windows 拦截windows打开的文件
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1109564/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Intercept windows open file
提问by HyLian
I'm trying to make a small program that could intercept the open process of a file.
我正在尝试制作一个可以拦截文件打开过程的小程序。
The purpose is when an user double-click on a file in a given folder, windows would inform to the software, then it process that petition and return windows the data of the file.
目的是当用户双击给定文件夹中的文件时,windows会通知软件,然后它处理该请求并将文件的数据返回给windows。
Maybe there would be another solution like monitoring Open messages and force Windows to wait while the program prepare the contents of the file.
也许会有另一种解决方案,例如监视打开消息并强制 Windows 在程序准备文件内容时等待。
One application of this concept, could be to manage desencryption of a file in a transparent way to the user. In this context, the encrypted file would be on the disk and when the user open it ( with double-click on it or with some application such as notepad ), the background process would intercept that open event, desencrypt the file and give the contents of that file to the asking application.
这个概念的一个应用可以是以对用户透明的方式管理文件的解密。在这种情况下,加密文件将在磁盘上,当用户打开它时(双击它或使用某些应用程序,如记事本),后台进程将拦截该打开事件,解密文件并提供内容该文件的请求应用程序。
It's a little bit strange concept, it could be like "Man In The Middle" network concept, but with files instead of network packets.
这是一个有点奇怪的概念,它可能类似于“中间人”网络概念,但使用文件而不是网络数据包。
Thanks for reading.
谢谢阅读。
采纳答案by Brian R. Bondy
The best way to do it to cover all cases of opening from any program would be via a file system filter driver. This may be too complex for your needs though.
覆盖从任何程序打开的所有情况的最佳方法是通过文件系统过滤器驱动程序。不过,这对于您的需求来说可能太复杂了。
回答by Luke Quinane
You can use the trick that Process Exploreruses to replace itself with task manager. Basically create a key like this:
您可以使用Process Explorer使用的技巧将自身替换为任务管理器。基本上创建一个这样的键:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Where you replace 'taskmgr.exe'with the name of the process to intercept. Then add a string value called 'Debugger'that has the path to your executable. E.g:
在哪里替换'taskmgr.exe'为要拦截的进程的名称。然后添加一个名为的字符串值'Debugger',该值具有可执行文件的路径。例如:
Debugger -> "C:\windows\system32\notepad.exe"
Debugger -> "C:\windows\system32\notepad.exe"
Every a process is run that matches the image name your process will actually be called as a debugger for that process with the path to the actual process as an argument.
每运行一个与映像名称匹配的进程,您的进程实际上将作为该进程的调试器被调用,并以实际进程的路径作为参数。
回答by Len Holgate
You could use code injection and API redirection. You'd start your target process and then inject a DLL which hooks the windows API functions that you want to intercept. You then get called when the target process thinks it's calling OpenFile() or whatever and you can do what you like before passing the call on to the real API.
您可以使用代码注入和 API 重定向。您将启动目标进程,然后注入一个 DLL,该 DLL 挂钩了您要拦截的 Windows API 函数。然后,当目标进程认为它正在调用 OpenFile() 或其他任何东西时,您会被调用,并且您可以在将调用传递给真正的 API 之前做自己喜欢的事情。
Google for "IAT hooking".
谷歌搜索“IAT 挂钩”。
回答by mic.sca
Windows has an option to encrypt files on the disk (file->properties->advanced->encrypt) and this option is completely transparent to the applications.
Windows 有一个选项来加密磁盘上的文件(文件->属性->高级->加密),这个选项对应用程序是完全透明的。
Maybe to encrypt decrypt file portions of a disk you should consider softwares like criptainer?
也许要加密磁盘的解密文件部分,您应该考虑使用像 criptainer 这样的软件?
There is this software as well http://www.truecrypt.org/downloads(free and open source) but I haven't tried it.
也有这个软件http://www.truecrypt.org/downloads(免费和开源),但我还没有尝试过。
Developing a custom solution sounds very difficult.
开发自定义解决方案听起来非常困难。
