Intercept file\folder I\O without API hooking or filter driver

2018-06-24 07:50:46

I need to write a program to show a password window when user tries to access a file or folder in c++ for win XP & win 7 (for both 32bit and 64bit). But the difficult part is that I cannot use IAT EAT or inline hooking for this task as it is required to use a bit Microsoft supported method for this project.

While googling for this, it was also mentioned in many forums that this can be accomplished using a file system filter driver but I am wondering how I show a password dialog from a mini driver.

I think a shell extension could do this job, but msdn documentations shows that shell extension cannot be used to intercept I/O call.

Please advice, thanks in advance.

You do need kernel driver to achieve that. Shell hooks and extensions are only activated when file is accessed via shell (eg clicked on in Windows Explorer), and won't fire if file is accessed directly by other programs.

I had similar challenge when working on on-access anti-virus.

But like @selbie said, the driver code itself can't handle any interactive prompts - it must communicate to user-mode code to achieve that. That can be standalone app, or your DLL auto-loaded into every process. In my case, if user response was necessary, we had the driver and user-mode app communicating via pipes - the driver would pipe the message to user-mode app (if it was active) and then wait for response. The app issued a prompt and piped response back to the driver.

The subject of file I/O hooking was also discussed in earlier thread here.

链接地址: http://www.djcxy.com/p/68154.html

上一篇: HTML是HAML，因为XSLT是...？

下一篇: 截取文件\文件夹I \ O没有API挂钩或过滤器驱动程序