1. 技术文章
  2. Mini-Filter intercept drag & drop file(s) to disk?

Mini-Filter intercept drag & drop file(s) to disk?

依然范特西╮ 提交于 2019-12-25 06:58:02

问题


I am developing a mini-filter to intercept files and get the name of files which are dragged & dropped to a specific disk and get the file names.

If I drag & drop a file, I can get this file name and intercept it successfully (That's mean this file is not created on disk).

If I drag & drop multiple files, I can only get the first file name and other is not. But when I open the disk, I don't see any file here (That's mean Mini-Filter intercept them successfully). So I can not get the file names (except the first file)

I intercept drag & drop by redirect them:

  1. Get file name by FltGetFileNameInformation() then FltParseFileNameInformation()
  2. Split it two part
    • First is: \Device\HarddiskVolume1\folder\
    • Second is: file.ext
  3. Append a file name for first part: \Device\HarddiskVolume1\folder\new_file.ext
  4. Intercept create on disk
    • Release this buffer: Data->Iopb->TargetFileObject->FileName.Buffer
    • Assign first part to Data->Iopb->TargetFileObject->FileName
    • Set this: Data->Iopb->TargetFileObject->RelatedFileObject = NULL;
    • Data->IoStatus.Information = IO_REPARSE;
    • Data->IoStatus.Status = STATUS_REPARSE;
    • return FLT_PREOP_SUCCESS_NO_CALLBACK;

Above code can only intercept all files and get the first file name.

How can I do to intercept each file when I drag & drop multiple file?


回答1:


I found myself that:

  1. Get file name from Data->Iopb->TargetFileObject->FileName

    • Slipt it two part: file path and file name
    • Change file name to a redirect file name

  2. Delete redirect file name. This step can be run before step #1

    • If redirect file name is not exist, It return STATUS_OBJECT_NAME_NOT_FOUND (0xC0000034). It is not problem for system.
    • If redirect file name is exist. It is OK.



回答2:


Make sure you check the simrep sample from Microsoft they show you how to properly do this. I would not base my assumption that Drag&Drop has a correspondence in the kernel and in the file-system. It can be implemented in user-mode in many ways especially if you are doing it on the same volume. It can be as simple as a rename. Also keep in mind hard-links and symboliclinks and alternate data streams.

Good luck.



来源:https://stackoverflow.com/questions/28209772/mini-filter-intercept-drag-drop-files-to-disk

标签
c++
drag-and-drop
driver
minifilter
kernel-mode
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!