File interception \ I \ O folder without connecting to API or filter filter

Question

File interception \ I \ O folder without connecting to API or filter filter

I need to write a program to show a password window when a user tries to access a file or folder in C ++ for win XP and win 7 (for 32-bit and 64-bit). But the tricky part is that I cannot use IAT \ EAT or the built-in binding for this task, since I need to use the slightly supported Microsoft method for this project.

While searching on this issue, many forums also mentioned that this can be done using the file system filter driver, but I am interested in how I show the password dialog from the mini-driver.

I think a shell extension could do this job, but the msdn docs show that a shell extension cannot be used to intercept an I / O call.

I ask for advice, thanks in advance.

+7

c ++ windows visual-c ++ hook minifilter

Mahsan Jan 9 '13 at 6:47

source share

1 answer

Cozzamara · Answer 1 · 2013-01-15T19:19:34+0000

This requires a kernel driver. Hooks and shell extensions are activated only when accessing the file through the shell (for example, in Windows Explorer), and will not start if other programs access the file directly.

I had a similar problem when working with access antivirus.

But, as @selbie said, the driver code itself cannot process any interactive hints - for this, it must contact the user mode code. It can be a standalone application, or your DLL is automatically loaded into each process. In my case, if a user response was necessary, we had a driver and user mode application exchanging via channels - the driver will send a message to the user application (if it was active), and then wait for a response. The application issued a request for a quick response and a response to a request to the driver.

The issue of connecting file I / O was also discussed in an earlier section here .

File interception \ I \ O folder without connecting to API or filter filter

More articles: