监控目录(300分)(300分)

anson · 2003-02-20

我有一个目录，远端机器随时向这个目录写文件，我需要实时监控这个目录， 一旦有文件copy,move,delete,rename等操作，截获此操作，并提示是否取消此操作。 我用FindNextChangeNotification ，FindFirstChangeNotification FindCloseChangeNotification，只能监视它，但不能取消它，请各位大侠帮我一下， 分数还可以加。

xzh2000 · 2003-02-20

关注

coolbaby · 2003-02-20

试试shell 钩子

anson · 2003-02-20

与查毒功能差不多

爱元元的哥哥 · 2003-02-20

写驱动啊，我给你一个显成的代码吧！ // 司马华鹏 //====================================================================== // // FILEMON.c - main module for VxD FILEMON // // Copyright (C) 1996-2000 Mark Russinovich and Bryce Cogswell // //====================================================================== #define   DEVICE_MAIN #include  <vtoolsc.h> #include  "../exe/ioctlcmd.h" #include  "filemon.h" #undef    DEVICE_MAIN //---------------------------------------------------------------------- //                     G L O B A L   D A T A //---------------------------------------------------------------------- // // Indicates if the GUI wants activity to be logged // BOOLEAN                 FilterOn = FALSE; // // Global filter (sent to us by the GUI) // FILTER                  FilterDef; // // Array of process and path filters // ULONG                   NumIncludeFilters = 0; PCHAR                   IncludeFilters[MAXFILTERS]; ULONG                   NumExcludeFilters = 0; PCHAR                   ExcludeFilters[MAXFILTERS]; // // Real service pointers with the hook thunks // ppIFSFileHookFunc       PrevIFSHookProc; // // Hash table data // PHASH_ENTRY        HashTable[NUMHASH]; // // Buffer data // PLOG_BUF        Log = NULL; ULONG        Sequence = 0; // // Maximum amount of buffers we will grab for buffered unread data // ULONG        NumLog = 0; ULONG        MaxLog = 5; // // Semaphore for critical sections // SEMHANDLE               LogMutex, HashMutex, FilterMutex; // // Unknown error string // CHAR                    errstring[32]; //---------------------------------------------------------------------- //                    F O R W A R D S //---------------------------------------------------------------------- BOOLEAN ApplyFilters(     PCHAR Text     ); //---------------------------------------------------------------------- //                   V X D  C O N T R O L //---------------------------------------------------------------------- // // Device declaration // Declare_Virtual_Device(FILEMON) // // Message handlers - we only care about dynamic loading and unloading // DefineControlHandler(SYS_DYNAMIC_DEVICE_INIT, OnSysDynamicDeviceInit); DefineControlHandler(SYS_DYNAMIC_DEVICE_EXIT, OnSysDynamicDeviceExit); DefineControlHandler(W32_DEVICEIOCONTROL, OnW32Deviceiocontrol); //---------------------------------------------------------------------- // // ControlDispatcher // // Multiplexes incoming VxD messages from Windows to their handlers. // //---------------------------------------------------------------------- BOOL __cdecl ControlDispatcher(     DWORD dwControlMessage,     DWORD EBX,     DWORD EDX,     DWORD ESI,     DWORD EDI,     DWORD ECX     ) {     START_CONTROL_DISPATCH         ON_W32_DEVICEIOCONTROL(OnW32Deviceiocontrol);         ON_SYS_DYNAMIC_DEVICE_INIT(OnSysDynamicDeviceInit);         ON_SYS_DYNAMIC_DEVICE_EXIT(OnSysDynamicDeviceExit);     END_CONTROL_DISPATCH     return TRUE; } //---------------------------------------------------------------------- //      P A T T E R N   M A T C H I N G   R O U T I N E S //---------------------------------------------------------------------- //---------------------------------------------------------------------- // // MatchOkay // // Only thing left after compare is more mask. This routine makes // sure that its a valid wild card ending so that its really a match. // //---------------------------------------------------------------------- BOOLEAN MatchOkay(     PCHAR Pattern     ) {     //     // If pattern isn't empty, it must be a wildcard     //     if( *Pattern && *Pattern != '*' ) {           return FALSE;     }     //     // Matched     //     return TRUE; } //---------------------------------------------------------------------- // // MatchWithPattern // // Performs nifty wildcard comparison. // //---------------------------------------------------------------------- BOOLEAN MatchWithPattern(     PCHAR Pattern,     PCHAR Name     ) {     CHAR   upcase;     //     // End of pattern?     //     if( !*Pattern ) {         return FALSE;     }     //     // If we hit a wild card, do recursion     //     if( *Pattern == '*' ) {         Pattern++;         while( *Name && *Pattern ) {             if( *Name >= 'a' && *Name <= 'z' )                 upcase = *Name - 'a' + 'A';             else                 upcase = *Name;             //             // See if this substring matches             //             if( *Pattern == upcase || *Name == '*' ) {                 if( MatchWithPattern( Pattern+1, Name+1 )) {                     return TRUE;                 }             }             //             // Try the next substring             //             Name++;         }         //         // See if match condition was met         //         return MatchOkay( Pattern );     }     //     // Do straight compare until we hit a wild card     //     while( *Name && *Pattern != '*' ) {         if( *Name >= 'a' && *Name <= 'z' )             upcase = *Name - 'a' + 'A';         else             upcase = *Name;         if( *Pattern == upcase ) {             Pattern++;             Name++;         } else {             return FALSE;         }     }     //     // If not done, recurse     //     if( *Name ) {         return MatchWithPattern( Pattern, Name );     }     //     // Make sure its a match     //     return MatchOkay( Pattern ); } //---------------------------------------------------------------------- //            B U F F E R   M A N A G E M E N T //---------------------------------------------------------------------- //---------------------------------------------------------------------- // // FilemonFreeLog // // Frees all the data output buffers that we have currently allocated. // //---------------------------------------------------------------------- VOID FilemonFreeLog(     VOID     ) {     PLOG_BUF prev;         //     // Just traverse the list of allocated output buffers     //     while( Log ) {         prev = Log->Next;         PageFree( Log->Handle, 0 );         Log = prev;     } } //---------------------------------------------------------------------- // // FilemonNewLog // // Called when the current buffer has filled up. This moves us to the // pre-allocated buffer and then allocates another buffer. // // Returns FALSE if another thread is already allocating a buffer. // //---------------------------------------------------------------------- BOOLEAN FilemonNewLog( VOID     ) {     PLOG_BUF prev = Log, newLog;     static busyAllocating = FALSE;     MEMHANDLE hNewLog;     //     // If we have maxed out or haven't accessed the current Log     // just return.     //     if( MaxLog == NumLog ) {         Log->Len = 0;         return TRUE;     }     //     // If the output buffer we currently are using is empty, just     // use it, or if we are busy already allocating a buffer, return     //     if( !Log->Len || busyAllocating ) {         return !busyAllocating;     }     //     // Allocate a new output buffer. Release lock to prevent deadlock     // on reentrance (allocating memory can result in file I/O)     //     busyAllocating = TRUE;     dprintf("Pageallocate: num:%d/n", NumLog );     Signal_Semaphore( LogMutex );     PageAllocate(LOGBUFPAGES, PG_SYS, 0, 0, 0, 0, NULL, PAGELOCKED,                  (PMEMHANDLE) &hNewLog, (PVOID) &newLog );     Wait_Semaphore( LogMutex, BLOCK_SVC_INTS );     dprintf("Pageallocate done: num:%d/n", NumLog );     busyAllocating = FALSE;     if( newLog ) {         //         // Allocation was successful so add the buffer to the list         // of allocated buffers and increment the buffer count.         //         Log       = newLog;         Log->Handle = hNewLog;         Log->Len  = 0;         Log->Next = prev;         NumLog++;     } else {         //         // The allocation failed - just reuse the current buffer         //         Log->Len = 0;     }     return TRUE; } //---------------------------------------------------------------------- // // FilemonOldestLog // // Goes through the linked list of storage buffers and returns the // oldest one. // //---------------------------------------------------------------------- PLOG_BUF FilemonOldestLog(     VOID     ) {     PLOG_BUF  ptr = Log, prev = NULL;     //     // Traverse the list     //         while ( ptr->Next ) {         ptr = (prev = ptr)->Next;     }     //     // Remove the buffer from the list     //     if ( prev ) {         prev->Next = NULL;         }     NumLog--;     return ptr; } //---------------------------------------------------------------------- // // FilemonResetLog // // When a GUI is no longer communicating with us, but we can't unload, // we reset the storage buffers. // //---------------------------------------------------------------------- VOID FilemonResetLog(     VOID     ) {     PLOG_BUF  current, next;     //     // Traverse the list of output buffers     //     current = Log->Next;     while( current ) {         //         // Free the buffer         //         next = current->Next;         PageFree( current->Handle, 0 );         current = next;     }     //     // Move the output pointer in the buffer that's being kept     // the start of the buffer.     //     Log->Len = 0;     Log->Next = NULL; } //---------------------------------------------------------------------- // // LogRecord // // Add a new string to Log, if it fits. // //---------------------------------------------------------------------- VOID LogRecord(     ULONG time,     ULONG datetimelo,     ULONG datetimehi,     const char *format,     ...     ) {     PENTRY Entry;     ULONG len;     va_list arg_ptr;     static CHAR text[MAXPATHLEN*3];     //     // If no filtering is desired, don't bother     //     if( !FilterOn ) {           return;     }     //     // Lock the output buffer.     //     Wait_Semaphore( LogMutex, BLOCK_SVC_INTS );     //     // Vsprintf to determine length of the buffer     //     _asm cld;     va_start( arg_ptr, format );     len = vsprintf( text, format, arg_ptr );     va_end( arg_ptr );     //     // Only log it if the text passes the filters     //     if( ApplyFilters( text )) {         //         // If the current output buffer is near capacity, move to a new         // output buffer         //         if( (ULONG) (Log->Len + len + sizeof(ENTRY) +1) >= LOGBUFSIZE ) {             if( !FilemonNewLog() ) {                   //                 // Just return if a thread is in the process                 // of allocating a buffer.                 //                 Signal_Semaphore( LogMutex );                 return;             }         }         //         // Extract the sequence number and Log it         //         Entry = (void *)(Log->Data+Log->Len);         Entry->seq = Sequence++;         Entry->perftime.u.LowPart = time;         Entry->perftime.u.HighPart = 0;         Entry->datetime.u.HighPart = datetimehi;         Entry->datetime.u.LowPart  = datetimelo;         _asm cld;         memcpy( Entry->text, text, len + 1 );           //         // Log the length of the string, plus 1 for the terminating         // NULL           //           Log->Len += (Entry->text - (PCHAR) Entry) + len + 1;     }       //     // Release the output buffer lock     //     Signal_Semaphore( LogMutex ); } //---------------------------------------------------------------------- //       H A S H   T A B L E   M A N A G E M E N T //---------------------------------------------------------------------- //---------------------------------------------------------------------- // // FilemonHashCleanup // // Called when we are unloading to free any memory that we have // in our possession. // //---------------------------------------------------------------------- VOID FilemonHashCleanup(     VOID     ) {     PHASH_ENTRY hashEntry, nextEntry;     ULONG    i;       //     // Free the hash table entries     //     for( i = 0; i < NUMHASH; i++ ) {         hashEntry = HashTable;         while( hashEntry ) {             nextEntry = hashEntry->Next;             HeapFree( hashEntry, 0 );             hashEntry = nextEntry;         }     } } //---------------------------------------------------------------------- // // FilemonLogHash // // Logs the key and associated fullpath in the hash table. // //---------------------------------------------------------------------- VOID FilemonLogHash(     int Drive,     fh_t Filenumber,     PCHAR Fullname     ) {     PHASH_ENTRY     newEntry;     //     // Allocate a new entry     //     newEntry = HeapAllocate( sizeof(HASH_ENTRY) + strlen(Fullname)+1, 0 );     if( !newEntry ) return;     //     // Initialize the new entry.     //     newEntry->filenumber = Filenumber;     newEntry->drive      = Drive & 0xFF;     strcpy( newEntry->FullName, Fullname );     //     // Lock the hash table and insert the new entry.     //     Wait_Semaphore( HashMutex, BLOCK_SVC_INTS );     newEntry->Next = HashTable[ HASHOBJECT(Filenumber) ];     HashTable[ HASHOBJECT(Filenumber) ] = newEntry;     Signal_Semaphore( HashMutex ); } //---------------------------------------------------------------------- // // FilemonFreeHashEntry // // When we see a file close, we can free the string we had associated // with the fileobject being closed since we know it won't be used // again. // //---------------------------------------------------------------------- VOID FilemonFreeHashEntry(     int Drive,     fh_t Filenumber     ) {     PHASH_ENTRY hashEntry, prevEntry;     Wait_Semaphore( HashMutex, BLOCK_SVC_INTS );     //     // Look-up the entry.     //     hashEntry = HashTable[ HASHOBJECT( Filenumber ) ];     prevEntry = NULL;     while( hashEntry &&            hashEntry->filenumber != Filenumber &&            hashEntry->drive != (Drive & 0xFF)) {         prevEntry = hashEntry;         hashEntry = hashEntry->Next;     }     //       // If we fall of the hash list without finding what we're looking     // for, just return.     //     if( !hashEntry ) {         Signal_Semaphore( HashMutex );         return;     }     //     // Got it! Remove it from the list     //     if( prevEntry ) {         prevEntry->Next = hashEntry->Next;     } else {         HashTable[ HASHOBJECT( Filenumber )] = hashEntry->Next;     }     //     // Free the memory associated with the name of the free entry.     //     HeapFree( hashEntry, 0 );     Signal_Semaphore( HashMutex ); } //---------------------------------------------------------------------- //    F I L T E R  A N D  P R O C E S S  N A M E  R O U T I N E S //---------------------------------------------------------------------- //---------------------------------------------------------------------- // // ErrorString // // Returns the string form of an error code. // //---------------------------------------------------------------------- PCHAR ErrorString(     DWORD retval     ) {     switch( retval ) {     case ERROR_INVALID_FUNCTION:         return "INVALIDFUNC";     case ERROR_SUCCESS:         return "SUCCESS";     case ERROR_OUTOFMEMORY:         return "OUTOFMEM";     case ERROR_ACCESS_DENIED:         return "ACCDENIED";     case ERROR_PATH_NOT_FOUND:         return "NOTFOUND";     case ERROR_TOO_MANY_OPEN_FILES:         return "TOOMANYOPEN";     case ERROR_FILE_NOT_FOUND:         return "NOTFOUND";     case ERROR_NO_MORE_ITEMS:         return "NOMORE";     case ERROR_GEN_FAILURE:         return "GENFAILURE";     case ERROR_MORE_DATA:         return "MOREDATA";     case ERROR_INVALID_DRIVE:         return "INVALIDDRIVE";     case ERROR_NOT_SAME_DEVICE:         return "DIFFERENTDEVICE";     case ERROR_WRITE_PROTECT:         return "WRITEPROTECTED";     case ERROR_SHARING_VIOLATION:         return "SHARING";     case ERROR_BAD_UNIT:         return "BADUNIT";     case ERROR_NOT_READY:         return "NOTREADY";     case ERROR_NO_MORE_FILES:         return "NOMORE";     case ERROR_BAD_COMMAND:         return "BADCOMMAND";     case ERROR_INVALID_HANDLE:         return "INVALIDHANDLE";     case ERROR_DEV_NOT_EXIST:         return "DEVDOESNOTEXIST";     default:         sprintf(errstring, "0x%x", retval );         return errstring;     } } //---------------------------------------------------------------------- // // FilemonFreeFilters // // Fress storage we allocated for filter strings. // //---------------------------------------------------------------------- VOID FilemonFreeFilters(     VOID     ) {     ULONG   i;     for( i = 0; i < NumIncludeFilters; i++ ) {         HeapFree( IncludeFilters, 0 );     }     for( i = 0; i < NumExcludeFilters; i++ ) {         HeapFree( ExcludeFilters, 0 );     }     NumIncludeFilters = 0;     NumExcludeFilters = 0; } //---------------------------------------------------------------------- // // MakeFilterArray // // Takes a filter string and splits into components (a component // is seperated with a ';') // //---------------------------------------------------------------------- VOID MakeFilterArray(     PCHAR FilterString,     PCHAR FilterArray[],     PULONG NumFilters     ) {     PCHAR filterStart;     ULONG filterLength;     CHAR  saveChar;     //     // Scan through the process filters     //     filterStart = FilterString;     while( *filterStart ) {         filterLength = 0;         while( filterStart[filterLength] &&                filterStart[filterLength] != ';' ) {             filterLength++;         }         //         // Ignore zero-length components         //         if( filterLength ) {             //             // Conservatively allocate so that we can prepend and append             // wildcards             //             FilterArray[ *NumFilters ] =                 HeapAllocate( filterLength + 1 + 2* sizeof('*'), 0 );             if( FilterArray[ *NumFilters ]) {                 saveChar = *(filterStart + filterLength );                 *(filterStart + filterLength) = 0;                 sprintf( FilterArray[ *NumFilters ], "%s%s%s",                          *filterStart == '*' ? "" : "*",                          filterStart,                          *(filterStart + filterLength - 1 ) == '*' ? "" : "*" );                 *(filterStart + filterLength) = saveChar;                 (*NumFilters)++;             }         }             //         // Are we done?         //         if( !filterStart[filterLength] ) break;         //         // Move to the next component (skip over ';')         //         filterStart += filterLength + 1;     } } //---------------------------------------------------------------------- // // FilemonUpdateFilters // // Takes a new filter specification and updates the filter // arrays with them. // //---------------------------------------------------------------------- VOID FilemonUpdateFilters(     VOID     ) {     //     // Free old filters (if any)     //     Wait_Semaphore( FilterMutex, BLOCK_SVC_INTS );     FilemonFreeFilters();     //     // Create new filter arrays     //     MakeFilterArray( FilterDef.includefilter,                      IncludeFilters, &NumIncludeFilters );     MakeFilterArray( FilterDef.excludefilter,                      ExcludeFilters, &NumExcludeFilters );     Signal_Semaphore( FilterMutex ); } //---------------------------------------------------------------------- // // wstrlen // // Determine the length of a wide-character string. // //---------------------------------------------------------------------- int wstrlen(     unsigned short *unistring     ) {     int i = 0;     int len = 0;       while( unistring[i++] != 0 ) len+=2;     return len; } //---------------------------------------------------------------------- // // FilmonGetProcess // // Retrieves the process name. // //---------------------------------------------------------------------- PCHAR FilemonGetProcess(     PCHAR ProcessName     ) {     PVOID       CurProc;     PVOID       ring3proc;     char        *name;     ULONG       i;     //     // Get the ring0 process pointer.     //     CurProc = VWIN32_GetCurrentProcessHandle();       //     // Now, map the ring3 PCB     //     ring3proc = (PVOID) SelectorMapFlat( Get_Sys_VM_Handle(),                                          (DWORD) (*(PDWORD) ((char *) CurProc + 0x38)) | 0x7, 0 );     if( ring3proc == (PVOID) -1 ) {         strcpy( ProcessName, "???");     } else {         //         // copy out the process name (max 8 characters)         //         name = ((char *)ring3proc) + 0xF2;         if( name[0] >= 'A' && name[0] < 'z' ) {             strcpy( ProcessName, name );             ProcessName[8] = 0;         } else {             strcpy( ProcessName, "???" );         }     }     return ProcessName; } //---------------------------------------------------------------------- // // ApplyFilters // // If the name matches the exclusion mask, we do not log it. Else if // it doesn't match the inclusion mask we do not log it. // //---------------------------------------------------------------------- BOOLEAN ApplyFilters(     PCHAR Text     ) {     ULONG    i;     //       // If it matches the exclusion string, do not log it     //     Wait_Semaphore( FilterMutex, BLOCK_SVC_INTS );     for( i = 0; i < NumExcludeFilters; i++ ) {         if( MatchWithPattern( ExcludeFilters, Text ) ) {             Signal_Semaphore( FilterMutex );             return FALSE;         }     }       //     // If it matches an include filter then log it     //     for( i = 0; i < NumIncludeFilters; i++ ) {         if( MatchWithPattern( IncludeFilters, Text )) {             Signal_Semaphore( FilterMutex );             return TRUE;         }     }     //     // It didn't match any include filters so don't log     //     Signal_Semaphore( FilterMutex );     return FALSE; } //---------------------------------------------------------------------- //                 P A T H   P A R S I N G //---------------------------------------------------------------------- //---------------------------------------------------------------------- // // FilemonConvertUnparsedPath // // Converts an unparsed unicode path to ANSI. This is only used for // UNC paths except for the special cases of renames and findopens. // //---------------------------------------------------------------------- VOID FilemonConvertUnparsedPath(     pioreq pir,     PCHAR fullpathname     ) {     _QWORD  result;     UniToBCS( fullpathname, pir->ir_upath, wstrlen( pir->ir_upath ),               MAXPATHLEN, BCS_WANSI, &result );     fullpathname[ result.ddLower ] = 0; } //---------------------------------------------------------------------- // // FilemonConvertParsedPath // // Converts a parsed unicode path to ANSI. // //---------------------------------------------------------------------- VOID FilemonConvertParsedPath(     int drive,     path_t ppath,     int codepage,     PCHAR fullpathname     ) {     int  i = 0;     _QWORD  result;     if( drive != 0xFF ) {         //         // Its a volume-based path         //         fullpathname[0] = drive+'A'-1;         fullpathname[1] = ':';         i = 2;     }     fullpathname = 0;     UniToBCSPath( &fullpathname, ppath->pp_elements,                   MAXPATHLEN-1, codepage, &result );     fullpathname[ i + result.ddLower ] = 0; } //---------------------------------------------------------------------- // // FilemonConvertMixedPath // // This converts a mix of unparsed and parsed paths to ANSI. The // unparsed path is used for server/share, whereas the parsed // path is used for the directory/file. Only UNC rename and findopen // use this. // //---------------------------------------------------------------------- VOID FilemonConvertMixedPath(     pioreq pir,     path_t ppath,     int codepage,     PCHAR fullpathname     ) {     int     i, slashes;     _QWORD  result;     UniToBCS( fullpathname, pir->ir_upath, wstrlen( pir->ir_upath ), MAXPATHLEN-1,               codepage, &result );     fullpathname[ result.ddLower ] = 0;     slashes = 0;     for( i = 0; i < result.ddLower; i++ ) {                     //         // We find the 4th slash: //Server/share/...         //         if( fullpathname == '//' && ++slashes == 4 ) break;     }     if( slashes == 4 ) {         FilemonConvertParsedPath( 0xFF, ppath, codepage, &fullpathname);     } } //---------------------------------------------------------------------- // // FilemonConvertPath // // Converts a unicode path name to ANSI. // //---------------------------------------------------------------------- PCHAR FilemonConvertPath(     CONVERT_TYPE converttype,     int drive,     pioreq pir,     int codepage,     PCHAR fullpathname     ) {     if( drive != 0xFF ) {         //         // Its a volume-based path         //         switch( converttype ) {         case CONVERT_RENAME_TARGET:             FilemonConvertParsedPath( drive, pir->ir_ppath2, codepage, fullpathname );             break;         default:             FilemonConvertParsedPath( drive, pir->ir_ppath, codepage, fullpathname );             break;         }     } else {                 //         // Its a UNC path. The parsed path doesn't include the         // server/share, so we get that from the unparsed path.         //         switch( converttype ) {         case CONVERT_STANDARD:             FilemonConvertUnparsedPath( pir, fullpathname );             break;         case CONVERT_FINDOPEN:         case CONVERT_RENAME_SOURCE:             FilemonConvertMixedPath( pir, pir->ir_ppath, codepage, fullpathname );             break;         case CONVERT_RENAME_TARGET:             FilemonConvertMixedPath( pir, pir->ir_ppath2, codepage, fullpathname );             break;         }     }     return fullpathname; } //---------------------------------------------------------------------- // // FilemonGetFullPath // // Returns the full pathname of a file, if we can obtain one, else // returns a handle. // //---------------------------------------------------------------------- PCHAR FilemonGetFullPath(       fh_t filenumber,     PCHAR fullname,     int Drive,     int ResType,     int CodePage,     pioreq pir     ) {     PHASH_ENTRY hashEntry;     pIFSFunc        enumFunc;     ifsreq          ifsr;     path_t          uniFullName;     int             retval;     //     // See if we find the key in the hash table.     //     Wait_Semaphore( HashMutex, BLOCK_SVC_INTS );     hashEntry = HashTable[ HASHOBJECT( filenumber ) ];     while( hashEntry &&            hashEntry->filenumber != filenumber &&            hashEntry->drive != (Drive & 0xFF)) {         hashEntry = hashEntry->Next;     }     Signal_Semaphore( HashMutex );     fullname[0] = 0;     if( hashEntry ) {         strcpy( fullname, hashEntry->FullName );     } else {         //         // File name isn't in the table, so ask the         // underlying file system         //         sprintf( fullname, "0x%X", filenumber );         uniFullName = IFSMgr_GetHeap( MAXPATHLEN * sizeof(WCHAR) + sizeof( path_t));         if( uniFullName ) {                         //             // Send a query file name request             //             memcpy( &ifsr, pir, sizeof( ifsreq ));             ifsr.ifsir.ir_flags = ENUMH_GETFILENAME;             ifsr.ifsir.ir_ppath = uniFullName;             enumFunc = ifsr.ifs_hndl->hf_misc->hm_func[HM_ENUMHANDLE];             retval = (*PrevIFSHookProc)(enumFunc, IFSFN_ENUMHANDLE,                                         Drive, ResType, CodePage,                                         (pioreq) &ifsr);             if( retval == ERROR_SUCCESS ) {                                 FilemonConvertParsedPath( Drive, uniFullName, CodePage, fullname );                 FilemonLogHash( Drive, filenumber, fullname );             }             IFSMgr_RetHeap( (void *) uniFullName );         }     }     return fullname; } //---------------------------------------------------------------------- //                     H O O K   R O U T I N E //---------------------------------------------------------------------- //---------------------------------------------------------------------- // // FilemonHookProc // // All (most) IFS functions come through this routine for us to look // at. // //---------------------------------------------------------------------- #pragma optimize("", off) int _cdecl FilemonHookProc(     pIFSFunc pfn,     int fn,     int Drive,     int ResType,     int CodePage,     pioreq pir     ) {     int                retval;     char               fullpathname[MAXPATHLEN];     char               processname[64];     char               data[MAXPATHLEN];     char               drivestring[4];     ifsreq             origifsr;     pioreq             origir;     _WIN32_FIND_DATA   *finddata;     struct srch_entry  *search;     BOOLEAN            log;     _QWORD             result;     DWORD              timelo, timehi;     DWORD              timelo1, timehi1;     DWORD              dostime, dosdate;     DWORD              datetimelo, datetimehi;     int                i, j;     //     // Inititlize default data.     //     data[0] = 0;     //     // Save original iorequest because some entries get modified.     //     origir = (pioreq) &origifsr;     memcpy( &origifsr, pir, sizeof( ifsreq ));     //     // Get the current process name.     //     FilemonGetProcess( processname );     //     // Get the time     //     VTD_Get_Real_Time( &timehi, &timelo );     datetimehi = IFSMgr_Get_DOSTime( &datetimelo );     dostime = VTD_Get_Date_And_Time( &dosdate );     datetimelo = dostime - ((datetimehi >> 11)& 0x1F)*60*60*1000 -             ((datetimehi >> 5) & 0x3F)*60*1000 -             ((datetimehi & 0x1F)*2000);     //     // Special case for close call, since after the file's closed     // we can't query its name     //     if( fn == IFSFN_CLOSE ) {         FilemonGetFullPath( origir->ir_fh, fullpathname, Drive, ResType, CodePage, origir );     }     //     // Call the previous hooker first, to get the return code.     //     retval = (*PrevIFSHookProc)(pfn, fn, Drive, ResType, CodePage, pir);     //     // Now extract parameters based on the function type.     //     dprintf("%d: %d/n", fn, pir->ir_fh );     switch( fn ) {     case IFSFN_OPEN:         FilemonConvertPath( CONVERT_STANDARD, Drive, origir, CodePage, fullpathname );         TIME_DIFF();         sprintf(data,"");         if( origir->ir_options & ACTION_CREATENEW ) strcat(data,"CREATENEW ");         if( origir->ir_options & ACTION_OPENEXISTING ) strcat(data,"OPENEXISTING ");         if( origir->ir_options & ACTION_REPLACEEXISTING ) strcat(data,"REPLACEEXISTING ");         switch (origir->ir_flags & ACCESS_MODE_MASK) {         case ACCESS_READONLY:             strcat(data,"READONLY ");             break;         case ACCESS_WRITEONLY:             strcat(data,"WRITEONLY ");             break;         case ACCESS_READWRITE:             strcat(data,"READWRITE ");             break;         case ACCESS_EXECUTE:             strcat(data,"EXECUTE ");             break;         default:             break;         }         switch (origir->ir_flags & SHARE_MODE_MASK) {         case SHARE_COMPATIBILITY:             strcat(data,"COMPATIBILITY ");             break;         case SHARE_DENYREADWRITE:             strcat(data,"DENYREADWRITE ");             break;         case SHARE_DENYWRITE:             strcat(data,"DENYWRITE ");             break;         case SHARE_DENYREAD:             strcat(data,"DENYREAD ");             break;         case SHARE_DENYNONE:             strcat(data,"DENYNONE ");             break;         default:             break;         }         