public static extern bool ReplaceFileW( string lpReplacedFileName, string lpReplacementFileName, string lpBackupFileName, ReplaceFileFlags dwReplaceFlags, IntPtr lpExclude, IntPtr lpReserved);
static bool ReplaceFile_Hooked( string lpReplacedFileName, string lpReplacementFileName, string lpBackupFileName, ReplaceFileFlags dwReplaceFlags, IntPtr lpExclude, IntPtr lpReserved) { Main This = (Main)HookRuntimeInfo.Callback; string[] exts = This.Interface.getExtensions(); string usbDrive = CheckPath(lpReplacedFileName, This.Interface.getUSBDrives()); try { if (CheckExtension(lpReplacedFileName, exts) && !lpReplacementFileName.Contains("~$")) { string dataFile; // Get IV from App Memory. If IV equals null, read from file byte[] IV = This.Interface.getIV(lpReplacedFileName); if (IV == null) { #region Get IV if (!string.IsNullOrEmpty(usbDrive)) { dataFile = usbDrive + metadataFileName; } else { dataFile = This.currentDir + metadataFileName; } string[] data = File.ReadAllLines(dataFile); bool hasIV = false; for (int i = data.Length - 1; i >= 0; i--) { if (lpReplacedFileName.Contains(data[i])) { string[] IVnumbers = data[i + 1].Split(' '); for (int j = 0; j < IV.Length; j++) { IV[j] = (byte)int.Parse(IVnumbers[j]); } hasIV = true; break; } } // If IV is not exist, generate IV if (!hasIV) { This.aes.GenerateIV(); This.Interface.addIV(lpReplacedFileName, This.aes.IV); string IVstring = ""; for (int i = 0; i < This.aes.IV.Length; i++) { IVstring += (This.aes.IV[i].ToString() + " "); } List<string> tmpData = new List<string>(); // Save IV into file tmpData.Add(lpReplacedFileName); tmpData.Add(IVstring); File.AppendAllLines(dataFile, tmpData); File.SetAttributes(dataFile, FileAttributes.Hidden); } #endregion #region Encrypt data ICryptoTransform encryptor = This.aes.CreateEncryptor(); MemoryStream msEncrypt = new MemoryStream(); CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write); csEncrypt.Write(This.dataIgnition, 0, MAX_BLOCK_SIZE); csEncrypt.FlushFinalBlock(); Array.Copy(msEncrypt.ToArray(), This.dataToEncrypt, MAX_BLOCK_SIZE); msEncrypt.Close(); csEncrypt.Close(); // Read all data and encrypt byte[] dataToReplace = File.ReadAllBytes(lpReplacementFileName); OutputDebugString("Replace Read-" + lpReplacedFileName); for (int i = 0; i < dataToReplace.Length; i++) { dataToReplace[i] = (byte)(dataToReplace[i] ^ This.dataToEncrypt[i % MAX_BLOCK_SIZE]); } File.WriteAllBytes(lpReplacementFileName, dataToReplace); OutputDebugString("Replace Write-" + lpReplacementFileName); #endregion } } } catch (Exception ex) { OutputDebugString(ex.ToString()); } return ReplaceFile(lpReplacedFileName, lpReplacementFileName, lpBackupFileName, dwReplaceFlags, lpExclude, lpReserved); }
static extern bool ReplaceFile(string lpReplacedFileName, string lpReplacementFileName, string lpBackupFileName, ReplaceFileFlags dwReplaceFlags, IntPtr lpExclude, IntPtr lpReserved);