QFile and Windows Calls
-
Hello there,
Just a generic quesiton on QFile.
I am wondering "Does QFile intern uses windows calls like "CreateFileA"?"The reason I am asking this is because, I am doing windows-hook to get the calls on differernt file-operations (like CreateFileA/SetFilePointer/ReadFile/CloseHandle). My function-pointer are perfectly getting call/Hit when I use std::ofstream or CFile, HOWEVER THEY DOES NOT GET CALLED/Hit WHEN I USE "Qfile".
Is there any way out for this?
Thanks in advance -
Hello there,
Just a generic quesiton on QFile.
I am wondering "Does QFile intern uses windows calls like "CreateFileA"?"The reason I am asking this is because, I am doing windows-hook to get the calls on differernt file-operations (like CreateFileA/SetFilePointer/ReadFile/CloseHandle). My function-pointer are perfectly getting call/Hit when I use std::ofstream or CFile, HOWEVER THEY DOES NOT GET CALLED/Hit WHEN I USE "Qfile".
Is there any way out for this?
Thanks in advance@HrishiGobler
So far as I am aware, anything which creates a file under Windows must ultimately go throughCreateFile(even if it goes via_open()or whatever). However, there isCreateFileA,CreateFileW, plainCreateFile, and even a newCreateFile2. So you might need to look at those. I have also seen in https://stackoverflow.com/a/17558726/489865:CreateFileA/W is quite low, but not low enough to catch em all!
To solve 2. you must hook Zw/NtCreateFile from Ntdll.dll which is what you're seeing in procmon. There is nothing lower than these API's in user land.
However I see you mention other I/O calls and say that monitoring them is not working either. I don't know whether they would fail if your hook to original
CreateFileis not functioning. -
Thanks a lot for your valuable reply.
I got it fixed, just by intercepting the QtCore.dll ( I was assuming that just intercepting/hooking ucrtbase.dll would be enough and the callbacks would be triggered, but it seems it was not the case) .
Please do let me know, if I am in the right direction.
