Introduction to pseudo-Hook under. Net

Author: Tr0j4n [http://hi.baidu.com/tr0j4n]

Everyone knows the value of Hook. It can intercept some OS actions and block CreateProcess to make judgments when a process is created. For example, it cannot start or intercept ExitWindowsEx, this will make your system shut down. Some friends may think that the above two sentences are not professional enough. What you may want to say is to intercept CreateProcessInternalA, which is to fundamentally Hook the OS to open the process. (If a friend wants to come up with SSDT and Object, you are welcome to discuss it. It is not in the scope of this article)

The Hook actually relies on injection, which is not so mysterious. The so-called global Hook is just a system that helps you inject the Hook function into all processes. If you want to monitor a folder under C ++ and check whether the file has been modified, what should you do? The so-called "modification" is nothing more than the following four operations:

+ ------ Add
+ ------ Delete
+ ------ Change
+ ------ Rename

If you want to use C ++ to monitor the basics of the system, it is quite difficult. When you want to develop a software program, you cannot learn the Windows Kernel for a few months first. How many months can it be reversed? C #. Net provides us with such a practical function. See the following Code:

Code begin:

Using System;
Using System. IO;

Namespace FileWatcher
{

Public class FileWatcherEventArgs: EventArgs
{
Private string mFileName = "";
Private string mPath = "";
Private string mOldPath = "";
Private string mOldName = "";
Private FileWatcher. fileWatcherChangeType mChangeType;

Public FileWatcherEventArgs (string fileName, string path, string oldPath, string oldName, FileWatcher. fileWatcherChangeType changeType)
{
MFileName = fileName;
MPath = path;
MOldName = oldName;
MOldPath = oldPath;
MChangeType = changeType;
}

Omitting code ...##################

}

Public class FileWatcher
{
# Region enums, constants & fields
Public enum fileWatcherChangeType
{
FileAdded,
FileDeleted,
FileRenamed,
Filechanged
}

Private string mPath = ".";
Private string mFilter = "*.*";
Private FileSystemWatcher mFsw = new FileSystemWatcher ();
Private string mCurrentFileName = "";
Private string mCurrentPath = "";
Private string mCurrentOldPath = "";
Private string mCurrentOldName = "";
Private fileWatcherChangeType mChangeType;
# Endregion

# Region events and delegates
Public delegate void ChangedEventHandler (object sender, FileWatcherEventArgs args );

Public event ChangedEventHandler Changed;
# Endregion

# Region constructors
Public FileWatcher ()
{
CreateFileWatcher ();
}

Public FileWatcher (string path, string filter): this ()
{
MPath = path;
MFilter = filter;
}

Public FileWatcher (string path): this ()
{
MPath = path;
}
# Endregion

# Region Properties

Some codes are omitted .......#####################

# Endregion

# Region public methods
Public void StartWatcher ()
{
MFsw. Path = mPath;
MFsw. Filter = mFilter;
MFsw. EnableRaisingEvents = true;
}

Public void StopWatcher ()
{
MFsw. EnableRaisingEvents = false;
}

# Endregion

# Region file watcher engine

Private void CreateFileWatcher ()
{
MFsw = new FileSystemWatcher (mPath, mFilter );
MFsw. policyfilter = policyfilters. LastWrite |
Policyfilters. DirectoryName | policyfilters. FileName;
MFsw. Changed + = new FileSystemEventHandler (OnChanged );
MFsw. Created + = new FileSystemEventHandler (OnCreated );
MFsw. Deleted + = new FileSystemEventHandler (OnDeleted );
MFsw. Renamed + = new RenamedEventHandler (OnRenamed );
}

Protected virtual void OnChanged (FileWatcherEventArgs e)
{

Changed (this, e );
}
# Endregion

# Region private file-change methods
Private void OnCreated (object source, FileSystemEventArgs args)
{
MCurrentFileName = args. Name;
MCurrentPath = args. FullPath;
MCurrentOldName = "";
MCurrentOldPath = "";
MChangeType = fileWatcherChangeType. fileAdded;
OnChanged (new FileWatcherEventArgs (mCurrentFileName, mCurrentPath, mCurrentOldPath, mCurrentOldName, mChangeType ));
}

Private void OnRenamed (object source, RenamedEventArgs args)
{
MCurrentFileName = args. Name;
MCurrentPath = args. FullPath;
MCurrentOldName = args. OldFullPath;
MCurrentOldPath = args. OldName;
MChangeType = fileWatcherChangeType. fileRenamed;
OnChanged (new FileWatcherEventArgs (mCurrentFileName, mCurrentPath, mCurrentOldPath, mCurrentOldName, mChangeType ));

}

Private void OnDeleted (object source, FileSystemEventArgs args)
{
MCurrentFileName = args. Name;
MCurrentPath = args. FullPath;
MCurrentOldName = "";
MCurrentOldPath = "";
MChangeType = fileWatcherChangeType. fileDeleted;
OnChanged (new FileWatcherEventArgs (mCurrentFileName, mCurrentPath, mCurrentOldPath, mCurrentOldName, mChangeType ));
}

Private void OnChanged (object source, FileSystemEventArgs args)
{
MCurrentFileName = args. Name;
MCurrentPath = args. FullPath;
MCurrentOldName = "";
MCurrentOldPath = "";
MChangeType = fileWatcherChangeType. filechanged;
OnChanged (new FileWatcherEventArgs (mCurrentFileName, mCurrentPath, mCurrentOldPath, mCurrentOldName, mChangeType ));
}

# Endregion
}
}

Code end;

The above code is a namespace of C #, which references the class of FileWatcher. The StartWatcher method and StopWatcher method are provided. These are two public functions, while CreatWatcher is a function that may exist.

Private void OnCreated (object source, FileSystemEventArgs args)

Private void OnRenamed (object source, RenamedEventArgs args)

Private void OnDeleted (object source, FileSystemEventArgs args)

Private void OnChanged (object source, FileSystemEventArgs args)

The preceding four private functions are used to monitor the status of the four actions.

How do you use it? Copy FileWatcher. cs to your project and reference it.

Compile a button to handle events:

Private void button#click (object sender, EventArgs e)
{
FileWatcher. FileWatcher fw = new FileWatcher. FileWatcher (@ "E: est");
Fw. StartWatcher ();
& Nb