Hook into the Windows File Copy API from C++

拜拜、爱过 提交于 2019-12-12 12:33:45

问题


I need to hook copyfile in order to stop the process whenever a malicious file is being copied. I saw a question asked by Cat Man Do

Hook into the Windows File Copy API from C#

and he mentioned that there is a solution for this problem in c++. I am using embarcadero c++ builder(non-MFC). Is this solution applicable for c++ builder and if it is can anybody post the link or give me a hint on how to hook copyfile in c++?


回答1:


You're not being specific about what you mean by "stop the process" - whether there is a specific process you are interested in, or whether you want to block all file copies throughout the entire system. If you want to block all file copies throughout the system, then what you're looking for is a file system filter driver. This is extremely advanced, since you will be writing a kernel-mode driver. Not for the faint of heart. Note also that you may end up being flagged as malware yourself, since malware will try to hook the file system in order to hide themselves.




回答2:


I recommend using Deviare API hook to do it. You can use its COM objects to intercept CopyFile and CopyFileEx APIs and prevent the call returning ACCESS DENIED in the last error.



来源:https://stackoverflow.com/questions/8201352/hook-into-the-windows-file-copy-api-from-c

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!