TJ_The_Dude
asked on
Intercepting file operations (Madshi?)
Short question: How can I prevent the user from deleting a file (system wide)?
More elaborate question: This is for a program that's going to be used in kiosk mode (lan house, etc). There's an interface which limits the programs that the user can open, and he can't use alt+tab or ctrl+alt+del or the Windows key. However, the user can just open any available program (Internet Explorer, the Office suite) that has a file open/save menu and he will have access to the explorer shell (enough access to move stuff around and delete files). What I want to do is to intercept file operations (especially deletion) and deny the action. I tried doing this with hooks (DeleteFileA, DeleteFileW, SHFileOperation), but it didn't work. Works fine for programs, but the explorer shell can still delete the files.
The intended platform is Windows XP, but in the future I'd like to make it work with Win98 also, so setting user permissions doesn't seem like a very good idea.
More elaborate question: This is for a program that's going to be used in kiosk mode (lan house, etc). There's an interface which limits the programs that the user can open, and he can't use alt+tab or ctrl+alt+del or the Windows key. However, the user can just open any available program (Internet Explorer, the Office suite) that has a file open/save menu and he will have access to the explorer shell (enough access to move stuff around and delete files). What I want to do is to intercept file operations (especially deletion) and deny the action. I tried doing this with hooks (DeleteFileA, DeleteFileW, SHFileOperation), but it didn't work. Works fine for programs, but the explorer shell can still delete the files.
The intended platform is Windows XP, but in the future I'd like to make it work with Win98 also, so setting user permissions doesn't seem like a very good idea.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
It's been a long time since I last used COM that way, but are you sure they're not suited?
I remember having written a copy hook which required a password to copy a certain
file... anyway, if you're really sure...
Cheers,
Andrew
It's been a long time since I last used COM that way, but are you sure they're not suited?
I remember having written a copy hook which required a password to copy a certain
file... anyway, if you're really sure...
Cheers,
Andrew
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Gloomy,
To say the truth there's *no* real way to completely solve the issue.
Even with a driver, it would be enough to use a LiveCD edition of Linux and
anyone would be able to do basically anything on the computer, through
terminal and/or GUI.
Even if NTFS partitions can't be written to from Linux as to now( which I
beleive won't last long yet ), it's however possible( if I'm not wrong ) to
delete files from them.
Thus the issue has no definite solution.
But since the PC is already heavily patched in order to avoid some tasks,
I beleive a driver would really be overkill.
All this, obviously, imho.
HTH,
Andrew
To say the truth there's *no* real way to completely solve the issue.
Even with a driver, it would be enough to use a LiveCD edition of Linux and
anyone would be able to do basically anything on the computer, through
terminal and/or GUI.
Even if NTFS partitions can't be written to from Linux as to now( which I
beleive won't last long yet ), it's however possible( if I'm not wrong ) to
delete files from them.
Thus the issue has no definite solution.
But since the PC is already heavily patched in order to avoid some tasks,
I beleive a driver would really be overkill.
All this, obviously, imho.
HTH,
Andrew
;-)
So, TJ_The_Dude even don't try to do it! ;-)))
So, TJ_The_Dude even don't try to do it! ;-)))
LOL
U nasty! ;-)
Andrew
U nasty! ;-)
Andrew
>To say the truth there's *no* real way to completely solve the issue.
By the way. You can write the you own FS. ;-) It's possible;-)
By the way. You can write the you own FS. ;-) It's possible;-)
LOL
Well, if you wanna know, I'm thinking of writing a new OS <g>.
But that's another matter... <g>.
Andrew
Well, if you wanna know, I'm thinking of writing a new OS <g>.
But that's another matter... <g>.
Andrew
So... no cigar? I'm off to trying to monitor API calls made by Explorer.exe when deleting a file...
Still waiting...
Still waiting...
I think my problem is that Explorer probably uses kernel mode functions like NtDeleteFile and ZwDeleteFile
LOL,
I told you: if you have D6/7, try looking at the Sample components.
I found an API some time ago that allowed this kind of monitoring.
HTH,
Andrew
P.S. Maybe it's the fact I am a bit tired, but I felt your message as
rude... again, I may be misunderstanding, but that's the way I felt it.
It's been given LOTS of informations on file deletions, along with
lots of useless( for you ) infos. :-)
HTH,
Andrew
I told you: if you have D6/7, try looking at the Sample components.
I found an API some time ago that allowed this kind of monitoring.
HTH,
Andrew
P.S. Maybe it's the fact I am a bit tired, but I felt your message as
rude... again, I may be misunderstanding, but that's the way I felt it.
It's been given LOTS of informations on file deletions, along with
lots of useless( for you ) infos. :-)
HTH,
Andrew
ASKER
I didn't mean to be rude in my previous comments, nor could I sense any offensiveness by re-reading my posts. Anyway, I've checked and double checked, and copy hook extensions can only monitor folders.
ASKER
And the TShellChangeNotifier (or anything using the SHChangeNotify API) will only notify you of changes or deletions AFTER they've taken place - no use for me.
>copy hook extensions can only monitor folders.
Then write you own hook ;-)
Then write you own hook ;-)
ASKER
What do you mean?
BTW, are 500 points not enough?
BTW, are 500 points not enough?
Hi,
Use API SHChangeNotify :-)
That api notifies you when a file's being deleted, among other things, but I'm unsure if you can
stop the deletion process.
HTH,
Andrew
Use API SHChangeNotify :-)
That api notifies you when a file's being deleted, among other things, but I'm unsure if you can
stop the deletion process.
HTH,
Andrew
>What do you mean?
I mean, that you need
1. System wide hook on all file API that allow to delete file.
OR
2. Driver
I mean, that you need
1. System wide hook on all file API that allow to delete file.
OR
2. Driver
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yup :-)
The thing is, if I block all those deletion functions, every other program I've tried is unable to delete files, EXCEPT Explorer.exe (= the shell).
I did some monitoring and it indeed uses the NtSetFileInformation function. I'll take a look at it. Oh, and if it turns out to be the one I need to hook, I'll give ya the points.
The thing is, if I block all those deletion functions, every other program I've tried is unable to delete files, EXCEPT Explorer.exe (= the shell).
I did some monitoring and it indeed uses the NtSetFileInformation function. I'll take a look at it. Oh, and if it turns out to be the one I need to hook, I'll give ya the points.
Hi
I've was wondering how you do this in code? I'm in the excact same problem, and would like to know if your solution could help me too :)
Best regards
Jonas
I've was wondering how you do this in code? I'm in the excact same problem, and would like to know if your solution could help me too :)
Best regards
Jonas
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER