C++使用hookapi监控文件操作程序_c++hook打开文件资源-CSDN文库

共27个文件

h：6个

cpp：4个

dll：3个

hookapi

文件监控

4星 · 超过85%的资源需积分: 48 65 浏览量 2014-01-07 14:21:39 上传评论 3 收藏 186KB ZIP 举报

资源推荐

资源详情

资源评论

收起资源包目录

HookFile2.zip （27个子文件）

HookFile

HookFile.user 143B

HookFile.vcxproj 5KB

detours.lib 160KB

detoured.dll 20KB

detours.h 19KB

HookFile.vcxproj.user 376B

detoured.lib 2KB

HookFile.cpp 29KB

HookFile_1.sln 1KB

Debug

detoured.dll 20KB

MyHookFile.dll 89KB

test

res

test.ico 66KB

test.rc2 664B

stdafx.asm 50KB

test.asm 41KB

testDlg.cpp 4KB

test.vcxproj.user 376B

testDlg.asm 67KB

stdafx.h 2KB

test.cpp 2KB

test.h 430B

stdafx.cpp 137B

resource.h 2KB

test.vcxproj 6KB

testDlg.h 704B

targetver.h 234B

test.rc 10KB

#include "afx.h" #define CINTERFACE #include "shobjidl.h" #include "shellapi.h" #include <shlwapi.h> #pragma comment(lib, "shlwapi.lib") #include "psapi.h" #pragma comment(lib,"psapi.lib") #include "detours.h" #pragma comment(lib,"detoured.lib") #pragma comment(lib,"detours.lib") #pragma data_seg("MyData") HHOOK hhook = NULL; #pragma data_seg() #pragma comment(linker,"/section:MyData,rws") bool bTryed = false; bool bIntercepted = false; bool bDontIntercept = false; HANDLE hDllModule = NULL; IFileOperation *pInterface=NULL; typedef WCHAR WPATH[MAX_PATH]; //#define WRITELOG //#define WRITELOGINFO #define MYLOGINFOPATH L"C:\\loginfo.txt" #define MYLOGPATH L"C:\\log.txt" #define DEBUGSTRING #ifdef DEBUGSTRING #define WriteLogInfo DebugString #define WriteLog DebugString #endif BOOL GetFileNameFromHandle(HANDLE hFile,CString &szVolumeName); void Intercept(); void UnIntercept(); HANDLE (WINAPI* Real_CreateFileA)(LPCSTR a0, DWORD a1,DWORD a2, LPSECURITY_ATTRIBUTES a3,DWORD a4,DWORD a5, HANDLE a6)=CreateFileA; HANDLE (WINAPI* Real_CreateFileW)(LPCWSTR a0, DWORD a1,DWORD a2, LPSECURITY_ATTRIBUTES a3,DWORD a4,DWORD a5, HANDLE a6)=CreateFileW; BOOL (WINAPI* Real_WriteFile)(HANDLE a0, LPCVOID a1, DWORD a2,LPDWORD a3, LPOVERLAPPED a4)=WriteFile; BOOL (WINAPI* Real_WriteFileEx)(HANDLE a0, LPCVOID a1, DWORD a2,LPOVERLAPPED a3,LPOVERLAPPED_COMPLETION_ROUTINE a4)=WriteFileEx; void GetTimeAndProssName(CString &strTime,CString &strProssName) { struct tm *t; time_t tt; time(&tt); t=localtime(&tt); strTime.Format("%4d年%02d月%02d日%02d:%02d:%02d",t->tm_year+1900,t->tm_mon,t->tm_mday,t->tm_hour,t->tm_sec,t->tm_min); char path_buffer[_MAX_PATH]; char drive[_MAX_DRIVE]; char dir[_MAX_DIR]; char pname[_MAX_FNAME]; char ext[_MAX_EXT]; GetModuleFileNameEx(GetCurrentProcess(),NULL, path_buffer, MAX_PATH); _splitpath( path_buffer, drive, dir, pname, ext ); strProssName.Format("%s%s",pname,ext); } // ************************************************************************************* void DebugString(const char *fmt,...) { va_list args; TCHAR szText[5000]; va_start(args, fmt); wvsprintf(szText, fmt, args); OutputDebugString(szText); va_end(args); } #ifdef WRITELOGINFO void WriteLogInfo(const char *fmt,...) { va_list args; char temp[5000]={0}; HANDLE hFile; if((hFile =Real_CreateFileW(MYLOGINFOPATH, GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL)) <0) return; int pos = SetFilePointer(hFile, 0, NULL, FILE_END); if (pos != -1) { DWORD dw; va_start(args,fmt); vsprintf(temp, fmt, args); va_end(args); Real_WriteFile(hFile, temp, strlen(temp), &dw, NULL); wsprintfA(temp, "\r\n"); Real_WriteFile(hFile, temp, strlen(temp), &dw, NULL); } CloseHandle(hFile); } #endif // ************************************************************************************* #ifdef WRITELOG void WriteLog(const char *fmt,...) { va_list args; char temp[5000]={0}; HANDLE hFile; if((hFile =Real_CreateFileW(MYLOGPATH, GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL)) <0) return; int pos = SetFilePointer(hFile, 0, NULL, FILE_END); if (pos != -1) { DWORD dw; va_start(args,fmt); vsprintf(temp, fmt, args); va_end(args); Real_WriteFile(hFile, temp, strlen(temp), &dw, NULL); wsprintfA(temp, "\r\n"); Real_WriteFile(hFile, temp, strlen(temp), &dw, NULL); } CloseHandle(hFile); } #endif // ************************************************************************************* BOOL