Intercepting i/o calls on a CD
Hi,
Please see if you can help me out on this.
I have a CD that contains files (doc, xls, htm etc.) pre-encrypted with a program written by me. If someone simply inserts the CD and reads the files in Word, Excel or IE, he gets encrypted garbage.
I want the user to always access the proper content of the CD after running a startup EXE, which is also written by me. The startup program, when run by the user, resides in memory (may be in system tray as well). Once this program is loaded, it intercepts any i/o on the CD made from Word, Excel, IE or other apps, and decrypts the content on-the-fly and returns readable content to that app.
I have not yet written any of these programs! :-) I am planning to.
My question is - how to accomplish this? The encryption and decryption part can of course be taken care of by me. I am concerned about intercepting any i/o calls to the CD. Please remember, I do not know which applications will access the CD files. So, I need to trap system-wide i/o calls to the CD and return proper output.
How to do that?
Thanks,
Rupak
[1135 byte] By [
rbasu] at [2007-11-20 8:35:17]
# 1 Re: Intercepting i/o calls on a CD
I am sure I will get useful hints from this forum (although I have not yet received any).
rbasu at 2007-11-9 13:30:32 >
# 2 Re: Intercepting i/o calls on a CD
Well there are some approaches to do what you need.
One of them is injecting into the applications that will read the contents from a CD and then intercepting ReadFile function calls, using Windows API hooking technique.
The second one is writing a file system filter driver as it is done in Filemon utility from Sysinternals.
The second approach is general, but you will need to write a file system driver.
Anyway if you know particularly which applications will use the contents that are on the CD, you can write a plugin for those applications. It will start any time the application starts and when the application will try to read something from a CD, your plugin can intercept ReadFile function call and decrypt the content.
It is easy to write such plugin for MS Word, MS Excel and Internet Explorer applications.
So firstly decide do you really want to hook CD reading for ANY application?
If the answer is Yes, then you can use the second approach (writing a file system filter driver). Or you can inject into all active applications and monitor ReadFile function calls (I don't like this because it can slow down the system, moreover some antivirus applications may warn the user that you trying to do injection...).
But if the answer is "No" the injection could be achieved by writing some plugin for each particular application.
Regards,
Armen.
Armen at 2007-11-9 13:31:32 >
# 3 Re: Intercepting i/o calls on a CD
Hi Armen,
Thanks for your guidance.
After posting here I did find the concept of file system filter drivers, but the api hooking hint is definitely a new direction to me. It seems much more managable than filter driver.
I have decided that the files (mainly HTML, JPG etc.) will be accessed through my own program only. I don't care if other apps like IE, Firefox get garbage (which they will of course do since the files are by default encrypted) while reading the files. A summary of my requirement is like this:
- the files are on CD, in encrypted form.
- user launches a start.exe, which itself is the intercepter, decrypter and HTML renderer. (I plan to include IE activex control within this app for rendering).
- so, when the program is launched, the default page is shown within the app. Subsequently, whenever the user clicks on a link (calling and HTML or JPG or similar file), that file is accessed, decrypted and rendered.
- the problem is, I will not know exactly when the embedded IE control makes a ReadFile since the control is a separate ActiveX app. Hence, I do need to do some form of hooking to intercept ReadFile or similar input operation on the CD, take control, decrypt the file and return the output.
Please do not think I am not doing any research on my own. However, till now I have not found the exact model or reference code on how to tap my ActiveX control's I/O calls on the CD.
Any further hints would be appreciated.
Thanks,
Rupak
rbasu at 2007-11-9 13:32:27 >
# 4 Re: Intercepting i/o calls on a CD
Originally posted by rbasu
I have decided that the files (mainly HTML, JPG etc.) will be accessed through my own program only. I don't care if other apps like IE, Firefox get garbage (which they will of course do since the files are by default encrypted) while reading the files.
Well in this case I guess there is no need to use API hooking.
Originally posted by rbasu
- user launches a start.exe, which itself is the intercepter, decrypter and HTML renderer. (I plan to include IE activex control within this app for rendering).
Is IE ActiveX only for rendering? As I understood here your idea is that your application will read the files from the CD, decrypt them and pass to IE ActiveX for rendering right?
Originally posted by rbasu
- the problem is, I will not know exactly when the embedded IE control makes a ReadFile since the control is a separate ActiveX app. Hence, I do need to do some form of hooking to intercept ReadFile or similar input operation on the CD, take control, decrypt the file and return the output.
Again if your application will read the files it can decrypt them and pass decrypted buffer to IE ActiveX for rendering, so you don't need to hook ReadFile (API hooking should be avoided when it is possible).
BTW if your plan is use IE ActiveX not only for rendering and also to access the files on the CD, you can again avoid using ReadFile hooking. Just see IBindStatusCallback (http://msdn2.microsoft.com/en-us/library/ms775063.aspx) interface description. Or you can use Asynchronous Pluggable Protocol (http://msdn2.microsoft.com/en-us/library/aa767916.aspx). It allows you to catch file reading decrypt the content and give it to IE ActiveX.
Armen at 2007-11-9 13:33:31 >
