Hi, I am new to Codeguru, but I hope I am right, posting my topic here.
I would like to know, if anyone knows how I can protect Directories.
If programm A for example, wants to delete a file in a folder, is it possible for (my) programm B to detect that action and prevent it?
I want to protect certain areas of my Folders from access, some prorgamms might want to have.
I hope you understand my problem.

Thank you,

Anno1989

Is there nobody here, who knows how to solf this?
I found this:
FindFirstChangeNotification
ReadDirectoryChangesW

I found this:
FindFirstChangeNotification
ReadDirectoryChangesW
These ones use only for monitoring.
When you'll get a notification, the changes are already done, so you cannot "prevent" anything.

What you need to learn is how to implement "Hooks" and how to work with Dynamic Link Library (DLL) files. Hooks are created by programs to monitor many types of "actions" such as the co-ordinates of the mouse or what key is being pressed on the keyboard (whether or not your window is active), mind you, if you just need to monitor the mouse or what key is being pressed on the keyboard then you won't need to know how to use DLLs, but in this situation you will need to.

To tell the truth I'm just taking a guess here, I don't know if this is what you're looking for. I've only ever used hooks for the mouse and keyboard, which was pretty exciting :D. But even so, if you want to monitor actions going on in a computer using hooks is your best bet, which is why I bothered to tell you.

Message Hooks are irrelevant here.
Use CHH for example (Google groups, Win32 , plenty of samples)

I didn't exactly say that message hooks were the answer, there are moer than just three you know. I assume you meant that all hooks are irrelevant, in that case, are you sure? because I can't really see any other way of doing it... unless you create a service that is.

Dont know what CHH is and dont get any good results, do you have a link?
So it is not possible with the pure winapi functions documentated in the msdn?
So when I use hooks, can I really stop any other application?

Or is there even a methode, windows lets me interfere in File actions anyway?
Maybe I search for something what is not implemented in windows.^^

Edit: Took to long to post. A service? I already created a simple service, but what is the difference between a service and a normal programm.
When my programm runs successfully, I assume I would make a service of it anyway.

I'm sorry Anno, all I know about services is that when it comes to power they are even above programs, because they can run before you even log into Windows. That's how defragmenting programs defrag your computer before you log-in.

When it comes to programs, using hooks is pretty much the most power you can control, although there could be other things that I don't know about.

I really recommend you research services and hooks... but don't take my word for anything I ain't no pro.

Hi, I am new to Codeguru, but I hope I am right, posting my topic here.
I would like to know, if anyone knows how I can protect Directories.
If programm A for example, wants to delete a file in a folder, is it possible for (my) programm B to detect that action and prevent it?
I want to protect certain areas of my Folders from access, some prorgamms might want to have.
I hope you understand my problem.

Thank you,

Anno1989

You can use Microsoft Detours (http://research.microsoft.com/en-us/projects/detours/) to prevent a file from being deleted. Or possibly back up the file before the program deletes the file.

I think its pretty obvious he wants to know how to do it programmaticly :).

Yes, I already thought about backing the File up and replacing it, after it is deleted.
But, I can hardly backup a larger Directory.
Yes, I want to know, if there is a way, to do this programmatically.
I also found change journals, that report changes on volumes.
I think I look at this, cause ReadDirectoryChangesW() does not return in my application.^^
Maybe I find something when I read the File Services Section of msdn in System Services.
Or has anyone a better solution?^^

Thank you for your help so far.

Well I have though of one way of doing it... but it isn't really recommended. What you could do is periodically search for the delete box, by this I mean that you could use certain functions to search for its class ID... once you find it just close it or programmaticly hit the "cancel" button.

Its been a while since I did any sort of programming that's why I can't list any functions... wait... I just remembered FindWindow, it take in the class ID and another parameter which I forgot, you can use this.

Ther only reason I posted this approach was because it seems this is the only solution that anyone can come up with for you on CodeGuru... honestly I'm quite suprised peope havn't said something.... I was sure there'd be atleast one.

Just to let you know, it is possible to do it the "propper" way. I mean just look at anti-viruses right? They can stop a lot of malicious activities from taking place. I have no idea how they do it though.... sorry.

Right, I thought there would be more people who can help, too, thats why I came to codeguru. ^^
But if nobody helps, the only two reasons I can think of are, wrong sub forum, or that there isnt really a good way to solve this...
Searching for the delete Box?
I dont aim to protect myself against Apps, who ask for deleting or something like that. I want to get a full protection against Apps who dont show me, that they delete something, else it wouldn't make much sense I think...

Google for Volume Shadow Services.

What you're looking for IS a bit tricky, but it is possible.

The Volume Shadow Service may get you there, it somewhat depends on the nature of your application requirements.

There's lots to ask about the scenario, too.

Where did the file(s) come from that you need to protect?


Right, I thought there would be more people who can help, too, thats why I came to codeguru.


...and you'll find there ARE people here from diverse industries, of considerable experience, and often very busy!

We volunteer, so it's not always fast service.

Sorry, if you misunderstood me, I did not meant to blame anybody or complain.
Mhh I want to protect my windows Directory on the system partition, maybe the whole system partition.
Just, that no programm, that simply deletes some files there can kill my Computer...
And of course I want to know which programm wants to operate there.
Is that possible?

Hiding System Directory or Drive is NEVER a good idea... its ofcourse a bad idea. because Every Folder/Directory protection software developers Discourage and strictly says You MUST NOT lock the System files/Folders or Directories with this software... etc...


So, all i need to tell is, Hiding a System Partition, Folder or System files is really Bad Idea. :)

Okay, so what can I do to protect the system folder?
Read the changes and retrieve the old status if an unauthorized delete took place?
All in all I don't want to hide it from access. Only because you have installed a firewall, this does not mean, you don't have access to the internet.
For some applications operation in the system Directory will be allowed, for some not.
I want to make it like a firewall, that asks if an application not in a special "trusted - list" wants to operate. If this is still to strict, maybe only filter delete and rewrite operations.
I dont want to lock it, just protecting it...

Well, what you are talking about is already implemented in the Microsoft Operatring systems since Windows Vista.

It allows write/modify access in system directories or system folders for ONLY programs which are allowed to run as administrator by the user.

So that an ordinary program running with normal privillage cannot change or modify system files/folders and settings. :)


I am not saying creating such an application is impossible... its possible ofcourse... but will be a lil bit hard to go way.... you may try writing such an application, ofcourse.. :)

Okay, but I use XP and dont want to rely on some protection, coming from microsoft, although using a Microsoft OS.^^
I may be paranoid, but I think there will be lots of security problems with the function you described and someone, who wants to harm your system will probably find a way to bypass that system.
I dont mean to write something superior, but on the one hand, I just want to expand my knowledge and on the other hand have an own programm, with what I can control access and if something happens restore the old version of directorys.
Mhh maybe it is really impossible, like you said, but at least I wanna try it.
Someone else got some ideas for me?

You can inject dll to all the running applications, or modify kernel32.dll, and capture calls to DeleteFileA and DeleteFileW, you can do this by a technique called API Hooking.