How to hook C++ in Explorer's rename event

Question

I can\'t be clearer than my title. :P

I want to run my program whenever a user renames a file in Windows Explorer (and only within the Explorer). Here\'s a simple mo

Answer 1

I would avoid hooking APIs as much as possible. It gets really ugly really fast.

There are 2 ways I see that you can approach this.
Both ways have a few common factors:

• The ReadDirectoryChangesW API. For a very good implementation of that API, see this article
• You will need to minimize your dependencies, so... Use a Microsoft compiler, link to the DLL runtime, stick to C as much as possible etc. This reduces problems. Loading things into the shell memory space is already problematic enough.

Method one is to use ReadDirectoryChangesW from an Explorer shell extension that does nothing else. Keep it minimal. I'm reasonably sure I saw a "do nothing" shell extension as an example in some of Microsoft's documentation.

Method two would be to package your code as a DLL and use a system hook to get your DLL loaded into Explorer only. The system hook should only load inside Explorer to prevent spurious notifications via ReadDirectoryChangesW.

Hope this helps and that you're not using it for something Evil.

Answer 2

It looks like Windows API hooking may be your best bet. You'll want to intercept all calls related to Windows file renaming (i.e. MoveFile, MoveFileEx, SHFileOperation, possibly more). There are a few commercial and open source solutions; Microsoft Detours, Madshi's madCodeHook, and the free, open source EasyHook.

This approach, when done correctly, will allow you to capture all file renaming on a system.