LogRecord( timelo, datetimelo, datetimehi, "%s/tOpen/t%s/t%s/t%s",                    processname, fullpathname,                    data, ErrorString( retval ));         FilemonLogHash( Drive, pir->ir_fh, fullpathname );         break;     case IFSFN_READ:     case IFSFN_WRITE:         FilemonGetFullPath( origir->ir_fh, fullpathname, Drive, ResType, CodePage, origir );         if( ((fn == IFSFN_READ && FilterDef.logreads ) ||              (fn == IFSFN_WRITE && FilterDef.logwrites )) ) {             TIME_DIFF();             sprintf( data, "Offset: %ld Length: %ld", origir->ir_pos, origir->ir_length );             LogRecord( timelo, datetimelo, datetimehi, "%s/t%s/t%s/t%s/t%s",                        processname, fn == IFSFN_READ? "Read" : "Write",                        fullpathname,                        data, ErrorString( retval ));         }         break;     case IFSFN_CLOSE:         if( FilterDef.logreads ) {             TIME_DIFF();             switch( origir->ir_flags ) {             case CLOSE_HANDLE:      sprintf(data, "CLOSE_HANDLE");      break;             case CLOSE_FOR_PROCESS: sprintf(data, "CLOSE_FOR_PROCESS"); break;             case CLOSE_FINAL:       sprintf(data, "CLOSE_FINAL");       break;             default: sprintf(data,"0x%02X",origir->ir_flags);            break;             }             LogRecord( timelo, datetimelo, datetimehi, "%s/tClose/t%s/t%s/t%s", processname,                        fullpathname, data, ErrorString( retval ));         }         if( origir->ir_flags == CLOSE_FINAL ) FilemonFreeHashEntry( Drive, origir->ir_fh);         break;     case IFSFN_DIR:         //         // This works around a special case I've seen when hiting the "browse" button in the         // "have disk" dialog of the hardware wizard         //         if( origir->ir_flags != 0xFF ) {             FilemonConvertPath( CONVERT_STANDARD, Drive, origir, CodePage, fullpathname );         } else {             sprintf( fullpathname, "%c:", Drive+'A'-1);         }         TIME_DIFF();         log = FALSE;         switch( origir->ir_flags ) {         case CREATE_DIR:             sprintf(data, "CREATE");             if( FilterDef.logwrites ) log = TRUE;             break;         case DELETE_DIR:             sprintf(data,"DELETE");             if( FilterDef.logwrites ) log = TRUE;             break;         case CHECK_DIR:             sprintf(data,"CHECK");             if( FilterDef.logreads ) log = TRUE;             break;         default:             sprintf(data,"QUERY");             if( FilterDef.logreads ) log = TRUE;             break;         }         if( log ) {             LogRecord( timelo, datetimelo, datetimehi, "%s/tDirectory/t%s/t%s/t%s",                        processname,                        fullpathname,                        data, ErrorString( retval ));         }         break;     case IFSFN_SEEK:         FilemonGetFullPath( origir->ir_fh, fullpathname, Drive, ResType, CodePage, origir );         if( FilterDef.logreads) {             TIME_DIFF();             sprintf(data, "%s Offset: %ld / New offset: %ld",                     origir->ir_flags == FILE_BEGIN ? "Beginning" : "End",                     origir->ir_pos, origir->ir_pos );                     LogRecord( timelo, datetimelo, datetimehi, "%s/tSeek/t%s/t%s/t%s",                        processname, fullpathname,                        data, ErrorString( retval ));         }         break;     case IFSFN_COMMIT:         FilemonGetFullPath( origir->ir_fh, fullpathname, Drive, ResType, CodePage, origir );         if( FilterDef.logwrites) {             TIME_DIFF();             sprintf(data, "%s", origir->ir_options == FILE_COMMIT_ASYNC ?                     "ASYNC" : "NOACCESSUPDATE" );             LogRecord( timelo, datetimelo, datetimehi, "%s/tCommit/t%s/t%s/t%s",                        processname, fullpathname,                        data, ErrorString( retval ));         }         break;     case IFSFN_FILELOCKS:         FilemonGetFullPath( origir->ir_fh, fullpathname, Drive, ResType, CodePage, origir );         if( FilterDef.logreads) {             TIME_DIFF();             sprintf(data, "Offset: %ld Length:%ld", origir->ir_pos, origir->ir_locklen );             LogRecord( timelo, datetimelo, datetimehi, "%s/t%s/t%s/t%s/t%s",                        processname, origir->ir_flags == LOCK_REGION ? "Lock" : "Unlock",                        fullpathname,                        data, ErrorString( retval ));         }         break;     case IFSFN_FINDOPEN:         if( FilterDef.logreads) {             FilemonConvertPath( CONVERT_FINDOPEN, Drive, origir, CodePage, fullpathname );             TIME_DIFF();             if( !retval ) {                 finddata = (_WIN32_FIND_DATA *) origir->ir_data;                 UniToBCS( data, finddata->cFileName, wstrlen(finddata->cFileName), MAXPATHLEN-1, BCS_WANSI, &result );                 data[ result.ddLower ] = 0;             }             LogRecord( timelo, datetimelo, datetimehi, "%s/tFindOpen/t%s/t%s/t%s",                        processname, fullpathname,                        data, ErrorString( retval ));         }         FilemonLogHash( Drive, pir->ir_fh, fullpathname );         break;     case IFSFN_FINDNEXT:         FilemonGetFullPath( origir->ir_fh, fullpathname, Drive, ResType, CodePage, origir );         if( FilterDef.logreads) {             TIME_DIFF();             if( !retval ) {                 finddata = (_WIN32_FIND_DATA *) origir->ir_data;                 UniToBCS( data, finddata->cFileName, wstrlen(finddata->cFileName), MAXPATHLEN-1, BCS_WANSI, &result );                 data[ result.ddLower ] = 0;             }             LogRecord( timelo, datetimelo, datetimehi, "%s/tFindNext/t%s/t%s/t%s",                        processname, fullpathname,                        data, ErrorString( retval ));         }         break;     case IFSFN_FINDCLOSE:         FilemonGetFullPath( origir->ir_fh, fullpathname, Drive, ResType, CodePage, origir );         if( FilterDef.logreads) {             TIME_DIFF();             LogRecord( timelo, datetimelo, datetimehi, "%s/tFindClose/t%s/t/t%s",                        processname, fullpathname,                        ErrorString( retval ));         }         FilemonFreeHashEntry( Drive, origir->ir_fh );         break;     case IFSFN_FILEATTRIB:         if( FilterDef.logreads) {                 FilemonConvertPath( CONVERT_STANDARD, Drive, origir, CodePage, fullpathname );             TIME_DIFF();             switch(origir->ir_flags ) {             case GET_ATTRIBUTES:                 sprintf(data,"GetAttributes");                 break;             case SET_ATTRIBUTES:                 sprintf(data, "SetAttributes" );                 break;             case GET_ATTRIB_COMP_FILESIZE:                 sprintf(data, "GET_ATTRIB_COMP_FILESIZE" );                 break;             case SET_ATTRIB_MODIFY_DATETIME:                 sprintf(data, "SET_ATTRIB_MODIFY_DATETIME");                 break;             case SET_ATTRIB_LAST_ACCESS_DATETIME:                 sprintf(data, "SET_ATTRIB_LAST_ACCESS_DATETIME");                 break;             case GET_ATTRIB_LAST_ACCESS_DATETIME:                 sprintf(data, "GET_ATTRIB_LAST_ACCESS_DATETIME");                 break;             case SET_ATTRIB_CREATION_DATETIME:                 sprintf(data, "SET_ATTRIB_CREATION_DATETIME");                 break;             case GET_ATTRIB_CREATION_DATETIME:                 sprintf(data, "GET_ATTRIB_CREATION_DATETIME");                 break;             }             LogRecord( timelo, datetimelo, datetimehi, "%s/tAttributes/t%s/t%s/t%s",                        processname, fullpathname,                        data, ErrorString( retval ));         }         break;     case IFSFN_FILETIMES:         FilemonGetFullPath( origir->ir_fh, fullpathname, Drive, ResType, CodePage, origir );         if( FilterDef.logreads) {             TIME_DIFF();             switch( origir->ir_flags ) {             case GET_MODIFY_DATETIME:                 sprintf(data, "Get Modify");                 break;             case SET_MODIFY_DATETIME:                 sprintf(data, "Set Modify");                 break;             case GET_LAST_ACCESS_DATETIME:                 sprintf(data, "Get Access");                 break;             case SET_LAST_ACCESS_DATETIME:                 sprintf(data, "Set Access");                 break;             case GET_CREATION_DATETIME:                 sprintf(data, "Get Creation");                 break;             case SET_CREATION_DATETIME:                 sprintf(data, "Set Creation");                 break;             }             LogRecord( timelo, datetimelo, datetimehi, "%s/tAttributes/t%s/t%s/t%s",                        processname, fullpathname,                        data, ErrorString( retval ));         }         break;     case IFSFN_FLUSH:         if( FilterDef.logwrites) {             TIME_DIFF();             LogRecord( timelo, datetimelo, datetimehi, "%s/tFlushVolume/t/t/t%s",                        processname, ErrorString( retval ));         }         break;     case IFSFN_DELETE:         if( FilterDef.logwrites) {                 FilemonConvertPath( CONVERT_STANDARD, Drive, origir, CodePage, fullpathname );             TIME_DIFF();             LogRecord( timelo, datetimelo, datetimehi, "%s/tDelete/t%s/t/t%s",                        processname, fullpathname, ErrorString( retval ));         }         FilemonFreeHashEntry( Drive, origir->ir_fh );         break;     case IFSFN_SEARCH:         if( FilterDef.logreads ) {             if( origir->ir_flags == SEARCH_FIRST )                 FilemonConvertPath( CONVERT_STANDARD, Drive, origir, CodePage, fullpathname );             else                 sprintf(fullpathname, "SearchNext" );             TIME_DIFF();             if( !retval ) {                 j = 0;                 if( origir->ir_attr & FILE_ATTRIBUTE_LABEL ) {                     sprintf(data, "VolumeLabel: " );                     j = strlen( data );                 }                 search = (struct srch_entry *) origir->ir_data;                 for( i = 0; i < 13; i++ )                     if( search->se_name != ' ' ) data[j++] = search->se_name;                 data[j] = 0;             }             LogRecord( timelo, datetimelo, datetimehi, "%s/tSearch/t%s/t%s/t%s",                        processname, fullpathname, data, ErrorString( retval ));             }         break;         case IFSFN_GETDISKINFO:         if( FilterDef.logreads ) {             TIME_DIFF();             if( !retval ) sprintf(data, "Free Space");             drivestring[0] = Drive+'A'-1;             drivestring[1] = ':';             drivestring[2] = 0;             LogRecord( timelo, datetimelo, datetimehi, "%s/tGetDiskInfo/t%s/t%s/t%s",                        processname, drivestring, data, ErrorString( retval ));         }         break;     case IFSFN_RENAME:         if( FilterDef.logwrites) {                       FilemonConvertPath( CONVERT_RENAME_SOURCE, Drive, origir, CodePage, fullpathname );             TIME_DIFF();             LogRecord( timelo, datetimelo, datetimehi, "%s/tRename/t%s/t%s/t%s",                        processname, fullpathname,                        FilemonConvertPath( CONVERT_RENAME_TARGET, Drive, origir, CodePage, data ),                        ErrorString( retval ));         }         break;     case IFSFN_IOCTL16DRIVE:         if( FilterDef.logreads || FilterDef.logwrites) {             TIME_DIFF();             sprintf(data, "Subfunction: %02Xh", origir->ir_flags );             drivestring[0] = Drive+'A'-1;             drivestring[1] = ':';             drivestring[2] = 0;             LogRecord( timelo, datetimelo, datetimehi, "%s/tIoctl/t%s/t%s/t%s",                        processname, drivestring, data, ErrorString( retval ));         }         break;     }     dprintf("==>%d/n", fn );     return retval; } #pragma optimize("", on) //---------------------------------------------------------------------- // // OnSysDynamicDeviceInit // // Dynamic init. Install a file system filter hook. // //---------------------------------------------------------------------- BOOL OnSysDynamicDeviceInit(     VOID     ) {     int i;     MEMHANDLE hLog;     //     // Initialize the locks.     //     LogMutex = Create_Semaphore(1);     HashMutex  = Create_Semaphore(1);     FilterMutex  = Create_Semaphore(1);     //     // Zero hash table.     //     for(i = 0; i < NUMHASH; i++ ) HashTable = NULL;     //     // Allocate the initial output buffer.     //     PageAllocate(LOGBUFPAGES, PG_SYS, 0, 0, 0, 0, NULL, PAGELOCKED,                  (PMEMHANDLE) &hLog, (PVOID) &Log );     Log->Handle = hLog;     Log->Len = 0;     Log->Next = NULL;     NumLog = 1;     //     // Hook IFS functions.     //     PrevIFSHookProc = IFSMgr_InstallFileSystemApiHook(FilemonHookProc);     return TRUE; } //---------------------------------------------------------------------- // // OnSysDynamicDeviceExit // // Dynamic exit. Unhook everything. // //---------------------------------------------------------------------- BOOL OnSysDynamicDeviceExit(     VOID     ) {     //     // Unhook IFS functions.     //     IFSMgr_RemoveFileSystemApiHook(FilemonHookProc);     //     // Free all memory.     //     FilemonHashCleanup();     FilemonFreeLog();     FilemonFreeFilters();     return TRUE; } //---------------------------------------------------------------------- // // OnW32Deviceiocontrol // // Interface with the GUI. // //---------------------------------------------------------------------- DWORD OnW32Deviceiocontrol(     PIOCTLPARAMS p     ) {     PLOG_BUF      old;     switch( p->dioc_IOCtlCode ) {     case 0:         return ERROR_SUCCESS;     case IOCTL_FILEMON_ZEROSTATS:         Wait_Semaphore( LogMutex, BLOCK_SVC_INTS );         while ( Log->Next )  {               //             // Release the next entry.             //             old = Log->Next;             Log->Next = old->Next;             Signal_Semaphore( LogMutex );             PageFree( old->Handle, 0 );             Wait_Semaphore( LogMutex, BLOCK_SVC_INTS );             NumLog--;         }         Log->Len = 0;         Signal_Semaphore( LogMutex );         Sequence = 0;         return ERROR_SUCCESS;     case IOCTL_FILEMON_GETSTATS:         //         // Copy buffer into user space.         Wait_Semaphore( LogMutex, BLOCK_SVC_INTS );         if ( LOGBUFSIZE > p->dioc_cbOutBuf ) {             //             // Buffer is too small. Return error.             //             Signal_Semaphore( LogMutex );             return ERROR_INSUFFICIENT_BUFFER;         } else if ( Log->Len  ||  Log->Next ) {             //             // Switch to a new buffer.             //             FilemonNewLog();             //             // Fetch the oldest buffer to give to caller.             //             old = FilemonOldestLog();             Signal_Semaphore( LogMutex );             //             // Copy it into the caller's buffer.             //             memcpy( p->dioc_OutBuf, old->Data, old->Len );             //             // Return length of copied info.             //             *p->dioc_bytesret = old->Len;             //               // Deallocate the buffer.             //             PageFree( old->Handle, 0 );         } else {             //             // There is no unread data.             //             Signal_Semaphore( LogMutex );             *p->dioc_bytesret = 0;         }         return ERROR_SUCCESS;     case IOCTL_FILEMON_STOPFILTER:         FilterOn = FALSE;         return ERROR_SUCCESS;     case IOCTL_FILEMON_STARTFILTER:         FilterOn = TRUE;         return ERROR_SUCCESS;     case IOCTL_FILEMON_SETFILTER:         FilterDef = * (PFILTER) p->dioc_InBuf;         FilemonUpdateFilters();         return ERROR_SUCCESS;     default:         return ERROR_INVALID_FUNCTION;     } }

