CopyFile and CopyFileEx
David Mack
CopyFileEx. Is there a Native System Service that is called that, if so
what is it. I have looked at the book Native API reference but there isn't
a clear link
to these calls. Any help is appreciated. I am kinda new to the kernel mode
development.
Slava M. Usov
news:wcMO4.67313$cZ.1...@typhoon.southeast.rr.com...
To the best of my knowledge, CopyFile() and CopyFileEx() are implemented in
user-mode completely.
--
Slava
Please send any replies to this newsgroup.
microsoft.public.win32.programmer.kernel
Dejan Maksimovic
I have never tried the CopyFile, but as for CopyFileEx, I am sure that it
makes somewhat kernel calls, as unlike user-mode copy functions, it alignes the
file (i.e. the data of the file being copied is not fragmented, if possible).
But, even if CopyFileEx made kernel calls, they would be NTReadFile or
NtWriteFile etc. not a NtCopyFileEx...
For concrete info, You'd better find Strace (I don't remember the URL).
Regards, Dejan.
"Slava M. Usov" wrote:
--
Look forward to Your response.
Regards, Dejan Maksimovic, CP Alfa Co.
E-mail : alfa...@ptt.yu
dmaks...@alfaunits.co.yu
Development : alf...@alfaunits.co.yu
ICQ# : 56570367 -> Requires authorization
Tel. +381-18-363247
Fax : 1-435-4070614
Enterprise file&system components for Delphi, BCB,
MSVC++, MSVB etc.
Alfa File Monitor - The only Delphi/BCB real-time
file event notification component.
http://www.alfaunits.co.yu//afm.htm
Visit the Alfa Units home page :
http://www.alfaunits.co.yu/au.htm
The best in directory, over 2GB file, monitoring,
and registry handling. Also great in
large integer operations.
Please send me Your comments, ideas,
requests, bug reports etc.
David Mack
but there has to be a function or something that tells the kernel to read
from this
file and write to that file. There has be a function that has both the
destination and source file in a structure or something. I don't think
there is a NtCopyFile
despite my hopes of one existing.
Dejan Maksimovic <alfa...@ptt.yu> wrote in message
news:390C8108...@ptt.yu...
Slava M. Usov
> I thought the samee thing, that NtWriteFile and NtReadFile would be called
> but there has to be a function or something that tells the kernel to read
> from this
> file and write to that file. There has be a function that has both the
> destination and source file in a structure or something. I don't think
> there is a NtCopyFile
> despite my hopes of one existing.
Such a function exists, it is CopyFile() or CopyFileEx(), respectively.
Mark Roddy
<stripit...@usa.net> wrote:
>David Mack <dm...@infoseerinc.com> wrote in message
>news:kU%O4.68839$cZ.1...@typhoon.southeast.rr.com...
>> I thought the samee thing, that NtWriteFile and NtReadFile would be called
>> but there has to be a function or something that tells the kernel to read
>> from this
>> file and write to that file. There has be a function that has both the
>> destination and source file in a structure or something. I don't think
>> there is a NtCopyFile
>> despite my hopes of one existing.
>
>Such a function exists, it is CopyFile() or CopyFileEx(), respectively.
No there is no such NT system service API. And worse (or better) the
NT implementation does not do 'read from x' 'write to y'. Instead it
memory maps the source and destination. (Well this eventually results
in 'read from x' 'write to y', but not in the context of the
application that executed the Win32 copyfile.)
=
Mark Roddy
WindowsNT Windows2000 Consultant
Hollis Technology Solutions
http://www.hollistech.com
mailto:in...@hollistech.com
Dejan Maksimovic
That is certain.
But, what is the goal of this?
Regards, Dejan.
David Mack wrote:
> I thought the samee thing, that NtWriteFile and NtReadFile would be called
> but there has to be a function or something that tells the kernel to read
> from this
> file and write to that file. There has be a function that has both the
> destination and source file in a structure or something. I don't think
> there is a NtCopyFile
> despite my hopes of one existing.
>
> Dejan Maksimovic <alfa...@ptt.yu> wrote in message
> news:390C8108...@ptt.yu...
> >
> > I have never tried the CopyFile, but as for CopyFileEx, I am sure that
> it
> > makes somewhat kernel calls, as unlike user-mode copy functions, it
> alignes the
> > file (i.e. the data of the file being copied is not fragmented, if
> possible).
> > But, even if CopyFileEx made kernel calls, they would be NTReadFile or
> > NtWriteFile etc. not a NtCopyFileEx...
> > For concrete info, You'd better find Strace (I don't remember the
> URL).
> >
> > Regards, Dejan.
> >
> > "Slava M. Usov" wrote:
> >
> > > David Mack <dm...@infoseerinc.com> wrote in message
> > > news:wcMO4.67313$cZ.1...@typhoon.southeast.rr.com...
> > > > Does anyone know which kernel function is called when you do a
> CopyFile or
> > > a
> > > > CopyFileEx. Is there a Native System Service that is called that, if
> so
> > > > what is it. I have looked at the book Native API reference but there
> > > isn't
> > > > a clear link
> > > > to these calls. Any help is appreciated. I am kinda new to the
> kernel
> > > mode
> > > > development.
> > >
> > > To the best of my knowledge, CopyFile() and CopyFileEx() are implemented
> in
> > > user-mode completely.
> > >
> > > --
> > >
> > > Slava
> > >
> > > Please send any replies to this newsgroup.
> > > microsoft.public.win32.programmer.kernel
> >
Member of ASP, since April 13th 2000.
David Mack
I want to control where people copy files onto my system and I understand
people can make their own copy functions but for the average user, just
intercepting it and doing my own processing would be enough for now.
Dejan Maksimovic <alfa...@ptt.yu> wrote in message
> requests, bug reports etc.
>
>
Slava M. Usov
> It would be nice if I could intercept the calls to CopyFile and
CopyFileEx.
> I want to control where people copy files onto my system and I understand
> people can make their own copy functions but for the average user, just
> intercepting it and doing my own processing would be enough for now.
You could write a small DLL and have the system load it into every running
process, and the DLL would hook CopyFile()/CopyFileEx() exported from
kernel32.dll and perhaps some copy functions from the shell library.
David Mack
I think that would suffice. Is there any example of that on the net ? I
have
been doing UI programming and some system programming a very little
driver work so forgive me for not knowing !!! I do appreciate everyone's
help.
Is there a book that would be helpful for this ?
thanks again
David
Slava M. Usov <stripit...@usa.net> wrote in message
news:#DY73XGt$GA....@cppssbbsa02.microsoft.com...
Dejan Maksimovic
Take a look at EliCZ.alfaunits.co.yu
I think that using ApiHooks or Syrange (Intercepter, as it is called there)
would be better than writtin a device driver.
Best wishes, Dejan.
David Mack wrote:
> It would be nice if I could intercept the calls to CopyFile and CopyFileEx.
> I want to control where people copy files onto my system and I understand
> people can make their own copy functions but for the average user, just
> intercepting it and doing my own processing would be enough for now.
> > > > > David Mack <dm...@infoseerinc.com> wrote in message
> > > > > news:wcMO4.67313$cZ.1...@typhoon.southeast.rr.com...
> > > > > > Does anyone know which kernel function is called when you do a
> > > CopyFile or
> > > > > a
> > > > > > CopyFileEx. Is there a Native System Service that is called that,
> if
> > > so
> > > > > > what is it. I have looked at the book Native API reference but
> there
> > > > > isn't
> > > > > > a clear link
> > > > > > to these calls. Any help is appreciated. I am kinda new to the
> > > kernel
> > > > > mode
> > > > > > development.
> > > > >
> > > > > To the best of my knowledge, CopyFile() and CopyFileEx() are
> implemented
> > > in
> > > > > user-mode completely.
> > > > >
> > > > > --
> > > > >
> > > > > Slava
> > > > >
> > > > > Please send any replies to this newsgroup.
> > > > > microsoft.public.win32.programmer.kernel
> > > >
--
Best wishes, Dejan Maksimovic, CP Alfa Co.
E-mail : alfa...@ptt.yu
dmaks...@alfaunits.co.yu
Development : alf...@alfaunits.co.yu
Member of ASP, since April 13th 2000.
ICQ# : 56570367 -> Requires authorization
Tel. +381-18-363247
Fax : 1-435-4070614
Enterprise file&system components for Delphi, BCB,
MSVC++, MSVB etc.
Alfa File Monitor - The only Delphi/BCB real-time
file event notification component.
http://www.alfaunits.co.yu//afm.htm
Visit the Alfa Units home page :
http://www.alfaunits.co.yu/au.htm
The best in directory, over 2GB file, monitoring,
and registry handling. Also great in
large integer operations.
Slava M. Usov
> Slava
> I think that would suffice. Is there any example of that on the net ? I
> have
> been doing UI programming and some system programming a very little
> driver work so forgive me for not knowing !!! I do appreciate everyone's
> help.
> Is there a book that would be helpful for this ?
Actually this technique has been demonstrated so many times that one could
call it ubiquitous. I believe all major magazines and journals in windows
programming field have at least one sample + article. This has been
thoroughly discussed in this forum for innumerable amount of times... just
go to deja and feed "API monitor" to it.
The essential part of the whole thing is the knowledge of the Portable
Executable file format. Once you're able to locate imports in the
executable, you have almost done it.
As for links, hmm, can't remember... and too lazy to go digging.
David Mack
Dejan Maksimovic <alfa...@ptt.yu> wrote in message
news:390F4628...@ptt.yu...
Dejan Maksimovic
My pleasure.
Best wishes, Dejan.
David Mack wrote:
Web http://www.alfaunits.co.yu
Member of ASP, since April 13th 2000.
ICQ# : 56570367 -> Requires authorization
Tel. +381-18-363247
Fax : 1-435-4070614
Enterprise file&system components for Delphi, BCB,
MSVC++, MSVB etc.
Alfa File Monitor - The only Delphi/BCB real-time
file event notification component.
http://www.alfaunits.co.yu/eafm.htm
Visit the Alfa Units home page :
http://www.alfaunits.co.yu/eau.htm