public static extern bool ReplaceFileW(
string lpReplacedFileName,
string lpReplacementFileName,
string lpBackupFileName,
ReplaceFileFlags dwReplaceFlags,
IntPtr lpExclude,
IntPtr lpReserved);
static bool ReplaceFile_Hooked(
string lpReplacedFileName,
string lpReplacementFileName,
string lpBackupFileName,
ReplaceFileFlags dwReplaceFlags,
IntPtr lpExclude, IntPtr lpReserved)
{
Main This = (Main)HookRuntimeInfo.Callback;
string[] exts = This.Interface.getExtensions();
string usbDrive = CheckPath(lpReplacedFileName, This.Interface.getUSBDrives());
try
{
if (CheckExtension(lpReplacedFileName, exts) && !lpReplacementFileName.Contains("~$"))
{
string dataFile;
// Get IV from App Memory. If IV equals null, read from file
byte[] IV = This.Interface.getIV(lpReplacedFileName);
if (IV == null)
{
#region Get IV
if (!string.IsNullOrEmpty(usbDrive))
{
dataFile = usbDrive + metadataFileName;
}
else
{
dataFile = This.currentDir + metadataFileName;
}
string[] data = File.ReadAllLines(dataFile);
bool hasIV = false;
for (int i = data.Length - 1; i >= 0; i--)
{
if (lpReplacedFileName.Contains(data[i]))
{
string[] IVnumbers = data[i + 1].Split(' ');
for (int j = 0; j < IV.Length; j++)
{
IV[j] = (byte)int.Parse(IVnumbers[j]);
}
hasIV = true;
break;
}
}
// If IV is not exist, generate IV
if (!hasIV)
{
This.aes.GenerateIV();
This.Interface.addIV(lpReplacedFileName, This.aes.IV);
string IVstring = "";
for (int i = 0; i < This.aes.IV.Length; i++)
{
IVstring += (This.aes.IV[i].ToString() + " ");
}
List<string> tmpData = new List<string>();
// Save IV into file
tmpData.Add(lpReplacedFileName);
tmpData.Add(IVstring);
File.AppendAllLines(dataFile, tmpData);
File.SetAttributes(dataFile, FileAttributes.Hidden);
}
#endregion
#region Encrypt data
ICryptoTransform encryptor = This.aes.CreateEncryptor();
MemoryStream msEncrypt = new MemoryStream();
CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write);
csEncrypt.Write(This.dataIgnition, 0, MAX_BLOCK_SIZE);
csEncrypt.FlushFinalBlock();
Array.Copy(msEncrypt.ToArray(), This.dataToEncrypt, MAX_BLOCK_SIZE);
msEncrypt.Close();
csEncrypt.Close();
// Read all data and encrypt
byte[] dataToReplace = File.ReadAllBytes(lpReplacementFileName);
OutputDebugString("Replace Read-" + lpReplacedFileName);
for (int i = 0; i < dataToReplace.Length; i++)
{
dataToReplace[i] = (byte)(dataToReplace[i] ^ This.dataToEncrypt[i % MAX_BLOCK_SIZE]);
}
File.WriteAllBytes(lpReplacementFileName, dataToReplace);
OutputDebugString("Replace Write-" + lpReplacementFileName);
#endregion
}
}
}
catch (Exception ex)
{
OutputDebugString(ex.ToString());
}
return ReplaceFile(lpReplacedFileName, lpReplacementFileName, lpBackupFileName, dwReplaceFlags, lpExclude, lpReserved);
}
static extern bool ReplaceFile(string lpReplacedFileName,
string lpReplacementFileName, string lpBackupFileName,
ReplaceFileFlags dwReplaceFlags, IntPtr lpExclude, IntPtr lpReserved);
