A Few Questions
I'm working on a program that does a number of system level things. One of which is to create a Hard Drive that acts like a drive in almost every way but it actually redirects to a folder somewhere. Much like Daemon tools creates a fake DVD drive and redirects all read access to a mounted CD image. How would I go about doing this? Are there any Links for this? Is it possible to redirect ALL file IO activity of a program???
Secondly, this program that I'm writing is going to be a service (for obvious reasons) but its going to install system wide hooks, that which mimic an anti virus. So that all file read/write AND Registry calls are hooked. Anyone know which WM_ messages might I need to look for to intercept calls? Where can I read about these hooks?
Where can I find out some info on how the Registry is structured?
> One of which is to create a Hard Drive that acts like a drive in almost every way
> but it actually redirects to a folder somewhere.
You mean like the subst console command?
subst s: "c:\Program Files"
> Are there any Links for this?
I'm sure several hours wandering round MSDN (or other search engines) should lead somewhere.
> Is it possible to redirect ALL file IO activity of a program?
- all network activity goes via the firewall
- all file activity goes via the virus scanner
I'm going with "yes"
You'll probably find some useful stuff on www.sysinternals.com which have many tools which use the things you describe.
Assuming that you aren't doing something illegal...like a rootkit...
Heh, no its perfectly Legal. Its actually an academic Project.
And as per Salem's answer, im looking for code samples i could use to learn these techniques. Microsoft isn't exactly a huge repository of free code. is there an open source version of the subst command so I may learn the code behind it?
subst uses DefineDosDevice.
Ok cool. so is this the official way of creating a "virtual" drive? Ive heard that using DDK functionality (IoRegisterDeviceInterface and similar functions) to simulate a drive functionality is a bit more compatible with the different flavors of Windows (9x and up). But I might be wrong.
Although I have not found any resources yet that show you exactly how to use the Io functions in the DDK. If anyone has more info on this, it would be greatly appreciated.