AlexCode Posted January 3, 2005 Posted January 3, 2005 Hi... How can I monitor the files on my computer in such way that I would be able to block system calls before they occure? I'm talking about something like I try to delete a file but a resident Windows Service receves the info and blocks the delete process... The only thing I find is on .net, the FileSystemWatch but it only grabs the info... doesn't block it... I'm looking foward for some API's or even some C code... Thanks... Alex :p Quote Software bugs are impossible to detect by anybody except the end user.
Wraith Posted January 5, 2005 Posted January 5, 2005 To do what you actually said you wanted you'd have to write a filesystem filter driver, which runs in kernel mode as a drive if i remember correctly, and you can't write such things in .NET. Probably not want you want. On the other hand if you just want to block things from the windows shell (windows explorer not the command prompt) its relatively easy to implement the ICopyHook COM interface. The ICopyHook interface allows you to catch and prevent/alter all file/folder operations performed through the shell. Look it up on msdn and break out the System.Runtime.InteropServices namespace. For a more complete answer i'd have to know what you want to block and why, can you tell us? Quote
AlexCode Posted January 5, 2005 Author Posted January 5, 2005 Thankyou very much! I needed something to start looking for... I'm just wondering about a protection for some files. Currently I have this security issue solved with the permissions of Windows Server, but something like blocking a user to delete an icon from the Desktop or so could be easyer to do... In future I would like to build a custom "file guardian" like some already on the market, that would protect some serious security files/folder from the business with passwords. I don't care if it has to be made in C, just as long as I know how to do it! :p If there's anything else you can point me I would apreciate it! Thanks! Alex :p Quote Software bugs are impossible to detect by anybody except the end user.
Wraith Posted January 5, 2005 Posted January 5, 2005 The copyhook can only detect file move delete or rename operations. What you want to do would need to be a filesystem driver filter. I don't recommend trying this without some serious reading about the subject, and yes it would have to be in c. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.