从C ++进入Windows File Copy API [英] Hook into the Windows File Copy API from C++

问题描述

我需要钩住copyfile以便在复制恶意文件时停止该过程。我看到猫人会问的一个问题

I need to hook copyfile in order to stop the process whenever a malicious file is being copied. I saw a question asked by Cat Man Do

从C＃进入Windows File Copy API

提到在c ++中有解决此问题的方法。我正在使用embarcadero c ++ builder（non-MFC）。此解决方案是否适用于c ++构建器，如果有人可以发布链接或提示我如何在c ++中挂钩copyfile？

and he mentioned that there is a solution for this problem in c++. I am using embarcadero c++ builder(non-MFC). Is this solution applicable for c++ builder and if it is can anybody post the link or give me a hint on how to hook copyfile in c++?

推荐答案

您是否对停止流程的含义不甚了解-您是否有特定的流程感兴趣，或者是否要阻止整个系统中的所有文件副本。如果要阻止整个系统中的所有文件副本，那么您要查找的是文件系统过滤器驱动程序。这是非常先进的，因为您将要编写内核模式驱动程序。 不是为了胆小者。另请注意，您可能最终会自己被标记为恶意软件，因为恶意软件会尝试钩住文件系统以隐藏自身。

You're not being specific about what you mean by "stop the process" - whether there is a specific process you are interested in, or whether you want to block all file copies throughout the entire system. If you want to block all file copies throughout the system, then what you're looking for is a file system filter driver. This is extremely advanced, since you will be writing a kernel-mode driver. Not for the faint of heart. Note also that you may end up being flagged as malware yourself, since malware will try to hook the file system in order to hide themselves.

这篇关于从C ++进入Windows File Copy API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！