Directory Info using GetFileInformationByHandleEx
-
Hello all, I hooked NtSetInformationFile to intercept delete call, This is done, Now i have a file which contains name of files and folder need to be protected, Protecting file is no problem as i get the file name from file handle and using strcmp i decide whether to delete the file or not, But how to determine that the file handle i get in NtSetInformationFile is folder? I tried using GetFileInformationByHandleEx with FileStandardInfo which should give me whether the handle is directory or not, But it always returns TRUE(folder) when there are no files inside and FALSE(not folder) when there are files inside. Thanks all.
-
Hello all, I hooked NtSetInformationFile to intercept delete call, This is done, Now i have a file which contains name of files and folder need to be protected, Protecting file is no problem as i get the file name from file handle and using strcmp i decide whether to delete the file or not, But how to determine that the file handle i get in NtSetInformationFile is folder? I tried using GetFileInformationByHandleEx with FileStandardInfo which should give me whether the handle is directory or not, But it always returns TRUE(folder) when there are no files inside and FALSE(not folder) when there are files inside. Thanks all.
You can use the PathIsDirectory[^] API.
«_Superman_»
I love work. It gives me something to do between weekends. -
You can use the PathIsDirectory[^] API.
«_Superman_»
I love work. It gives me something to do between weekends.I think i can't. Let me explain the scenario, I have a empty folder say "abcd" in C: drive and a non-empty folder say "efgh" in C: drive which contains a.txt, b.rar Now when i access empty folder(i.e try to delete) the path i get is "C:\abcd", which is fine and a query for directory in GetFileInformationByHandleEx return TRUE, But when i access non empty folder the path i get is "C:\efgh\a.txt" and "C:\efgh\b.rar" , Please note i did not access the files inside it but folder. So i guess "PathIsDirectory" won't work..
-
I think i can't. Let me explain the scenario, I have a empty folder say "abcd" in C: drive and a non-empty folder say "efgh" in C: drive which contains a.txt, b.rar Now when i access empty folder(i.e try to delete) the path i get is "C:\abcd", which is fine and a query for directory in GetFileInformationByHandleEx return TRUE, But when i access non empty folder the path i get is "C:\efgh\a.txt" and "C:\efgh\b.rar" , Please note i did not access the files inside it but folder. So i guess "PathIsDirectory" won't work..
gothic_coder wrote:
But when i access non empty folder the path i get is "C:\efgh\a.txt"...
The path you get from where?
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"Man who follows car will be exhausted." - Confucius
-
gothic_coder wrote:
But when i access non empty folder the path i get is "C:\efgh\a.txt"...
The path you get from where?
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"Man who follows car will be exhausted." - Confucius
GetFileInformationByHandleEx gives me "\efgh\a.txt" , I then use GetFileInformationByHandle with handle to get the volume serial number and then GetLogicalDriveStrings and GetVolumeInformation to compare the volume serial number and attach with "\efgh\a.txt" to get "C:\efgh\a.txt".