Intercepting file access
Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance
Date: Fri, 21 Jan 2005 10:49:43 -0000
Hi all,
I'm considering a project that would involve 'catching' file access calls to
my hard drive, so if an app tries to read a file I can intercept the call
and supply my own data to the call (or replace the file with my own data).
I was assuming the NTFS API would have support for this sort of thing, but I
can't see any documentation in the SDK about how to do it. I guess I could
also 'implement' a file system, just handing every call on to the NTFS file
system except the one I want, but I can't see how to do that either.
Could anyone point me in the right direction, or tell me it's impossible?
Ideally I'd like something to work on any Windows platform from 2000 later,
but a WinXP/Win2003 only solution would still be interesting.
Thanks,
Dave
Relevant Pages
- File interception API
... so if an app tries to read a file I can intercept the call ... I was assuming the NTFS API would have support for this sort of thing, ... also 'implement' a file system, just handing every call on to the NTFS file ...
(microsoft.public.win2000.developer) - Intercepting file access
... so if an app tries to read a file I can intercept the call ... I was assuming the NTFS API would have support for this sort of thing, ... also 'implement' a file system, just handing every call on to the NTFS file ...
(microsoft.public.win2000.file_system) - Re: AppArmor FAQ
... Without security labeling of the objects being accessed, you can't protect against software flaws, which has been a pretty fundamental and widely understood requirement in general computing for at least a decade. ... And that's why apparmor should be implemented as a stackable file system with a container mechanism, and I implemented such a thing back in 2003, albiet mostly just proof of concept and a horribly written paper, so never got published beyond a tech report. ... on disk labeling is not necessarily an easy mechanism for app armor type things as it's not easy to use and different applications have different requirements so end up w/ multiple labels attached that are difficult to understand. ... The same underlying FS could be used by multiple distinct applications w/ distinct security issues, and one could even combine it with something like unionfs to give each domain a separate writable area, avoiding the "output file issue", where output filess could be used to attack the system. ...
(Linux-Kernel) - Re: Leaving files open on CE device 100% of the time
... assuming your app has a window. ... I know the object store file system does not ... >> you have your own internal buffering, and didn't actually do the write). ... >> Have an opinion on the effectiveness of Microsoft Embedded newsgroups? ...
(microsoft.public.windowsce.embedded) - Re: The problem with Macs ....
... the file system ASAP, where others can find it too. ... install something I want it to appear in a menu, ... just drag the app to the Trash. ... As long as that's what you intended / expected them to do Tim? ...
(uk.comp.sys.mac) |
|
