.net – 用于防止文件删除的简单API挂钩?
当用户通过挂钩所需的API函数并在mesagebox中询问一个简单的布尔问题“你真的要删除这个文件吗?”时,我想截取当用户删除任何目录上的文件时,问题是表示我希望控制文件,删除文件或防止删除的示例.
我的操作系统是Windows 8 x64,但我想在其他Windows操作系统和它们的arquitechtures中编写一种通用方法(如果这样做不会让人头疼更难). 在这个SO问题中,我已经读过,最好的选择是通过我看到的方式挂钩NtSetFileInformation函数Intercept FIleSytemCall for Deletion,它存在名为DeleteFile的WinAPI函数以及接口ICopyHook,我不知道它们之间的差异,但是无论如何我真的不知道如何开始这样做……
编辑:我发现了一个关于NtSetFileInformation的EasyHook库示例,它似乎非常适合我的需求,但它是C#代码,我试图翻译它没有成功:Hooking NtCreateFile API from ntdll.dll with EasyHook (c#) 所以,我已经尝试过Deviare库2.6,但什么也没做: Public Class Form1 Private _mgr As Deviare2.NktSpyMgr = Nothing Private WithEvents _hook As Deviare2.NktHook = Nothing Private _proc As Deviare2.INktProcess = Nothing Private Shadows Sub Shown() Handles MyBase.Shown _mgr = New Deviare2.NktSpyMgr() _hook = _mgr.CreateHook("ntdll.dll!NtSetFileInformation",Nothing) _hook.Hook() End Sub Private Sub OnFunctionCalled(ByVal proc As Deviare2.INktProcess,ByVal callInfo As Deviare2.INktHookCallInfo,ByVal rCall As Deviare.IRemoteCall) Handles _hook.OnFunctionCalled MsgBox("Caught function call in " & proc.Name) End Sub End Class 基本上上面的代码与@mazoula在这里回答的相同hooking another program’s calls to winapi functions in vb.net,他说代码对他有用,但我已经按原样尝试了(没有在上面做我的修改)并在_hook.Attach(_mgr)抛出了一个例外.Processes)指令. 我也尝试使用EasyHook库但是当我从Explorer.exe或CMD中删除文件时再没有做任何事情,代码是这个C#代码http://www.codeproject.com/Questions/528094/DeleteFileplushookingpluswithplusEasyHookplussucce的翻译: Imports System.Runtime.InteropServices Imports EasyHook Public Class Form1 <DllImport("kernel32.dll",CharSet:=CharSet.Unicode,CallingConvention:=CallingConvention.StdCall)> Private Shared Function DeleteFile(filename As String) As Integer End Function <UnmanagedFunctionPointer(CallingConvention.StdCall,CharSet:=CharSet.Unicode)> Private Delegate Function DeleteFileHandler(filename As String) As Integer Private Shared deleted As Boolean = False public Function DeleteFileHookInstance(filename As String) As Integer MsgBox("works?") If deleted Then deleted = False Return 1 End If If MessageBox.Show((Convert.ToString("Do you really want to delete file ") & filename) + "?","Confirm delete file",MessageBoxButtons.YesNo,MessageBoxIcon.Question) = DialogResult.Yes Then deleted = True Return DeleteFile(filename) Else Return 1 End If 'Assume the call is successfull End Function Public Sub Run() Dim hook As EasyHook.LocalHook Try MsgBox("Creating...") hook = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll","DeleteFileW"),New DeleteFileHandler(AddressOf DeleteFileHookInstance),Me) 'It stops here,the main interface receives the reported status 'Creating...' seemly forever,I understand that is for the unexpected restarting of explorer.exe MsgBox("Completing...") hook.ThreadACL.SetExclusiveACL(New Integer() {0}) RemoteHooking.WakeUpProcess() MsgBox("OK") Catch ex As Exception MsgBox("CreateHook failed: " + ex.Message) System.Diagnostics.Process.GetCurrentProcess().Kill() End Try While True Application.DoEvents() End While End Sub Private Sub Form1_Load(sender As Object,e As EventArgs) Handles MyBase.Load Run() End Sub End Class
如果是我,我会重新审视我的架构,看看我是否真的需要阻止任何和所有文件删除.可能你只需要防止几个敏感目录中的删除(可能只是这些目录中的一些敏感文件).这应该是一个不那么恼人的用户界面.
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |