public void AddFileEntry (int processId, FileEntry entry)
{
if (!FileEntries.ContainsKey (processId))
{
FileEntries.Add (processId, new List <FileEntry>());
}
FileEntries [processId].Add (entry);
}
/// <summary>
/// This callback is invoked whenever this process calls CreateFile(). This is where we can modify parameters and other cool things.
/// </summary>
/// <remarks>
/// The method signature must match the original CreateFile().
/// </remarks>
private IntPtr OnCreateFile(string filePath, uint desiredAccess, uint shareMode, IntPtr securityAttributes, uint creationDisposition, uint flags, IntPtr templateFile)
{
try
{
/*
* Note that we can do whatever we want in this callback. We could change the file path, return an access denied (pretend we're an antivirus program),
* but we won't do that in this program. This program only monitors file access from processes.
*/
var fileEntry = new FileEntry() {FullPath = filePath, Timestamp = DateTime.Now };
var processId = Process.GetCurrentProcess().Id;
IpcInterface.AddFileEntry(processId, fileEntry);
}
catch (Exception ex)
{
IpcInterface.PostException(ex);
}
// The process had originally intended to call CreateFile(), so let's actually call Windows' original CreateFile()
return CreateFile(filePath, desiredAccess, shareMode, securityAttributes, creationDisposition, flags, templateFile);
}
