RegisterDeviceNotification()跟踪windows下的磁盘插入和输出事件, 并接收WM_DEVICECHANGE的通知 问题是在我输入密码之前媒体不可用。 在解密之前,我可以看到设备和系统将显示“请将磁盘插入USB驱动器(E:)” 但当数据被解密并且媒体真的对我可用时,我无法捕获事件。 是否可以使用win32捕获此类事件?您可以使用以下示例和win32\u Encryptable
是否可以使用win32捕获此类事件?您可以使用以下示例和
win32\u EncryptableVolume
#include <windows.h>
#include <dbt.h>
#include <string>
#include <initguid.h>
#include <IoEvent.h>
#include <iostream>
#include <comdef.h>
#include <Wbemidl.h>
using namespace std;
#pragma comment(lib, "wbemuuid.lib")
#pragma warning(disable : 4996)
// Function prototype
LRESULT CALLBACK MainWndProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam);
std::string DrivesFromMask(ULONG unitmask);
UINT32 GetLockStatus();
int main(int argc, char** argv)
{
MSG msg; // MSG structure to store messages
HWND hwndMain; // Main window handle
WNDCLASSEX wcx; // WINDOW class information
HDEVNOTIFY hDevnotify;
DWORD len;
DEV_BROADCAST_DEVICEINTERFACE NotificationFilter;
// 53F56307-B6BF-11D0-94F2-00A0C91EFB8B
GUID FilterGUID = { 0x53F56307,0x0B6BF,0x11D0,{0x94,0xF2,0x00,0xA0,0xC9,0x1E,0xFB,0x8B} };
// Initialize the struct to zero
ZeroMemory(&wcx, sizeof(WNDCLASSEX));
wcx.cbSize = sizeof(WNDCLASSEX); // Window size. Must always be sizeof(WNDCLASSEX)
wcx.style = 0; // Class styles
wcx.lpfnWndProc = (WNDPROC)MainWndProc; // Pointer to the callback procedure
wcx.cbClsExtra = 0; // Extra byte to allocate following the wndclassex structure
wcx.cbWndExtra = 0; // Extra byte to allocate following an instance of the structure
wcx.hInstance = GetModuleHandle(NULL); // Instance of the application
wcx.hIcon = NULL; // Class Icon
wcx.hCursor = NULL; // Class Cursor
wcx.hbrBackground = NULL; // Background brush
wcx.lpszMenuName = NULL; // Menu resource
wcx.lpszClassName = "USB"; // Name of this class
wcx.hIconSm = NULL; // Small icon for this class
// Register this window class with MS-Windows
if (!RegisterClassEx(&wcx))
return 0;
// Create the window
hwndMain = CreateWindowEx(0,// Extended window style
"USB", // Window class name
"", // Window title
WS_POPUP, // Window style
0, 0, // (x,y) pos of the window
0, 0, // Width and height of the window
NULL, // HWND of the parent window (can be null also)
NULL, // Handle to menu
GetModuleHandle(NULL), // Handle to application instance
NULL); // Pointer to window creation data
// Check if window creation was successful
if (!hwndMain)
return 0;
// Make the window invisible
ShowWindow(hwndMain, SW_HIDE);
// Initialize device class structure
len = sizeof(DEV_BROADCAST_DEVICEINTERFACE);
