File I/O
-
Afther a long search over the internet and MSDN, I decided to ask someone more skilled than me that may be on this forum... Is there possible to intercept an application file operation reqest? Let's say an application is triing to open a file, can I set a hook that notifies me that? If not, how can this goal be accomplished? Writing kernel mode intermediate drivers for the i/o routines? I hope I understand...because is a rough world out there...
-
Afther a long search over the internet and MSDN, I decided to ask someone more skilled than me that may be on this forum... Is there possible to intercept an application file operation reqest? Let's say an application is triing to open a file, can I set a hook that notifies me that? If not, how can this goal be accomplished? Writing kernel mode intermediate drivers for the i/o routines? I hope I understand...because is a rough world out there...
http://www.sysinternals.com/SourceCode.html[^] and u have there the source code for AccessEnum v1.2 NG
-
http://www.sysinternals.com/SourceCode.html[^] and u have there the source code for AccessEnum v1.2 NG
Thanks for you answer, but I'm tring to find a way in order to intercept some file I/O actions... Adica in timp dinamc sa imi spuna daca o aplicatie deschide o fila, citeste dintr-o fila, scrie intr-o fila, etc... Intrebarea era daca este posibli cu Hook-uri si cum, sau daca nu cum este posibil? - Mersi oricum ;) I hope you understand...because is a rough world out there...
-
Afther a long search over the internet and MSDN, I decided to ask someone more skilled than me that may be on this forum... Is there possible to intercept an application file operation reqest? Let's say an application is triing to open a file, can I set a hook that notifies me that? If not, how can this goal be accomplished? Writing kernel mode intermediate drivers for the i/o routines? I hope I understand...because is a rough world out there...
Vlad Stanciu wrote: Is there possible... It's possible and, depending on your actual requirements, might not be a trivial task. You may need to create a virtual device driver, install a VxD service called
IFSMGR_InstallFileSystemApiHook, or create a file system driver that "sees" all IRPs and FastIO requests directed at a drive.
"One must learn from the bite of the fire to leave it alone." - Native American Proverb