What does explorer use to open a file?

views:

240

answers:

What does explorer use to open a file?

I'm attempting to hook into whatever explorer calls when a file is opened (double-click, context menu open, etc.), however I can't figure out which function that is.

Originally, I thought it was ShellExecute, as that does the same thing as far as I can tell, but after hooking into it I learned that it's only used when a new explorer window is opened.

Any ideas which function I should be hooking?

If you want to intercept these things, just register yourself as the default verb for shell items. Here are some samples.

If you just want to know if someone has change some files you're interested in, you should register for change notifications via FindFirstChangeNotification() and related APIs.

jeffamaphone 2009-11-24 17:29:07

We don't want to 'intercept,' we just want notification, assuming by intercept you meant completely overwrite the default behaviour. I considered doing this then passing it off to ShellExecute, but explorer obviously isn't doing that, so it made me a bit weary. We don't want to change the default behavior _at all_.

dauphic 2009-11-24 18:07:30

I'm not interested in files being changed. I'm interested in knowing when the user opens the file from explorer.

dauphic 2009-11-24 18:37:22

There are the ShellExecute hooks, but now (after XP) are deprecated because everybody used them for the strangest purposes. Have a look at this for some more detail, and at this for some documentation.

Matteo Italia 2009-11-24 22:35:44

Yes, we originally used these. We're trying to find a solution that works on Vista and up, thus a hook to whatever function is called, assuming someone knows which function that is and it's part of a dynamically linked library.

dauphic 2009-11-25 16:58:05

It sounds like the AppInit_DLLs registry key should be good enough.

Make a simple DLL and call the GetCommandLine() in your DllMain function to get the full command line to the application being executed.

Jonas Gulle 2009-11-25 07:04:12

There is a simpler way to do this, which involves writing a device driver which can be subscribe for notification of the CreateProcess function. But a plain hook to whatever explorer calls would be our preferred method.

dauphic 2009-11-25 16:57:17

Much simpler than writing a device driver ( but much less amusing ) is the MS research tool detours. Have fun!

TheEruditeTroglodyte

TheEruditeTroglodyte 2009-12-12 10:38:58

Detours is useless because I have no idea what function needs to be hooked (though I've concluded that the function isn't exposed from explorer), and would require us to buy a license just to add a very small feature. On top of that, I've already written code to hook functions.

dauphic 2009-12-12 23:45:39

Hmmm . . . well that's a tuffy . . . Here's another thought:- Do detours as I suggested- set break point in your code on intercepted file open system call- Look at funcs in stack trace . . .You'd then have the actual func to intercept . . . I've never done this . . don't know if it would work. Maybe not!TheEruditeTroglodyte

TheEruditeTroglodyte 2009-12-15 03:43:39

ansaurus

tags:

views:

answers:

What does explorer use to open a file?

related questions