WriteFile hook doesn't catch writing to file operation
Question
I have an app, which writes to files some text data. What I'm trying to do is to hook the writing process. I hooked with MS Detours, CreateFile, WriteFile and WriteFileEx functions. CreateFile catches creation/opening of these text files properly, but WriteFile's hooks doesn't. It catches many other things but not these. Hooks are working properly. I've checked them.
Also Process Monitor shows these writing operations as WriteFile operation (adv names IRP_MJ_WRITE and FASTIO_WRITE), just like when I'm writing something myself (with my operation hook works properly)
What's going on here? Is there any other way to write something to file than WriteFile?
2 answers
solution1
2 2012-06-16 12:41:45
In Windows you can memory map a file using the CreateFileMapping and MapViewOfFile functions after CreateFile has been called. Once this is done, you can use any of the memory functions like memcpy to write to the file. For small text files, Windows does this by default, which is what is probably happening in your case.
solution2
2 2012-06-18 00:50:14
It is not a Microsoft Detours solution but you can try with our Deviare hooking console to see if the functions are called there. It is written in C# and the source code of the console is included in the distribution. It is very easy to port to C++ and you can use it freely (only a splash appears when the Deviare component is loaded). The download is available here http://www.nektra.com/products/deviare-api-hook-windows/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.