MoveFileExW close Taskbar

LeVuHoang · Post by **LeVuHoang** » Sun May 08, 2005 2:06 pm

hello,
I tried to hook some functions like : CopyFileW, DeleteFileW, MoveFileExW... every function were fine except MoveFileExW.
While I started the Windows Explorer, pressed F2 to change the name and press Enter. The Taskbar closed and would be restarted some seconds.

my MoveFileExW code :

Code: Select all

var
  MoveFileExWNext : function (lpExistingFileName, lpNewFileName: PWideChar; dwFlags: DWORD): BOOL; stdcall;

Code: Select all

function MoveFileExWCallback(lpExistingFileName, lpNewFileName: PWideChar; dwFlags: DWORD): BOOL; stdcall;
begin
  Result :=MoveFileExWNext(lpExistingFileName, lpNewFileName, dwFlags);
  RenewHook(@MoveFileExWNext);
end; { MoveFileExWCallback }

Code: Select all

begin
  HookAPI('kernel32.dll', 'MoveFileExW', @MoveFileExWCallback, @MoveFileExWNext);
end.

why It crashed the Explorer ??? I don't know, but everything like Copy,Delete are ok.

Thank you.

Post by **madshi** » Mon May 09, 2005 7:59 am

Which OS is this? I'll need to test it myself.

LeVuHoang · Post by **LeVuHoang** » Mon May 09, 2005 1:40 pm

My OS : Windows 2003 Server

Post by **madshi** » Mon May 09, 2005 5:32 pm

I've just tried the following hook dll and it works perfectly fine on my XP SP2 PC:

Code: Select all

library HookMoveFileEx;

{$IMAGEBASE $59800000}

uses Windows, madCodeHook;

var MoveFileExWNext : function (lpExistingFileName, lpNewFileName: PWideChar; dwFlags: DWORD): BOOL; stdcall;

function MoveFileExWCallback(lpExistingFileName, lpNewFileName: PWideChar; dwFlags: DWORD): BOOL; stdcall;
begin
  Result := MoveFileExWNext(lpExistingFileName, lpNewFileName, dwFlags);
  RenewHook(@MoveFileExWNext);
end;

begin
  HookAPI('kernel32.dll', 'MoveFileExW', @MoveFileExWCallback, @MoveFileExWNext);
end.

LeVuHoang · Post by **LeVuHoang** » Wed Jun 01, 2005 5:55 pm

My DLL unit is :

Code: Select all

unit File_Unit;

interface
uses
  Windows,
  madCodeHook,
  Common_Unit;

var
  CreateFileWNext : function (lpFileName: PWideChar; dwDesiredAccess, dwShareMode: DWORD; lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD; hTemplateFile: THandle): THandle; stdcall;
  DeleteFileWNext : function (lpFileName: PWideChar): BOOL; stdcall;
  CopyFileWNext   : function (lpExistingFileName, lpNewFileName: PWideChar; bFailIfExists: BOOL): BOOL; stdcall;
  CopyFileExWNext : function (lpExistingFileName, lpNewFileName: PWideChar; lpProgressRoutine: TFNProgressRoutine; lpData: Pointer; pbCancel: PBool; dwCopyFlags: DWORD): BOOL; stdcall;
  MoveFileWNext   : function (lpExistingFileName, lpNewFileName: PWideChar; bFailIfExists: BOOL): BOOL; stdcall;
  MoveFileExWNext : function (lpExistingFileName, lpNewFileName: PWideChar; dwFlags: DWORD): BOOL; stdcall;

  CreateFileMappingWNext : function (hFile: THandle; lpFileMappingAttributes: PSecurityAttributes; flProtect, dwMaximumSizeHigh, dwMaximumSizeLow: DWORD; lpName: PWideChar): THandle; stdcall;
  OpenFileMappingWNext   : function (dwDesiredAccess: DWORD; bInheritHandle: BOOL; lpName: PWideChar): THandle; stdcall;

function CreateFileWCallback(lpFileName: PWideChar; dwDesiredAccess, dwShareMode: DWORD; lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD; hTemplateFile: THandle): THandle; stdcall;
function DeleteFileWCallback(lpFileName: PWideChar): BOOL; stdcall;
function CopyFileWCallback(lpExistingFileName, lpNewFileName: PWideChar; bFailIfExists: BOOL): BOOL; stdcall;
function CopyFileExWCallback(lpExistingFileName, lpNewFileName: PWideChar; lpProgressRoutine: TFNProgressRoutine; lpData: Pointer; pbCancel: PBool; dwCopyFlags: DWORD): BOOL; stdcall;
function MoveFileWCallback(lpExistingFileName, lpNewFileName: PWideChar; bFailIfExists: BOOL): BOOL; stdcall;
function MoveFileExWCallback(lpExistingFileName, lpNewFileName: PWideChar; dwFlags: DWORD): BOOL; stdcall;
function CreateFileMappingWCallback(hFile: THandle; lpFileMappingAttributes: PSecurityAttributes; flProtect, dwMaximumSizeHigh, dwMaximumSizeLow: DWORD; lpName: PWideChar): THandle; stdcall;
function OpenFileMappingWCallback(dwDesiredAccess: DWORD; bInheritHandle: BOOL; lpName: PWideChar): THandle; stdcall;

implementation

function CreateFileWCallback(lpFileName: PWideChar; dwDesiredAccess, dwShareMode: DWORD; lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD; hTemplateFile: THandle): THandle; stdcall;
begin
  Result :=CreateFileWNext(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);

  if not IsAllowed(MsgExecType, 'CreateFileW', lpFileName) then
  begin
    Result :=0;
    SetLastError(ERROR_ACCESS_DENIED);
  end; { if }
end; { CreateFileWCallback }

function DeleteFileWCallback(lpFileName: PWideChar): BOOL; stdcall;
begin
  Result :=DeleteFileWNext(lpFileName);

  if not IsAllowed(MsgExecType, 'DeleteFileW', lpFileName) then
  begin
    Result :=False;
    SetLastError(ERROR_ACCESS_DENIED);
  end; { if }
end; { DeleteFileW }

function CopyFileWCallback(lpExistingFileName, lpNewFileName: PWideChar; bFailIfExists: BOOL): BOOL; stdcall;
var
  St : WideString;
begin
Result :=CopyFileWNext(lpExistingFileName, lpNewFileName, bFailIfExists);

  St :=lpExistingFileName + ' --> ' + lpNewFileName;

  if not IsAllowed(MsgExecType, 'CopyFileW', PWideChar(St)) then
  begin
    Result :=False;
    SetLastError(ERROR_ACCESS_DENIED);
  end;{ if }
end; { CopyFileWCallback }

function CopyFileExWCallback(lpExistingFileName, lpNewFileName: PWideChar; lpProgressRoutine: TFNProgressRoutine; lpData: Pointer; pbCancel: PBool; dwCopyFlags: DWORD): BOOL; stdcall;
var
  St : WideString;
begin
  Result :=CopyFileExWNext(lpExistingFileName, lpNewFileName, lpProgressRoutine, lpData, pbCancel, dwCopyFlags);

  St :=lpExistingFileName + ' --> ' + lpNewFileName;

  if not IsAllowed(MsgExecType, 'CopyFileExW', PWideChar(St)) then
  begin
    Result :=False;
    SetLastError(ERROR_ACCESS_DENIED);
  end;{ if }
end; { CopyFileExWCallback }

function MoveFileWCallback(lpExistingFileName, lpNewFileName: PWideChar; bFailIfExists: BOOL): BOOL; stdcall;
var
  St : WideString;
begin
  Result :=MoveFileWNext(lpExistingFileName, lpNewFileName, bFailIfExists);
  St :=lpExistingFileName + ' --> ' + lpNewFileName;

  if not IsAllowed(MsgExecType, 'MoveFileW', PWideChar(St)) then
  begin
    Result :=False;
    SetLastError(ERROR_ACCESS_DENIED);
  end;{ if }
end; { MoveFileWCallback }

function MoveFileExWCallback(lpExistingFileName, lpNewFileName: PWideChar; dwFlags: DWORD): BOOL; stdcall;
var
  St : WideString;
begin
  Result :=MoveFileExWNext(lpExistingFileName, lpNewFileName, dwFlags);

  St :=lpExistingFileName + ' --> ' + lpNewFileName;

  if not IsAllowed(MsgExecType, 'MoveFileExW', PWideChar(St)) then
  begin
    Result :=False;
    SetLastError(ERROR_ACCESS_DENIED);
  end;{ if }
end; { MoveFileExWCallback }

function CreateFileMappingWCallback(hFile: THandle; lpFileMappingAttributes: PSecurityAttributes; flProtect, dwMaximumSizeHigh, dwMaximumSizeLow: DWORD; lpName: PWideChar): THandle; stdcall;
begin
  Result :=CreateFileMappingWNext(hFile, lpFileMappingAttributes, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, lpName);

  if not IsAllowed(MsgExecType, 'CreateFileMappingW', lpName) then
  begin
    Result :=0;
    SetLastError(ERROR_ACCESS_DENIED);
  end; { if }
end; { CreateFileMappingWCallback }

function OpenFileMappingWCallback(dwDesiredAccess: DWORD; bInheritHandle: BOOL; lpName: PWideChar): THandle; stdcall;
begin
  Result :=OpenFileMappingWNext(dwDesiredAccess, bInheritHandle, lpName);

  if not IsAllowed(MsgExecType, 'OpenFileMappingW', lpName) then
  begin
    Result :=0;
    SetLastError(ERROR_ACCESS_DENIED);
  end;{ if }
end; { OpenFileMappingWCallback }

end.

I have two problems with this :
+ The MoveFile crashed the Explorer
+ If I used Opera to surf any website, It closed automatically.

Post by **madshi** » Wed Jun 01, 2005 6:03 pm

Does the hook dll I posted work for you?