We help IT Professionals succeed at work.

Capturing File copy/delete/rename  thru Shell Extension or other means..

ferozgora
ferozgora asked
on
There is a shell extension interface ICopyHook which gets called when there is copy / rename / delete  operation on the FOLDERS (and PRINTERS). By implementing this interface you could deny / allow these
operations on the file system thru Shell (Explorer or Common dialog boxes ).
Question :
I would like to do the same for the FILES too. I didn't find anything in the Shell extension though. How to do this with any other apporach ? Want to do this in the User space.
 
Comment
Watch Question

Commented:
You need to write drivers to allow/deny file actions, and the drivers are totally different for win9x and winNT based systems, sorry for the bad news...   :-(

Regards, Madshi.

Author

Commented:
Thanks Madshi for the response.
I was looking for the specific feature of Shell extension in ICopyHook . The copy - paste . If this operation is performed on a folder shell calls into the Icopyhook handler if present. I wanted a similar for files too possibly thru Shell. Else any other way . At driver leve it would not serve the purpose for me.

Commented:
You could possibly hook the API SHFileOperation system wide. Would that help? That's no easy task, though...

Author

Commented:
If I can hook to the SHFileOperation and get called for all file operations ( copy,cut-paste in perticular)(without effecting system performance) that would be great. Any idea how I can hookup to it ? I'll go thru the docs in the mean time. Thanks.

Commented:
Ehm, well, not for copy/paste itself, but for the following file operations. Do you really need to hook the copy/paste itself? In that case it gets *very* complicated. You could try to hook Ctrl-C + Ctrl-V + Ctrl-X and the menues, too. But that's really ugly...   :-(   For what purpose do you need this stuff? Is there really no other way?

Author

Commented:
Yup that would be really ugly. But your previous comment of hooking upto ShFileOperation made me think if there is a way I can intercept SHFileOperation() call by shell and override it. The purpose is to avoid stuff getting copied from my file system to anywhere else.
Commented:
Okay, then we're talking about API hooking. That's still a bit ugly, but at least there are solutions which work quite fine. Here is my solution:

http://help.madshi.net/Data/madCodeHook.htm

It's a little standard dll (free for non-commercial usage), which allows you to hook a specified API in the current process. If you only want to hook SHFileOperation inside of the shell (I'm not sure if I understood you right), you need to do this:

(1) Write a little dll yourself, this dll will do all the dirty work.
(2) Inject this dll into the shell process (which is explorer.exe), e.g. by using the function InjectLibrary (part of madCodeHook).

The dll should just hook SHFileOperation in the current process, check the parameters, and either allow or deny the operation, depending on whether you like the parameters or not...

My dll works identically fine for win9x and winNT based systems.

Regards, Madshi.

Commented:
P.S: My bed is calling. See ya tomorrow...

Explore More ContentExplore courses, solutions, and other research materials related to this topic.