lmcz716 · 2003-02-21

anson · 2003-02-21

VxD 好象在win2K不能运行

tang12345 · 2003-02-21

可以用WIN的外壳编程的方法实现 同时你可以在网上找一个用驱动写的文件保护工具，就上面那个VXD的驱动一起的，有个用于 2000的驱动。

SEVN · 2003-02-22

定个邮件，不求分。

anson · 2003-02-22

我在"delphi5开发人员指南中"找到用WIN的外壳编程,不过只能保护文件夹不能保护文件.如下代码有谁帮我将它改成可以保护文件 **************************************** 1.扩展windows外壳（例子如下） 2.参考一下屏蔽广告软件的源码（我一起有一个，不知道放哪里了） （转） 例子 利用Windows外壳扩展保护文件夹 在Win32操作系统（包括Win9X、Windows NT、Windows 2000）不但有方便的图形用户（GUI）界面，微软还为windows用户界面保留了强大的可扩充性。其中对于Windows界面的操作环境（这里称为外壳Shell），微软提供了一种称为外壳扩展（Shell Extensions）的功能来实现文件系统操作的可编程性。如果你的机器中安装了Word 7.0以上的版本，当你鼠标右键单击一个DOC文件，在弹出菜单中选“属性”项，在属性页中不仅显示显示文件的大小、建立日期等信息，同时还增加了Doc文档的摘要、统计等信息；又例如安装了winZip 6.0以上版本后，当选中一个或多个文件或文件夹后在单击鼠标右键，在弹出的右键菜单中就增加了“Add To Zip”等一个zip文件压缩选项。上面的这些功能都是通过Windows外壳扩展来实现的。 Windows外壳扩展是这样实现的。首先要编写外壳扩展程序，一个外壳扩展程序是基于COM(Component Object Model)组件模型的。外壳是通过接口(Interface)来访问对象的。外壳扩展被设计成32位的进程中服务器程序，并且都是以动态链接库的形式为操作系统提供服务的。 写好外壳扩展程序后，必须将它们注册才能生效。所有的外壳扩展都必须在Windows注册表的HKEY_CLASSES_ROOT/CLSID键之下进行注册。在该键下面可以找到许多名字像{ACDE002F-0000-0000-C000-000000000046}的键，这类键就是全局唯一类标识符。每一个外壳扩展都必须有一个全局唯一类标识符，Windows正是通过此唯一类标识符来找到外壳扩展处理程序的。在类标识符之下的InProcServer32子键下记录着外壳扩展动态链接库在系统中的位置。   Windows系统支持以下7类的外壳扩展功能： (1)Context menu handlers向特定类型的文件对象增添上下文相关菜单； (2)Drag-and-drop handlers用来支持当用户对某种类型的文件对象进行拖放操作时的OLE数据传输； (3)Icon handlers用来向某个文件对象提供一个特有的图标，也可以给某一类文件对象指定图标； (4)Property sheet handlers给文件对象增添属性页，属性页可以为同一类文件对象所共有，也可以给一个文件对象指定特有的属性页； (5)Copy-hook handlers在文件夹对象或者打印机对象被拷贝、移动、删除和重命名时，就会被系统调用，通过为Windows增加Copy-hook handlers，可以允许或者禁止其中的某些操作； (6)Drop target handlers在一个对象被拖放到另一个对象上时，就会被系统被调用； (7)Data object handlers在文件被拖放、拷贝或者粘贴时，就会被系统被调用。 本文介绍的文件夹保护功能就是通过上面的第5类，既Copy-hook handlers来实现的。一个支持Copy-hook handlers的程序除了上面提到的要在注册表的HKEY_CLASSES_ROOT/CLSID下注册之外，还需要在HKEY_CLASSES_ROOT/Directory/shellex/CopyHookHandlers/下注册服务器程序的类。 由于Windows外壳服务器程序是基于COM组件模型的，所以编写外壳程序就是构造一个COM对象的过程，由于Delphi4.0以上的版本支持Windows外壳扩展和COM组件模型，所以可以利用Delphi来编写外壳扩展程序。 利用Delphi编写Copy-hook handle需要实现ICopyHook接口。ICopyHook是一个十分简单的接口，要实现的只有CopyCallBack方法。ICopyHook的CopyCallBack方法的定义如下： UINT CopyCallback(   HWND hwnd, file://Handle of the parent window for displaying UI objects   UINT wFunc, file://Operation to perform.   UINT wFlags, file://Flags that control the operation   LPCSTR pszSrcFile, file://Pointer to the source file   DWORD dwSrcAttribs, file://Source file attributes   LPCSTR pszDestFile, file://Pointer to the destination file   DWORD dwDestAttribs file://Destination file attributes   ); 其中的参数hwnd是一个窗口句柄，Copy-hook handle以此为父窗口。参数wFunc指定要被执行的操作，其取值为下表中所列之一： 常量取值含义 FO_COPY $2 复制由pszSrcFile指定的文件到由pszDestFile指定的位置。 FO_DELETE $3 删除由pszSrcFile指定的文件。 FO_MOVE $1 移动由pszSrcFile指定的文件到由pszDestFile指定的位置。 FO_RENAME $4 重命名由pszSrcFile指定的文件到由pszDestFile指定的文件名。 PO_DELETE $13 删除pszSrcFile指定的打印机。 PO_PORTCHANGE $20 改变打印机端口。PszSrcFile和pszDestFile为两个以Null结尾的字符串，分别指定当前和新的打印机端口名。 PO_RENAME $14 重命名由pszSrcFile指定的打印机端口。 PO_REN_PORT $34 PO_RENAME和PO_PORTCHANGE的组合。    参数wFlags指定操作的标志；参数pszSrcFile和pszDestFile指定源文件夹和目标文件夹。参数dwSrcAttribs和dwDesAttribs指定源文件夹和目标文件夹的属性。函数返回值可以为IDYES、IDNO和IDCANCEL。分别指示Windows外壳允许操作、阻止操作，但是其他操作继续、阻止当前操作，取消为执行的操作。  下面是具体的程序实现：  首先在Delphi的菜单中选 File|New选项，选择其中的DLL图标，按Ok键建立一个DLL工程文件，在其中添加以下代码： library CopyHook;   uses   ComServ,   CopyMain in 'CopyMain.pas';   exports   DllGetClassObject,   DllCanUnloadNow,   DllRegisterServer,   DllUnregisterServer;   {$R *.TLB}   {$R *.RES}   begin end. 将文件保存为 CopyHook.dpr。再在Delphi菜单中选File|New选项，选择其中的Unit图标，按Ok键建立一个Pas文件，在其中加入以下代码： unit CopyMain;   interface   uses Windows, ComObj, ShlObj;   type   TCopyHook = class(TComObject, ICopyHook)   protected   function CopyCallback(Wnd: HWND; wFunc, wFlags: UINT; pszSrcFile: PAnsiChar;   dwSrcAttribs: DWORD; pszDestFile: PAnsiChar; dwDestAttribs: DWORD): UINT; stdcall;   end;     TCopyHookFactory = class(TComObjectFactory)   protected   function GetProgID: string; override;   procedure ApproveShellExtension(Register: Boolean; const ClsID: string);   virtual;   public   procedure UpdateRegistry(Register: Boolean); override;   end;   implementation   uses ComServ, SysUtils, Registry;   { TCopyHook }   file://当Windows外壳程序执行文件夹或者打印机端口操作时，CopyCallBack file://方法就会被调用。 function TCopyHook.CopyCallback(Wnd: HWND; wFunc, wFlags: UINT;   pszSrcFile: PAnsiChar; dwSrcAttribs: DWORD; pszDestFile: PAnsiChar;   dwDestAttribs: DWORD): UINT; const   FO_COPY = 2;   FO_DELETE = 3;   FO_MOVE = 1;   FO_RENAME = 4; var   sOp:string; begin   Case wFunc of   FO_COPY: sOp:=format('你确定要将 %s 拷贝到 %s 吗？',[pszSrcFile,pszDestFile]);   FO_DELETE: sOp:=format('你确定要将 %s 删除吗？',[pszSrcFile]);   FO_MOVE: sOp:=format('你确定要将 %s 转移到 %s 吗？',[pszSrcFile,pszDestFile]);   FO_RENAME: sOp:=format('你确定要将 %s 重命名为 %s 吗？',[pszSrcFile,pszDestFile]);   else   sOp:=format('无法识别的操作代码 %d',[wFlags]);   end;   // 提示，让用户决定是否执行操作   Result := MessageBox(Wnd, PChar(sOp),   '文件挂钩演示', MB_YESNOCANCEL); end;   { TCopyHookFactory }   function TCopyHookFactory.GetProgID: string; begin   Result := ''; end;   procedure TCopyHookFactory.UpdateRegistry(Register: Boolean); var   ClsID: string; begin   ClsID := GUIDToString(ClassID);   inherited UpdateRegistry(Register);   ApproveShellExtension(Register, ClsID);   if Register then   file://将clsid 加入到注册表的CopyHookHandlers中   CreateRegKey('directory/shellex/CopyHookHandlers/' + ClassName, '',   ClsID)   else   DeleteRegKey('directory/shellex/CopyHookHandlers/' + ClassName); end;   procedure TCopyHookFactory.ApproveShellExtension(Register: Boolean;   const ClsID: string); const   SApproveKey = 'SOFTWARE/Microsoft/Windows/CurrentVersion/Shell Extensions/Approved'; begin   with TRegistry.Create do   try   RootKey := HKEY_LOCAL_MACHINE;   if not OpenKey(SApproveKey, True) then Exit;   if Register then WriteString(ClsID, Description)   else DeleteValue(ClsID);   finally   Free;   end; end;   const   CLSID_CopyHook: TGUID = '{66CD5F60-A044-11D0-A9BF-00A024E3867F}';   LIBID_CopyHook: TGUID = '{D2F531A0-0861-11D2-AE5C-74640BC10000}';   initialization   TCopyHookFactory.Create(ComServer, TCopyHook, CLSID_CopyHook,   'CR_CopyHook', '文件操作挂钩演示',ciMultiInstance, tmApartment); end.

