当用户创建挂载点时如何获得通知? [英] How do I get a notification when user creates a mount point?
问题描述
首先,这里是限制条件:
First off, here are the constraints:
- 必须在 XP 上运行
- 必须通知驱动器号分配和将卷安装到文件夹
- 不能唤醒"正在休眠的驱动器.
- 我真的不想轮询驱动器.
我尝试过的:
- 谷歌
- 我查看了 WMI 和 Win32_LogicalDisk 类.我可以确定哪些驱动器安装到驱动器号,但不能确定安装到文件夹的驱动器.Win32_Volume* 和 Win32_MountPoint 类将是完美的,但在 XP 上不可用.
- 我尝试使用 FindFirstVolume & 轮询驱动器GetVolumePathNamesForVolumeName(即使我不想这样做),但似乎必须先启动驱动器才能为我提供信息.再说一次,呃,投票.
我正在考虑使用 API 挂钩来挂钩对 SetVolumeMountPoint 和 DeleteVolumeMountPoint 的调用的可能性,但我认为这不会捕获所有内容,而且无论如何这似乎都是一个丑陋的黑客.
I was considering the possibility of using API hooking to hook calls to SetVolumeMountPoint and DeleteVolumeMountPoint but I don't think that would catch everything and it seems like that might be an ugly hack anyway.
所以,是的,我正在寻找建议:)
So, yea, I'm looking for suggestions :)
推荐答案
SetVolumeMountPoint 上的 API 挂钩应该让您拦截卷安装.不过我不确定网络共享.
API hooking on SetVolumeMountPoint should let you intercept volume mounts. I'm not sure about network shares though.
但这不会是一个丑陋的黑客".您正在尝试做的是 Windows 中内置的挂钩.Codeproject.com 有很棒的 API 挂钩教程:http://www.codeproject.com/KB/system/hooksys.aspx
But it wouldn't be an 'ugly hack'. What you're trying to do is what hooking was built into Windows for. Codeproject.com has great tutorials on API hooking: http://www.codeproject.com/KB/system/hooksys.aspx
所以你实际上陈述了你自己的最佳解决方案.请记住,驱动器号还有一个单独的 API:http://nukz.net/reference/fileio/hh/winbase/fsys_6j8z.htm
So you actually stated your own best solution. Remember, there's also a separate API for drive letters: http://nukz.net/reference/fileio/hh/winbase/fsys_6j8z.htm
你的项目听起来很有趣.通常,特洛伊木马和防病毒软件会尝试执行此操作(它们也会捕获网络共享.)我只是随便熟悉这个主题,所以我希望这会有所帮助.
Your project sounds interesting. Usually, trojans and anti-virus try to do this (and they also catch network shares.) I'm only casually familiar with the topic, so I hope this helps.
这篇关于当用户创建挂载点时如何获得通知?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
