问题描述
哪个用户模式功能在Windows 7中,我可以钩来监视/ 拦截文件访问
Which user-mode functions in Windows 7 can I hook to monitor/intercept file access?
我试过ntdll.dll中的 NtOpenFile(), NtCreateFile(),但有些不是文件 - 他们也很管道和互斥。同样适用于kernel32.dll中的的CreateFile()。是否有一个被称为只访问文件/目录的功能。如果有帮助,我想只挂钩的explorer.exe,以防止访问firefox.exe。我还使用EasyHook,如果您有任何的与它熟悉。
I've tried ntdll.dll's NtOpenFile(), NtCreateFile(), but some of these aren't files - they're also pipes and mutexes. Same goes for kernel32.dll's CreateFile(). Is there a function that is called only to access files/directories. If it helps, I'm trying to only hook explorer.exe to prevent access to firefox.exe. I'm also using EasyHook, if any of you have familiarity with it.
我想我也读的地方,使用的参数从NtOpenFile / NtCreateFile,你可以文件访问/管区分进入。但是,这仍然是一个有点朦胧。是否有一个很好的舒适功能挂钩
I think I've also read somewhere that, using the parameters from NtOpenFile/NtCreateFile, you can distinguish between file access/pipe access. But that's still a bit hazy. Is there a nice comfortable function to hook?
编辑:?请记住我确实需要为拦截文件访问以阻止访问某些文件。 EasyHook是一个很好的解决方案,因为它可以让我在C#中的几个简单的步骤进行复杂的挂钩托管代码。
Please keep in mind I do need to intercept file access to prevent access to some files. EasyHook is a great solution, since it allows me to perform complicated hooking in a few easy steps in C# managed code.
推荐答案
有没有文件打开功能,只有打开的文件。此外,挂钩使用走弯路只支持。最后,你必须确保所有计算机上运行此有.NET 4.0安装,这样他们就可以在进程内的SxS运行。
There is no "file open function" that only opens files. Furthermore, hooking is only supported using Detours. Finally, you must ensure that all computers running this have .NET 4.0 installed, so they can run in-proc SxS.
一个远远优于解决办法是改变文件的权限上firefox.exe。这是一个不需要弯路许可和支持的解决方案。
A far superior solution is to change the file permissions on firefox.exe. This is a solution that requires no licensing of Detours, and is supported.
这篇关于其中用户模式功能挂钩监视/拦截文件访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!