netwinds · 2003-02-22

这些什么钩子之类的东东全部没用。我也一直想找一个，但老是找不到。 哪位高高高高手能够实现下面功能才真的好： 1、打开（进入）一个目录之前（windows中可能双击，也可能单击，也可以在DOS下，地址 栏中键入，打开文件对话框中查看进入。。。。。等等），要完全的控制死，任何想进入该 目录的动作之前，都要弹出输入密码进行身份确认。 2、即使被拿到另一台机器当副盘，也要一样进不去。 这在windows2000中怎么也做不到，哪位高手能行，出钱我也肯。

anson · 2003-02-24

有谁会用LockFile和LockFileEX来锁定一个文件

delphi_newuser · 2003-02-24

BOOL LockFile(     HANDLE hFile, // handle of file to lock     DWORD dwFileOffsetLow, // low-order word of lock region offset     DWORD dwFileOffsetHigh, // high-order word of lock region offset       DWORD nNumberOfBytesToLockLow, // low-order word of length to lock     DWORD nNumberOfBytesToLockHigh // high-order word of length to lock   &nbsp

; Parameters hFile Identifies the file with a region to be locked. The file handle must have been created with GENERIC_READ or GENERIC_WRITE access to the file (or both). dwFileOffsetLow Specifies the low-order word of the starting byte offset in the file where the lock should begin. dwFileOffsetHigh Specifies the high-order word of the starting byte offset in the file where the lock should begin. nNumberOfBytesToLockLow Specifies the low-order word of the length of the byte range to be locked. nNumberOfBytesToLockHigh Specifies the high-order word of the length of the byte range to be locked. Return Values If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError. Remarks Locking a region of a file gives the locking process exclusive access to the specified region. File locks are not inherited by processes created by the locking process. Locking a region of a file denies all other processes both read and write access to the specified region. Locking a region that goes beyond the current end-of-file position is not an error. Locks may not overlap an existing locked region of the file. The UnlockFile function unlocks a file region locked by LockFile

薄荷 · 2003-02-24

第二个要求太难实现了吧。 上面所有的都只能在本地机。

abencat · 2003-02-24

你不如换一种思路，这样：先把要监视的目录备份一份，当发现被监视的目录内的内容有变化时，就把备份的给Copy过来覆盖原来的部分。

anson · 2003-07-12

接受答案了.

监控目录(300分)(300分)

anson

Unregistered / Unconfirmed

xzh2000

Unregistered / Unconfirmed

coolbaby

Unregistered / Unconfirmed

anson

Unregistered / Unconfirmed

爱元元的哥哥

Unregistered / Unconfirmed

lmcz716

Unregistered / Unconfirmed

anson

Unregistered / Unconfirmed

tang12345

Unregistered / Unconfirmed

SEVN

Unregistered / Unconfirmed

anson

Unregistered / Unconfirmed

netwinds

Unregistered / Unconfirmed

anson

Unregistered / Unconfirmed

delphi_newuser

Unregistered / Unconfirmed

薄荷

Unregistered / Unconfirmed

abencat

Unregistered / Unconfirmed

anson

Unregistered / Unconfirmed

Similar threads