Intercept windows open file

views:

570

answers:

+2 Q:

Intercept windows open file

Hello,

I'm trying to make a small program that could intercept the open process of a file.

The purpose is when an user double-click on a file in a given folder, windows would inform to the software, then it process that petition and return windows the data of the file.

Maybe there would be another solution like monitoring Open messages and force Windows to wait while the program prepare the contents of the file.

One application of this concept, could be to manage desencryption of a file in a transparent way to the user. In this context, the encrypted file would be on the disk and when the user open it ( with double-click on it or with some application such as notepad ), the background process would intercept that open event, desencrypt the file and give the contents of that file to the asking application.

It's a little bit strange concept, it could be like "Man In The Middle" network concept, but with files instead of network packets.

Thanks for reading.

+6 A:

The best way to do it to cover all cases of opening from any program would be via a file system filter driver. This may be too complex for your needs though.

Brian R. Bondy 2009-07-10 13:41:28

Where could one find information on such a driver?

Geo 2009-07-10 13:42:20

I linked to the MS page that has a lot of resources and information.

Brian R. Bondy 2009-07-10 13:43:12

anti virus software, on the fly encryption/compression and more is built in this way by the way.

Brian R. Bondy 2009-07-10 13:52:02

Windows has an option to encrypt files on the disk (file->properties->advanced->encrypt) and this option is completely transparent to the applications.

Maybe to encrypt decrypt file portions of a disk you should consider softwares like criptainer?

There is this software as well http://www.truecrypt.org/downloads (free and open source) but I haven't tried it.

Developing a custom solution sounds very difficult.

mic.sca 2009-07-10 13:45:08

Ok, you maybe can do it as a file system filter driver but I don't think it's a "viable" solution ..unless you have plenty of time and skills :-) and are developing something very specific that requires just that.

mic.sca 2009-07-10 13:50:12

The crypt example was only to illustratre the doubt. I dont need any encryption at all :)

HyLian 2009-07-12 21:15:14

+1 A:

You can use the trick that Process Explorer uses to replace itself with task manager. Basically create a key like this:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

Where you replace 'taskmgr.exe' with the name of the process to intercept. Then add a string value called 'Debugger' that has the path to your executable. E.g:

Dubugger -> "C:\windows\system32\notepad.exe"

Every a process is run that matches the image name your process will actually be called as a debugger for that process with the path to the actual process as an argument.

Luke Quinane 2010-04-21 11:31:23

You could use code injection and API redirection. You'd start your target process and then inject a DLL which hooks the windows API functions that you want to intercept. You then get called when the target process thinks it's calling OpenFile() or whatever and you can do what you like before passing the call on to the real API.

Google for "IAT hooking".

Len Holgate 2010-04-21 11:49:41

ansaurus

tags:

views:

answers:

Intercept windows open file

related questions