How to hook file handling routines.
-
Hi All, How to hook file handling routines in windows using .Net..I have to hook a file Open routine through an application in .Net...i.e i should call my dll defare the call goes to the windows procedure ..Any sample codes/ideas are appreciated.
Luck is Opportunity with hardwork
-
Hi All, How to hook file handling routines in windows using .Net..I have to hook a file Open routine through an application in .Net...i.e i should call my dll defare the call goes to the windows procedure ..Any sample codes/ideas are appreciated.
Luck is Opportunity with hardwork
There's no such thing in Managed code. This requires Black Belt level knowledge of NTFS and a specially written shim that sits on top of the NT kernel to intercept the call. I don't know of any examples, short of FileMon from SysInternals. They DON'T supply the source code for the NT driver that's required to do this.
Dave Kreskowiak Microsoft MVP - Visual Basic
-
There's no such thing in Managed code. This requires Black Belt level knowledge of NTFS and a specially written shim that sits on top of the NT kernel to intercept the call. I don't know of any examples, short of FileMon from SysInternals. They DON'T supply the source code for the NT driver that's required to do this.
Dave Kreskowiak Microsoft MVP - Visual Basic
-
Hi All, How to hook file handling routines in windows using .Net..I have to hook a file Open routine through an application in .Net...i.e i should call my dll defare the call goes to the windows procedure ..Any sample codes/ideas are appreciated.
Luck is Opportunity with hardwork
If you're trying to hook one application then you could do API hooking on the CreateFile, ReadFile, WriteFile APIs. This is a task that really needs to be done in C++. See here[^] for an example. Otherwise you'll be writing a File System Filter Driver which runs in kernel mode, and for that you'll basically need to write in C. You'll need the Driver Development Kit[^] (I think - file system filters might be an advanced driver type only permitted in the Installable File System Kit[^]). Don't do this unless absolutely necessary - unstable applications merely crash the application, but unstable drivers crash the system. Kernel mode is very very hard, and you should at least read Windows Internals, Fourth Edition[^] by Mark Russinovich and David Solomon before starting.
Stability. What an interesting concept. -- Chris Maunder