Hooking into windows file access - windows

Is it possible to hook into Windows loading or saving files (no matter how the file is opened like notepad word etc.) to modify the file on the fly?
For example to encode/decode it on the fly?
Would code need administrative permissions to launch?

You probably will have to write a driver. See if you can get a hold of Filemon's source, there is a lot to learn there.

You could also use something like madCodeHook to intercept file read/writes and to install your dll into every process. I've used this technique to record print jobs for billing purposes.

Yes, you need to write an Installable File System driver. The Installable File System Kit from Microsoft contains a couple of sample drivers, including the one used by Filemon. Unfortunately, I do not believe you can access those API's without the IFS Kit.

avoid madCodeHook (not profesdional)
use standard api hooking mechanisms (Richter and Microsoft D mainly)

Related

Is it possible to extract contents of a *non* self-extracting .exe file?

Well.... the question sort of says it all. If possible I would like to be able to do so from a Linux or macOS environment, but I have virtualized Windows if need be.
Thanks in advance!
There is no general answer for this because different installers/applications use different storage methods. You should first try to identify the author of the installer software by looking for clues in the version information and maybe with a hex editor.
My first suggestion is to try 7-zip, it can extract from NSIS based installers and some MSI based installers.
If the setup was created with Inno Setup then you can try this.
If all else fails, try Universal Extractor but even that will fail for obscure and custom .exe files.
It depends. Assuming you have a PE file (windows executable), you can use a resource editor https://stefansundin.github.io/xn_resource_editor/ to extract icons, messages or dialog layouts. This assumes that the author of that file used the native resource system. Other data would only be available if you knew the address within the PE file, or had appropriate debug symbols. But then, you must guess content type, and maybe also file size.

I want to write a simple script to insert date and time in any file in Windows

I work in a secure data environment so my ability to install software is pretty limited. I have Notepad++, but don't have TextFx (and I read it doesn't work in the current version anyway). I don't have the Python plugin for Notepad++ either. No AHK, etc. OS is Windows XP.
I'm trying to find another way to write a basic script that I can use to insert a time and date stamp into any text editor. I did some googling but couldn't find any specific examples.
I noticed that Notepad uses F5 for date/time stamp, so I tried to find the file/code it uses for that, but no luck.
Any tips? Looking for something like a batch file I can assign a KB shortcut to use across text editors, Word, or whatever. Thanks!
What it sounds like you are looking for would be a key macro. The functionality you are describing is implemented within the program itself, and is not available for global usage throughout the OS.
As you are on Windows XP I am not sure what options are available without a software installation. There is no built in macro recorder for Windows XP unfortunately.
If you are in Word, then you could use the built in Office macros to accomplish this. How exactly depends on your version of Office.

Does anyone know any RTL Compression tool?

Does anyone know a good tool for compression files using Windows API function called RtlCompressBuffer? I want to compress an executable using this method.
RtlCompressBuffer is a fairly low-level tool. You'd normally use it to create some higher-level tool before actually compressing an executable.
Windows has a couple such higher level tools, depending on exactly what you want to accomplish. If you want an executable that's stored on a file system in compressed form, then you probably want to use NTFS compression. To compress your executable with this, you call DeviceIoControl with the FSCTL_SET_COMPRESSION flag.
If you want to compress a file for distribution (e.g., so a user will be able to download it faster) you normally want to put it into a cabinet file, which you might then ship by itself, or (generally preferred) package it up into an MSI package. As far as pre-packaged tools to do this, you'd be looking at Microsoft's cabarc. If you want to do the job in your own code, you can use the File Compression Interface (FCI).
Obligatory side note: although both of these do compression (and also support matching decompression), no I'm not really sure whether either (not to mention both) is actually implemented using RtlCompressBuffer. I don't believe Microsoft's documentation specifies their implementation in nearly that level of detail.

Adding a DLL file as reference in C#.NET project

I am currently working on a project to perform disk defragmentation in Microsoft Windows environment. For that I want to use the in-built functions of the Windows defragmentation utility. I read somewhere that Windows uses "dfrgres.dll" file to perform defragmentation. So, I want to add "dfrgres.dll" file as a reference in my project. But I am not able to do so. This is the error message which I am getting when I try to add the specified DLL into my project:
"A reference to '...\dfrgres.dll' could not be added. Please make sure that the file is accessible, and that it is a valid assembly or COM component"
Please tell me where the problem is...or is there any other way to do it...??? Are there any other open source resources available over the internet for defragmentation...???
Regards,
Mr. Elusive
There is no dedicated DLL or COM server to perform defrag, the low-level interface uses IOCTL codes to talk to the device driver. Briefly described here.
There's a Microsoft employee blog post that proposes a C# interface. No idea if it still works on later versions of Windows.

Using Named Pipes as Files

Simple question here (though perhaps not such a simple answer):
Is it possible to specify a path for an (existing) named pipe that can be used by programs as if they were opening on a normal file?
According to this MSDN page, name pipes on the local computer can be referrenced using the following path syntax: \\.\pipe\PipeName, yet I'm having no luck using this from standard Windows programs.
As a side point, if anyone has any suggestions for interfacing with programs that are only capable of using the file-system in a more efficient manner than physical I/O (e.g. named pipes), I would be glad to take them.
It would only work if the programs are using the Win32 API CreateFile() function to open the files.

Resources