memset(&NotificationFilter, 0, len);
NotificationFilter.dbcc_size = sizeof(DEV_BROADCAST_DEVICEINTERFACE);
NotificationFilter.dbcc_devicetype = 5; // DBT_DEVTYP_DEVICEINTERFACE;
NotificationFilter.dbcc_classguid = FilterGUID;
// Register
hDevnotify = RegisterDeviceNotification(hwndMain, &NotificationFilter, DEVICE_NOTIFY_WINDOW_HANDLE);
if (hDevnotify == NULL)
return 0;
// Process messages coming to this window
while (GetMessage(&msg, NULL, 0, 0)) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
// return value to the system
return msg.wParam;
}
HDEVNOTIFY RegisterDevice(HWND hWnd, PDEV_BROADCAST_DEVICEINTERFACE PdevDEVICEINTERFACE)
{
DEV_BROADCAST_HANDLE broadcast = { 0 };
broadcast.dbch_size = sizeof(DEV_BROADCAST_HANDLE);
broadcast.dbch_devicetype = DBT_DEVTYP_HANDLE;
broadcast.dbch_handle = CreateFile(PdevDEVICEINTERFACE->dbcc_name, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL);
return RegisterDeviceNotification(hWnd, &broadcast, DEVICE_NOTIFY_WINDOW_HANDLE);
}
HDEVNOTIFY hDevNotify = NULL;
LRESULT CALLBACK MainWndProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam)
{
PDEV_BROADCAST_VOLUME PdevVolume;
PDEV_BROADCAST_DEVICEINTERFACE PdevDEVICEINTERFACE;
std::string drvs;
static UINT32 g_LockedDrivesMask;
switch (msg)
{
case WM_DEVICECHANGE:
switch (wParam)
{
// A device or piece of media has been inserted and is now available
case DBT_CUSTOMEVENT:
{
DEV_BROADCAST_HDR* hdr = (DEV_BROADCAST_HDR*)lParam;
switch (hdr->dbch_devicetype)
{
case DBT_DEVTYP_HANDLE:
UINT32 LockedDrivesMask = GetLockStatus();
UINT32 result = LockedDrivesMask ^ g_LockedDrivesMask;
if (result)
{
for (int i = 0; i < 26 && result; ++i)
{
if (result & 0x1)
{
if (0 == (LockedDrivesMask & (0x1 << i)))
printf("%c: unlock!\n", i + 'A');
}
result = result >> 1;
}
}
g_LockedDrivesMask = LockedDrivesMask;
break;
}
}
break;
case DBT_DEVICEARRIVAL:
PdevDEVICEINTERFACE = (PDEV_BROADCAST_DEVICEINTERFACE)lParam;
switch (PdevDEVICEINTERFACE->dbcc_devicetype)
{
// Class of devices
case DBT_DEVTYP_DEVICEINTERFACE:
g_LockedDrivesMask = GetLockStatus();
hDevNotify = RegisterDevice(hwnd, PdevDEVICEINTERFACE);
break;
// Logical volume
case DBT_DEVTYP_VOLUME:
PdevVolume = (PDEV_BROADCAST_VOLUME)lParam;
drvs = DrivesFromMask(PdevVolume->dbcv_unitmask);
for (UINT i = 0; i < drvs.length(); i++)
printf("Drive %c:\\ connected\n", drvs[i]);
}
break;
case DBT_DEVICEREMOVEPENDING:
PdevDEVICEINTERFACE = (PDEV_BROADCAST_DEVICEINTERFACE)lParam;
UnregisterDeviceNotification(hDevNotify);
}
break;
default:
