copy files on desktop

c++ / delphi package - dll injection and api hooking
Post Reply
NobMiwa
Posts: 7
Joined: Tue Mar 28, 2017 10:00 am

copy files on desktop

Post by NobMiwa »

Hello,

I want to hook "copy" files on desktop by user mouse operation.
I hooked CreateFileW and CopyFileW and copy file on desktop.
But I could not get information.

Could you tell me what API is Explorer using ?

Regards,
Nobuo Miwa
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Re: copy files on desktop

Post by iconic »

Newer shells no longer use shell APIs such as SHFileOperation()-> FO_COPY but instead use the IFileOperation interface based on COM when performing Desktop file actions. You can hook OLE32.dll!CoCreateInstance() and setup interface method hooks on CopyItem and CopyItems. The last parameter of CoCreateInstance() is a returned interface pointer which you can then index into in order to access the method table. CopyItem and CopyItems have the index of 16 and 17 in the method table of function pointers, respectively. MCH can be used for such purposes however it's not as simple as hooking a named export with the likes of HookApi() but still relatively a simple task ;)

--Iconic
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: copy files on desktop

Post by madshi »

Iconic is right, of course, as always.

Here's some more information on how to hook COM object methods:

viewtopic.php?f=7&t=27248
Post Reply