[VB6] - Kernel mode driver.

[xiaoyao]

Is there any way to simulate the reading and writing of ISO files by means of a driver? Or intercept the process of reading and writing. For example, a folder is simulated as an ISO file.

Suppose you create a file of the same size as the target file in a certain file on drive d. But his content is empty. Only the file size is set to be the same.And then if the third party process needs to read, um, change the file. For example, read from an exe pe resource file, or read an encrypted file from zip and then decompress it, and send the corresponding data to him.

I don't know if the function of virtual file can be realized by driver.
Simply put, it's like an MP3 player. He prereads the memory in chunks at a time.
Suppose a file is encrypted into 10 parts. If MP3 is currently reading part of the 4th encrypted block.This part of the main body is complete, and he still needs a little bit of the fifth part of the document.The fifth encryption block is then clipped to memory, and the corresponding bytes are returned to the virtual driver as needed.

Simply put, how to virtualize a file.
If you are only in the same process, you can use the hook API.
File-driven approach. Can his request be targeted at different processes?

[xiaoyao]

File Handle: is the FileHandle obtained after the previous ZwCreateFile succeeds. In the case of kernel handles, ZwReadFile and ZwCreateFile do not need to be in the same process. The handle is common to all processes.

Key start mode can simulate the reading of an encrypted file.
Uch as word or Excel, open a blank file of the same size in read-only mode.
If you can use VB to write some more interesting ah, open source drivers may also be more fun.After all, twinbasic can generate 64-bit drivers. But the syntax is the same as VB6.

Would it be difficult to simulate a single virtual file?

Or adopt some open source ramdisk features.Or the function of virtual U disk, so that any virtual file can be written in the U disk. O as to achieve the function of file encryption. The key is to use the Explorer to open the virtual file can not be copied away?

[fafalone]

@The trick, thanks.

--
@xiaoyaio

Filter drivers that intercept i/o are a mainstay of driver development. You can look at the anti-malware examples in the WDK samples library for intercepting I/O with them (note: currently not working in tB; there's, I believe, an IAT issue with imports). You can do it in classic WDM too, with IRP_MJ_CREATE handling.

But you can actually mount ISO files. If you mount them in user mode, you can read/write in kernel mode.

You can also write your own ISO mounting driver; this is how it was done before Windows 8 introduced built in ISO support. ImDisk is an open source driver that mounts ISOs (not in BASIC, obviously).

In the future, MAKE YOUR OWN THREADS. You question is not related to The trick's driver example specifically, it's a general driver question that probably doesn't even belong on this forum unless it's VB-implementation specific.