GetFileNameFromHandle(HANDLE hFile,CString &szVolumeName) { TCHAR pszFilename[MAX_PATH+1]; HANDLE hFileMap=NULL; DWORD dwFileSizeHi=0; DWORD dwFileSizeLo=::GetFileSize(hFile, & dwFileSizeHi); if(dwFileSizeLo==0&&dwFileSizeHi==0) { //CloseHandle(hFile); return FALSE; } hFileMap=::CreateFileMapping(hFile,NULL,PAGE_READONLY,0,1,NULL); if(hFileMap) { void *pMem=::MapViewOfFile(hFileMap,FILE_MAP_READ,0,0,1); if(pMem) { if(::GetMappedFileName(GetCurrentProcess(),pMem,pszFilename,MAX_PATH)) { //得到所有磁盘卷的卷序号 char szBuf[500]; int i; DWORD dwVolumeSerialNumber; memset(szBuf,0,sizeof(szBuf)); //通过句柄得到文件的卷序号 //得到卷序号lpFileInformation.dwVolumeSerialNumber BY_HANDLE_FILE_INFORMATION lpFileInformation; if(!GetFileInformationByHandle(hFile,&lpFileInformation)||(lpFileInformation.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)) { //CloseHandle(hFile); return FALSE;//通过句柄得到文件信息失败或者此句柄为文件夹句柄,并非文件句柄 } if(::GetLogicalDriveStrings(sizeof(szBuf)-1,szBuf)) { for(i=0;szBuf[i];i+=4) { //得到卷信息->卷序号 if(!stricmp(&(szBuf[i]),"A:\\")||!stricmp(&(szBuf[i]),"B:\\")) { continue;//忽略软盘(一般不会使用,并且查询它的速度非常之慢) } if(GetVolumeInformation(&(szBuf[i]),NULL,NULL,&dwVolumeSerialNumber,NULL,NULL,NULL,NULL)) { //与lpFileInformation.dwVolumeSerialNumber比较,如果相同,则找到该磁盘 if(dwVolumeSerialNumber==lpFileInformation.dwVolumeSerialNumber) { CString strFilename; strFilename.Format("%s",pszFilename); strFilename=strFilename.Right(strFilename.GetLength()-24); szVolumeName.Format("%s%s",&(szBuf[i]),strFilename); //CloseHandle(hFile); return TRUE; } } } } } UnmapViewOfFile(pMem); } CloseHandle(hFileMap); } //CloseHandle(hFile); return FALSE; } // ************************************************************************************* static UINT GetFilesFromDataObject(IUnknown *iUnknown, WPATH **ppPath)// 获取一次文件操作中所有文件名 { UINT uFileCount = 0; IDataObject *iDataObject = NULL; HRESULT hr = iUnknown->QueryInterface(IID_IDataObject, (void **)&iDataObject); do { if(!SUCCEEDED(hr)) { break; } FORMATETC fmt = { CF_HDROP, NULL, DVASPECT_CONTENT, -1, TYMED_HGLOBAL }; STGMEDIUM stg = { TYMED_HGLOBAL }; if(!SUCCEEDED(iDataObject->GetData(&fmt, &stg))) { break; } HDROP hDrop = (HDROP)GlobalLock(stg.hGlobal); if(hDrop == NULL) { break; } uFileCount = DragQueryFile(hDrop, 0xFFFFFFFF, NULL, 0); if(uFileCount <= 0) { break; } *ppPath = new WPATH[uFileCount]; if(*ppPath != NULL) { for(UINT uIndex = 0; uIndex < uFileCount; uIndex++) { DragQueryFileW(hDrop, uIndex, (*ppPath)[uIndex], MAX_PATH); } } else { uFileCount = 0; } GlobalUnlock(stg.hGlobal); ReleaseStgMedium(&stg); } while (FALSE); return uFileCount; } // ************************************************************************************* HRESULT (__stdcall* Real_CopyItem)(IFileOperation * This,IShellItem *psiItem,IShellItem *psiDestinationFolder, LPCWSTR pszCopyName,IFileOperationProgressSink *pfopsItem)=NULL; HRESULT WINAPI Mine_CopyItem(IFileOperation * This,IShellItem *psiItem,IShellItem *psiDestinationFolder, LPCWSTR pszCopyName,IFileOperationProgressSink *pfopsItem) { HRESULT hr=Real_CopyItem(This,psiItem,psiDestinationFolder,pszCopyName,pfopsItem); return hr; } // ************************************************************************************* HRESULT (__stdcall* Real_CopyItems)(IFileOperation *This,IUnknown *punkItems,IShellItem *psiDestinationFolder)=NULL; HRESULT WINAPI Mine_CopyItems(IFileOperation *This,IUnknown *punkItems,IShellItem *psiDestinationFolder) { CString currentime,processname; GetTimeAndProssName(currentime,processname); WriteLogInfo("时间:%s\t进程:%s",currentime,processname); WriteLogInfo("操作类型：复制(CopyItems)"); HRESULT hr=Real_CopyItems(This,punkItems,psiDestinationFolder); WPATH* srcFileList; int srcFileCount = GetFilesFromDataObject(punkItems, &(srcFileList)); for(int i=0;i

评论收藏

内容反馈

wypyq

2014-05-13

很好很强大谢谢
Honey我爱科比

2022-10-26

可以编译通过，请教楼主怎么使用呢
Jelly-小丑鱼

2023-04-20

坑人啊，大哥，设置钩子后，钩子的回调函数里面啥也没有啊，我就是要你回调里面怎么处理文件操作的代码，而且还有一些函数写成的静态库，源码也没有，你这个拿来别人怎么用，怎么借鉴啊，完全就是骗分啊。。。
tommysheep

2015-12-08

刚开始学习，看不很懂，如果有说明文档神马的就更好了。
qq_34226879

2018-11-27

很好，值得学习