Intercept windows open file

Question

I'm trying to make a small program that could intercept the open process of a file.

The purpose is when an user double-click on a file in a given folder, windows would inform to the software, then it process that petition and return windows the data of the file.

Maybe there would be another solution like monitoring Open messages and force Windows to wait while the program prepare the contents of the file.

One application of this concept, could be to manage desencryption of a file in a transparent way to the user. In this context, the encrypted file would be on the disk and when the user open it ( with double-click on it or with some application such as notepad ), the background process would intercept that open event, desencrypt the file and give the contents of that file to the asking application.

It's a little bit strange concept, it could be like "Man In The Middle" network concept, but with files instead of network packets.

Thanks for reading.

Answer 1

The best way to do it to cover all cases of opening from any program would be via a file system filter driver. This may be too complex for your needs though.

Answer 2

You can use the trick that Process Explorer uses to replace itself with task manager. Basically create a key like this:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

Where you replace 'taskmgr.exe' with the name of the process to intercept. Then add a string value called 'Debugger' that has the path to your executable. E.g:

Debugger -> "C:\windows\system32\notepad.exe"

Every a process is run that matches the image name your process will actually be called as a debugger for that process with the path to the actual process as an argument.