// Call the default window handler
return DefWindowProc(hwnd, msg, wParam, lParam);
}
return 0;
}
std::string DrivesFromMask(ULONG unitmask)
{
char i;
std::string drv = "";
for (i = 0; i < 26 && unitmask; ++i)
{
if (unitmask & 0x1)
{
drv += i + 'A';
}
unitmask = unitmask >> 1;
}
return drv;
}
UINT32 GetLockStatus()
{
HRESULT hres;
hres = CoInitializeEx(0, COINIT_MULTITHREADED);
hres = CoInitializeSecurity(
NULL,
-1,
NULL,
NULL,
RPC_C_AUTHN_LEVEL_DEFAULT,
RPC_C_IMP_LEVEL_IMPERSONATE,
NULL,
EOAC_NONE,
NULL
);
IWbemLocator* pLoc = NULL;
hres = CoCreateInstance(
CLSID_WbemLocator,
0,
CLSCTX_INPROC_SERVER,
IID_IWbemLocator, (LPVOID*)&pLoc);
IWbemServices* pSvc = NULL;
hres = pLoc->ConnectServer(
_bstr_t(L"Root\\CIMV2\\Security\\MicrosoftVolumeEncryption"), // Object path of WMI namespace
NULL,
NULL,
0,
NULL,
0,
0,
&pSvc
);
hres = CoSetProxyBlanket(
pSvc,
RPC_C_AUTHN_WINNT,
RPC_C_AUTHZ_NONE,
NULL,
RPC_C_AUTHN_LEVEL_CALL,
RPC_C_IMP_LEVEL_IMPERSONATE,
NULL,
EOAC_NONE
);
IEnumWbemClassObject* pEnumerator = NULL;
wstring strQuery = L"SELECT * FROM Win32_EncryptableVolume";
hres = pSvc->ExecQuery(BSTR(L"WQL"), BSTR(strQuery.c_str()),
WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY, NULL, &pEnumerator);
IWbemClassObject* pclsObj = NULL;
IWbemClassObject* pOutParams = NULL;
ULONG uReturn = 0;
UINT32 mask = 0;
while (pEnumerator)
{
UINT32 bit = 0;
hres = pEnumerator->Next(WBEM_INFINITE, 1, &pclsObj, &uReturn);
if (0 == uReturn || FAILED(hres))
break;
IWbemClassObject* pClass = NULL;
hres = pSvc->GetObject(BSTR(L"Win32_EncryptableVolume"), 0, NULL, &pClass, NULL);
VARIANT val;
hres = pclsObj->Get(L"DriveLetter", 0, &val, 0, NULL);
bit = val.bstrVal[0] - 'A';
IWbemClassObject* pInParamsDefinition = NULL;
hres = pClass->GetMethod(L"GetLockStatus", 0, NULL, NULL);
VARIANT var;
pclsObj->Get(L"__PATH", 0, &var, NULL, NULL);
hres = pSvc->ExecMethod(var.bstrVal, _bstr_t(L"GetLockStatus"), 0,
NULL, NULL, &pOutParams, NULL);
VARIANT varReturnValue;
hres = pOutParams->Get(_bstr_t(L"LockStatus"), 0,
&varReturnValue, NULL, 0);
if (varReturnValue.iVal)
{
mask |= 0x1 << bit;
}
VariantClear(&val);
VariantClear(&var);
VariantClear(&varReturnValue);
pclsObj->Release();
pClass->Release();
pOutParams->Release();
pOutParams = NULL;
}
pEnumerator->Release();
pLoc->Release();
pSvc->Release();
CoUninitialize();
return mask;
}
#包括
#包括
#包括
#包括
#包括
#包括
#包括
#包括
使用名称空间std;
#pragma注释(lib,“wbemuid.lib”)
#杂注警告(禁用:4996)
//功能原型
LRESULT回调MainWndProc(HWND HWND,UINT msg,WPARAM WPARAM,LPARAM LPARAM);
