Hooking application Open file calls
-
Hi, I have the following Keyboard hook module and would like to convert it so that it can hook application File Open call instead. Could someone help me with this. ........................................... Module TestHook Public Const WH_KEYBOARD = 2 Public Const VK_SHIFT = &H10 Declare Function CallNextHookEx Lib "user32" (ByVal hHook As Integer, ByVal ncode As Integer, ByVal wParam As Integer, ByVal lParam As KBDLLHOOKSTRUCT) As Integer Declare Function GetKeyState Lib "user32" (ByVal nVirtKey As Integer) As Integer Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExA" (ByVal idHook As Integer, ByVal lpfn As Integer, ByVal hmod As Integer, ByVal dwThreadId As Integer) As Integer Declare Function UnhookWindowsHookEx Lib "user32" (ByVal hHook As Integer) As Integer Public hHook As Integer Public Function KeyboardProc(ByVal idHook As Integer, ByVal wParam As Integer, ByVal lParam As KBDLLHOOKSTRUCT) As Integer 'if idHook is less than zero, no further processing is required If idHook < 0 Then 'call the next hook KeyboardProc = CallNextHookEx(hHook, idHook, wParam, lParam) Else 'check if SHIFT-S is pressed If (GetKeyState(VK_SHIFT) And &HF0000000) And wParam = Asc("S") Then 'show the result MsgBox("Shift-S pressed ...") End If 'call the next hook KeyboardProc = CallNextHookEx(hHook, idHook, wParam, lParam) End If End Function End Module Private Sub Form_Load() hHook = SetWindowsHookEx(WH_KEYBOARD, AddressOf KeyboardProc, App.hInstance, App.ThreadID) End Sub Private Sub Form_Unload(Cancel As Integer) 'remove the windows-hook UnhookWindowsHookEx hHook End Sub ........................................... Thanks,
-
Hi, I have the following Keyboard hook module and would like to convert it so that it can hook application File Open call instead. Could someone help me with this. ........................................... Module TestHook Public Const WH_KEYBOARD = 2 Public Const VK_SHIFT = &H10 Declare Function CallNextHookEx Lib "user32" (ByVal hHook As Integer, ByVal ncode As Integer, ByVal wParam As Integer, ByVal lParam As KBDLLHOOKSTRUCT) As Integer Declare Function GetKeyState Lib "user32" (ByVal nVirtKey As Integer) As Integer Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExA" (ByVal idHook As Integer, ByVal lpfn As Integer, ByVal hmod As Integer, ByVal dwThreadId As Integer) As Integer Declare Function UnhookWindowsHookEx Lib "user32" (ByVal hHook As Integer) As Integer Public hHook As Integer Public Function KeyboardProc(ByVal idHook As Integer, ByVal wParam As Integer, ByVal lParam As KBDLLHOOKSTRUCT) As Integer 'if idHook is less than zero, no further processing is required If idHook < 0 Then 'call the next hook KeyboardProc = CallNextHookEx(hHook, idHook, wParam, lParam) Else 'check if SHIFT-S is pressed If (GetKeyState(VK_SHIFT) And &HF0000000) And wParam = Asc("S") Then 'show the result MsgBox("Shift-S pressed ...") End If 'call the next hook KeyboardProc = CallNextHookEx(hHook, idHook, wParam, lParam) End If End Function End Module Private Sub Form_Load() hHook = SetWindowsHookEx(WH_KEYBOARD, AddressOf KeyboardProc, App.hInstance, App.ThreadID) End Sub Private Sub Form_Unload(Cancel As Integer) 'remove the windows-hook UnhookWindowsHookEx hHook End Sub ........................................... Thanks,
You can't convert this to catch a File Open. There is no hook for that. What, exactly, do you want to accomplish by hooking the File System? RageInTheMachine9532 "...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
-
You can't convert this to catch a File Open. There is no hook for that. What, exactly, do you want to accomplish by hooking the File System? RageInTheMachine9532 "...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
-
I would like to intercept open calls by any applications that try to open files with the *.txt, for example. I would like to perform some routine before the application proceeds with the open.
You would have to write what is essentially a device driver. The driver would attach to the NTFS file system and report back with the details your looking for. You can't do it entirely in VB.NET. The .NET languages, except for C++, are too high-level for work like this. You could write your app that does the actual reporting in VB.NET, but the driver work is best done in C++. RageInTheMachine9532 "...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
-
You would have to write what is essentially a device driver. The driver would attach to the NTFS file system and report back with the details your looking for. You can't do it entirely in VB.NET. The .NET languages, except for C++, are too high-level for work like this. You could write your app that does the actual reporting in VB.NET, but the driver work is best done in C++. RageInTheMachine9532 "...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
-
Would you happen to have a sample of this in C++ or a site that I can go to for more info?
Nope, and I doubt you'll find many samples either. It requires very deep knowledge of the internals of NTFS and Windows to write one. People usually bill you for that kind of knowledge. But... There is an example of such a technique in the FileMon utility at www.sysinternals.com. There is no source for it, you you'll see the .dll in the package. Under the Source nav menu on the left side of their page, you'll find a utility called FunDelete. There is source code in its .ZIP file that demonstrates some of the techniques you'll need to get one these drivers running. RageInTheMachine9532 "...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
-
Nope, and I doubt you'll find many samples either. It requires very deep knowledge of the internals of NTFS and Windows to write one. People usually bill you for that kind of knowledge. But... There is an example of such a technique in the FileMon utility at www.sysinternals.com. There is no source for it, you you'll see the .dll in the package. Under the Source nav menu on the left side of their page, you'll find a utility called FunDelete. There is source code in its .ZIP file that demonstrates some of the techniques you'll need to get one these drivers running. RageInTheMachine9532 "...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome