2. Programming Q&A
  3. c++ - Intercepting Shell.Open(path) and canceling it - Stack Overflow

c++ - Intercepting Shell.Open(path) and canceling it - Stack Overflow

admin2025-05-01  1

I want to cancel any attempt from any program to open a windows explorer window, and instead do something else. So far I spent a lot of time with SetWindowsHookEx, VirtualProtect, ShellExecuteW, and all sort of global hooks, but nothing works. I succeeded to install a hook that gets notified when some windows are activated, but not any window, and most importantly not windows explorer. I would think VirtualProtect is the best avenue if the goal is to cancel the operation completely, but I would welcome anything that works and prevent the window from being visible even the slightest.


extern "C" __declspec(dllexport) void SetGlobalHook()
{
    _hmod = GetModuleHandle(L"DllPlusPlus"); // Get the handle of the current DLL
    if (_hmod != NULL)
    {
        OriginalShellExecuteW = (ShellExecuteW_t)GetProcAddress(GetModuleHandle(L"shell32.dll"), "ShellExecuteW");
        if (OriginalShellExecuteW != NULL)
        {
            DWORD oldProtect;
            VirtualProtect((LPVOID)OriginalShellExecuteW, sizeof(LPVOID), PAGE_EXECUTE_READWRITE, &oldProtect);

            // Replace the function pointer with the address of the hook
            *(LPVOID*)&OriginalShellExecuteW = (LPVOID)HookedShellExecuteW;

            VirtualProtect((LPVOID)OriginalShellExecuteW, sizeof(LPVOID), oldProtect, &oldProtect);

            hShellHook = SetWindowsHookEx(WH_SHELL, ShellProc, _hmod, 0);
            if (hShellHook == NULL)
            {
                DWORD error = GetLastError();
                std::wofstream logFile("C:\\hook_error_log.txt", std::ios::app);
                if (logFile.is_open())
                {
                    logFile << "Failed to install shell hook! Error: " << error << std::endl;
                    logFile.close();
                }
                MessageBox(NULL, L"Failed to install shell hook! Check log for details.", L"Error", MB_OK);
            }
        }        
    }
    
}

HINSTANCE WINAPI HookedShellExecuteW(HWND hwnd, LPCWSTR lpOperation, LPCWSTR lpFile, LPCWSTR lpParameters, LPCWSTR lpDirectory, INT nShowCmd)
{
        // Log the shell operation
        std::wofstream logFile("C:\\shell_hook_log.txt", std::ios::app);
        if (logFile.is_open())
        {
            logFile << "Intercepted Shell.Open: " << lpFile << std::endl;
            logFile.close();
        }

    if (lpOperation && _wcsicmp(lpOperation, L"open") == 0)
    {
        // Cancel the operation by returning a failure code
        return (HINSTANCE)33; // ShellExecute returns an HINSTANCE greater than 32 if successful
    }

    // Call the original ShellExecuteW
    return OriginalShellExecuteW(hwnd, lpOperation, lpFile, lpParameters, lpDirectory, nShowCmd);
}

then doing the injection, from a program.


    const char* dllName = "DllPlusPlus.dll"; 
    LPCWSTR wDllName = ConvertToWideChar(dllName);

    HMODULE hMod = LoadLibrary(wDllName);
eHook");
    
    LPFN_SH SetGlobalHook = (LPFN_SH)GetProcAddress(hMod, "SetGlobalHook");    
    SetGlobalHook();
转载请注明原文地址:http://www.anycun.com/QandA/1746109592a91800.html

cIntercepting ShellOpen(path) and canceling itStack Overflow