std::字符串驱动器fromsmask(ULONG unitmask);
UINT32 GetLockStatus();
int main(int argc,字符**argv)
{
MSG;//存储消息的MSG结构
HWND hwndMain;//主窗口句柄
WNDCLASSEX wcx;//窗口类信息
HDEVNOTIFY HDEVNOTIFY;
德沃德·伦;
开发广播设备接口通知过滤器;
//53F56307-B6BF-11D0-94F2-00A0C91EFB8B
GUID FilterGUID={0x53F56307,0x0B6BF,0x11D0,{0x94,0xF2,0x00,0xA0,0xC9,0x1E,0xFB,0x8B}};
//将结构初始化为零
零内存(&wcx,sizeof(WNDCLASSEX));
wcx.cbSize=sizeof(WNDCLASSEX);//窗口大小。必须始终为sizeof(WNDCLASSEX)
wcx.style=0;//类样式
wcx.lpfnWndProc=(WNDPROC)MainWndProc;//指向回调过程的指针
wcx.cbClsExtra=0;//按照wndclassex结构分配的额外字节
wcx.cbWndExtra=0;//要在结构实例之后分配的额外字节
wcx.hInstance=GetModuleHandle(NULL);//应用程序的实例
wcx.hIcon=NULL;//类图标
wcx.hCursor=NULL;//类游标
wcx.hbrBackground=NULL;//背景画笔
wcx.lpszMenuName=NULL;//菜单资源
wcx.lpszClassName=“USB”//该类的名称
wcx.hIconSm=NULL;//此类的小图标
//向MS Windows注册此窗口类
如果(!RegisterClass(&wcx))
返回0;
//创建窗口
hwndMain=CreateWindowEx(0,//扩展窗口样式
“USB”,//窗口类名称
“”,//窗口标题
WS\u弹出窗口,//窗口样式
窗口的0、0、/(x、y)位置
0,0,//窗口的宽度和高度
NULL,//父窗口的HWND(也可以为NULL)
NULL,//菜单句柄
GetModuleHandle(NULL),//应用程序实例的句柄
NULL);//指向窗口创建数据的指针
//检查窗口创建是否成功
如果(!hwndMain)
返回0;
//让窗户看不见
显示窗口(hwndMain、SW_隐藏);
//初始化设备类结构
len=sizeof(设备接口);
memset(&NotificationFilter,0,len);
NotificationFilter.dbcc_size=sizeof(设备接口);
NotificationFilter.dbcc_devicetype=5;//DBT_DEVTYP_DEVICEINTERFACE;
NotificationFilter.dbcc_classguid=FilterGUID;
//登记册
hDevnotify=RegisterDeviceNotify(hwndMain和NotificationFilter、设备通知窗口句柄);
如果(hDevnotify==NULL)
返回0;
//处理到达此窗口的消息
while(GetMessage(&msg,NULL,0,0)){
翻译信息(&msg);
发送消息(&msg);
}
//向系统返回值
返回msg.wParam;
}
HDEVNOTIFY寄存器设备(HWND HWND、PDEV\u广播\u设备接口PdevDEVICEINTERFACE)
{
DEV_BROADCAST_HANDLE BROADCAST={0};
broadcast.dbch_size=sizeof(DEV_broadcast_HANDLE);
broadcast.dbch_devicetype=DBT_DEVTYP_句柄;
broadcast.dbch_handle=CreateFile(PdevDEVICEINTERFACE->dbcc_name,GENERIC_READ,0,NULL,OPEN_EXISTING,FILE_FLAG_OVERLAPPED,NULL);
返回寄存器设备化(hWnd、广播、设备通知窗口句柄);
}
HDEVNOTIFY HDEVNOTIFY=NULL;
LRESULT回调MainWndProc(HWND HWND,UINT msg,WPARAM WPARAM,LPARAM LPARAM)
{
PDEV_广播_音量PDEV音量;
PDEV_广播_设备接口PDEV设备接口;
std::字符串drv;
静态单元32 g_锁定驱动任务;
开关(msg)
{
案例WM_设备变更:
交换机(wParam)
{
//设备或介质已插入,现在可用
案例DBT\U自定义事件:
{
DEV_BROADCAST_HDR*HDR=(DEV_BROADCAST_HDR*)LPRAM;
开关(hdr->dbch\U设备类型)
{
案例DBT_DEVTYP_手柄:
UINT32 LockedDrivesMask=GetLockStatus();
UINT32结果=锁定驱动任务^g_锁定驱动任务;
如果(结果)
{
对于(int i=0;i<26&&result;++i)
{
if(结果&0x1)
{
如果(0==(锁定驱动任务&(0x1>1;
}
}
g_LockedDrive任务=LockedDrive任务;
打破
}
}
打破
案例DBT_设备到达:
PdevDEVICEINTERFACE=(PDEV_广播_设备接口)LPRAM;
开关(PdevDEVICEINTERFACE->dbcc\U设备类型)
{
//设备类别
案例DBT_DEVTYP_设备接口:
g_LockedDriveTask=GetLoc