问题
Context to prevent an XY Problem: (Because there very well might be a simplier solution)
My goal is to track explorer.exe
's file movement when the user drags files around (as well as uses clipboard cut and copy stuff). I tried to solve this with a Windows Shell Extension, however the interfaces that I implemented never seemed to do trigger. I followed this guide from CodeProject which worked beautifully. However, when I implemented the IFileOperation interface, none of my functions were ever called by explorer.exe
during these user operations (is there another place I'm supposed to add to the *.rgs
file from the tutorial? Some specific registration location for the IFileOperation interface like txtfile was for the context menu?).
In response, have written a DLL file that hooks ntdll.dll
function calls using mhook
and this other CodeProject tutorial, which all takes place within DLLMain
. Instead of using the AppInit
registry entry as in the tutorial, I used a third party DLL injection program to force explorer.exe
to load my DLL. By filtering NtReadFile
, NtWriteFile
, and NtSetInformationFile
calls, I can differentiate between move and copy operations. It worked pretty well!
Problem:
Code injection is hacky though, so I went back and merged my DLLMain
with the first guide so that my hooking code resides within a shell extension. When explorer.exe
loads the shell extension, my hooking code gets executed as well. Well, explorer.exe
is smart and only loads DLLs as it needs them. In order for my hooking code to start working, I need to right click a text file in order to invoke the original guide's shell extension code, at which point the DLL seems to stay loaded from then on.
Question:
Is there a shell extension interface that I can pseudo implement in order to get explorer.exe
to load my shell extension on startup, and never unload it? Is there a more elegant solution to what I'm doing?
Edit: There is a similar post concerning a BHO, which loads with both explorer.exe
and iexplorer.exe
at start up. I had thought it was just an IE thing when I read that, but I was wrong. There is an additional key (NoExplorer) you can write to prevent explorer.exe
from loading it, but is there a similar command to prevent IE from loading it? All of my searches keep bringing up NoExplorer.
Edit: Through a little bit of empirical experimentation, the ICopyHook interface is as close to a persistent shell extension as it gets. The reason IFileOperation wasn't being called was because explorer.exe
does not call it, but rather it comes from other programs requesting the shell to do a specific operation under that interface. In any case, I've implemented a rather empty ICopyHook shell extension and it seems to load into explorer.exe
shortly after startup, although it is very nondeterministic. If anyone has a better solution, please do share.
回答1:
There is an additional key (NoExplorer) you can write to prevent explorer.exe from loading it, but is there a similar command to prevent IE from loading it?
Simply return FALSE in DllMain DLL_PROCESS_ATTACH when your shell extension is loaded by Internet Explorer.
来源:https://stackoverflow.com/questions/17956272/get-explorer-exe-to-load-my-extension-from-startup