Detecting and preventing writing certain files (i.e .doc) to the hdd using c++.

I am writing an application using c++ and I have 2 questions.
a. How can I get a notification that a user is trying to write a file to the hard drive (any file and a specific file extension) ?
b. After detecting an attempt to write the file to the disk how can I prevent the operation ?
thanks.
iddo_shohamAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Infinity08Commented:
This is certainly not a trivial thing to do.

First of all, what operating system are we talking about ?

Why do you want to use it ? There might be a better way to achieve what you want.

Usually, you can write-protect drives, directories, files for certain users. Is that sufficient ?
0
itsmeandnobodyelseCommented:
>>>> any file and a specific file extension
Your approach will not work even if you get the wished notification. The problem is that when renaming a file you won't get a notification cause it is a change of the directory rather than a change of the file. Also moving a file from one directory to another will give no write action if the directroies were located at the same disk.

If it really makes sense to prevent people from creating files of a specific type, you should remove the programs where they can store such files or give them read-only access for all folders where they shouldn't write to.

Regards, Alex
0
kode99Commented:
In order to do this sort of thing you will need to 'hook' into windows itself.  What this does is provide a notification which executes a callback function,  this is the 'hooked' into the OS.  So every time the OS performs a certain task your callback function will be executed.  It's kind of like writing a custom event to override a default event for a program,  except you can override windows API calls at a low level.

This is tricky business and you may need to filter through a lot of OS events to find the specific ones you want to prevent.  This can lead to performance penalties etc.

Here is a link to a toolkit for C++ and Delphi which can simplify the coding required,

http://www.madshi.net/madCodeHookDescription.htm

Also there is form and some good information about code hooking techniques,

http://help.madshi.net/madCodeHook.htm

0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

grg99Commented:
It's not too hard to do, Windows provides API's for hooking file and directory operations.

That is, if the user is "friendly".  The security system in Windows makes it all too easy for a user to find these hooks and undo them.

0
iddo_shohamAuthor Commented:
Thanks for all of your replies.
Infinity08: the operating system is WinXp, I am writing an application that should be able to allow the administrator to prevent not admin users from saving certain file types to the hdd .
Kode99: thanks for the interesting links, can you point me to the direction to override windows API calls at a low level without using the toolkit?.
grg99: can you please elaborate, what API should I use, can you post some example code .
0
kode99Commented:
MS's documentation,

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/winui/windowsuserinterface/windowing/hooks.asp

Decent article that steps through it,

http://www.devsource.com/article2/0,1895,1969408,00.asp

The madshi site also contains some useful general information about hooking.

There are a crap load of hooking SDK's around but many are just a framework for the win hooking api.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.