internal static IntPtr CreateFile_Hooked(
String lpFileName,
UInt32 dwDesiredAccess,
FileShareMode dwShareMode,
/*ref SECURITY_ATTRIBUTES*/ IntPtr lpSecurityAttributes,
CreateFileCreationDisposition dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile)
{
IntPtr result = new HookContext <IntPtr>(
func => ((CreateFile_Delegate)func)(lpFileName, dwDesiredAccess,
dwShareMode, lpSecurityAttributes, dwCreationDisposition,
dwFlagsAndAttributes, hTemplateFile),
helper =>
{
IntPtr helperResult = FileEncryptionLayer.CreateFile(lpFileName, dwDesiredAccess, dwShareMode,
lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes,
hTemplateFile);
// Path rewriting for .NET host app
if (helperResult == Win32Api.INVALID_HANDLE_VALUE)
{
uint errorCode = Win32Api.GetLastError();
if (IsPathInExeDirOfNETHost(lpFileName))
{
lpFileName = AdjustPathToAssemblyExeDir(lpFileName);
// log it before anything crashes.
helperResult = FileEncryptionLayer.CreateFile(lpFileName, dwDesiredAccess, dwShareMode,
lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes,
hTemplateFile);
}
else
{
Win32Api.SetLastError(errorCode);
}
}
return(helperResult);
},
errorCode =>
{
SetLastError(unchecked ((uint)errorCode));
return(IntPtr.Zero);
},
HookLogging.DefaultLogging, "[FILENAME]: {0}", lpFileName).Call();
return(result);
}
internal static bool WriteFile_Hooked(
IntPtr hFile,
IntPtr lpBuffer,
UInt32 nNumberOfBytesToWrite,
/*ref UInt32*/ IntPtr lpNumberOfBytesWritten,
/*ref OVERLAPPED*/ IntPtr lpOverlapped)
{
return(new HookContext <bool>(
func => ((WriteFile_Delegate)func)(hFile, lpBuffer, nNumberOfBytesToWrite,
lpNumberOfBytesWritten, lpOverlapped),
helper => FileEncryptionLayer.WriteFile(hFile, lpBuffer, nNumberOfBytesToWrite,
lpNumberOfBytesWritten, lpOverlapped),
errorCode =>
{
SetLastError(unchecked ((uint)errorCode));
return false;
},
HookLogging.DefaultLogging, "[hFile]: {0}", hFile.ToString()).Call());
}
internal static bool ReadFile_Hooked(
IntPtr hFile,
IntPtr lpBuffer,
UInt32 nNumberOfBytesToRead,
/*ref UInt32*/ IntPtr lpNumberOfBytesRead,
/*ref OVERLAPPED*/ IntPtr lpOverlapped)
{
BytesRead br = new BytesRead(lpNumberOfBytesRead);
return(new HookContext <bool>(
func => ((ReadFile_Delegate)func)(hFile, lpBuffer, nNumberOfBytesToRead,
lpNumberOfBytesRead, lpOverlapped),
helper => FileEncryptionLayer.ReadFile(hFile, lpBuffer, nNumberOfBytesToRead,
lpNumberOfBytesRead, lpOverlapped),
errorCode =>
{
SetLastError(unchecked ((uint)errorCode));
return false;
},
HookLogging.DefaultLogging, "[hFile]: {0} [toRead]: {1} [Read]: {2}",
hFile.ToString(), nNumberOfBytesToRead, br).Call());
}
