First, this is not for a security purpose and it is related to API
hooking.
Is there a specific underlying API that is used to copy files in
Vista/7 for the IFileOperation interface, is is Shell32.dll calling
Ntxxx APIs directly? The reason is we need to distinct a file copy/move
and inform the user he is not allowed to do such operation instead of
simply showing an access denied error. (he cannot read the files anyway)
Please don’t go into discussion on hooking or looking for
alternates.
–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.
> Is there a specific underlying API that is used to copy files in
Vista/7 for the IFileOperation interface, is is Shell32.dll calling
Ntxxx APIs directly?
I guess you will have to WinDbg it. It might be CopyFileW, or
CopyFileWithProgress. However, I bet my 2 salaries that it depends
on exact type of operation and on Windows version as well.
L.
It’s neither of those (nor CopyFileEx/CopyFile2). Hoped someone already did WinDBG it 
Ladislav Zezula wrote:
> Is there a specific underlying API that is used to copy files in
> Vista/7 for the IFileOperation interface, is is Shell32.dll calling
> Ntxxx APIs directly?
I guess you will have to WinDbg it. It might be CopyFileW, or
CopyFileWithProgress. However, I bet my 2 salaries that it depends
on exact type of operation and on Windows version as well.
L.
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.
The Process Monitor is able to show you the stack backtrace. The Windows Debugging tool must be installed on the guest, so you can configure symbols to MS Symbol Server.
Bronislav Gabrhelik
A reverse would be required here.
It does call APIs directly, it doesn’t use a specific API for the copy (checked over the weekend).
xxxxx@xythos.com wrote:
The Process Monitor is able to show you the stack backtrace. The Windows Debugging tool must be installed on the guest, so you can configure symbols to MS Symbol Server.
Bronislav Gabrhelik
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.