From 08381710e751695a048ccf9c6cc004cb0faae6f0 Mon Sep 17 00:00:00 2001
From: Thorsten Sick <thorsten.sick@avira.com>
Date: Fri, 18 Jul 2014 10:11:11 +0200
Subject: [PATCH] Adding FileInfo API. Watch them looking at things.... Closes
 #26

---
 cuckoomon.c |  8 ++++++++
 hook_file.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
 hooks.h     | 30 ++++++++++++++++++++++++++++++
 3 files changed, 82 insertions(+)

diff --git a/cuckoomon.c b/cuckoomon.c
index 8b3612a..37b0aff 100644
--- a/cuckoomon.c
+++ b/cuckoomon.c
@@ -101,6 +101,14 @@ static hook_t g_hooks[] = {
     HOOK(kernel32, DeleteFileA),
     HOOK(kernel32, DeleteFileW),
 
+    HOOK(kernel32, GetFileType),
+    HOOK(kernel32, GetFileSize),
+    HOOK(kernel32, GetFileSizeEx),    
+    HOOK(kernel32, GetFileInformationsByHandle),
+    // Needs Windows Vista
+    // HOOK(kernel32, GetFileInformationsByHandleEx),
+
+
     //
     // Registry Hooks
     //
diff --git a/hook_file.c b/hook_file.c
index 42145a8..a829d4e 100644
--- a/hook_file.c
+++ b/hook_file.c
@@ -504,3 +504,47 @@ HOOKDEF(BOOL, WINAPI, DeleteFileW,
     LOQ("u", "FileName", lpFileName);
     return ret;
 }
+
+HOOKDEF(DWORD, WINAPI, GetFileType,
+    _In_  HANDLE hFile
+) {
+    DWORD ret = Old_GetFileType(hFile);
+    LOQ("p", "FileHandle", hFile);
+    return ret;
+}
+
+HOOKDEF(BOOL, WINAPI, GetFileSizeEx,
+    _In_   HANDLE hFile,
+    _Out_  PLARGE_INTEGER lpFileSize
+) {
+    DWORD ret = Old_GetFileSizeEx(hFile, lpFileSize);
+    LOQ("p", "FileHandle", hFile);
+    return ret;
+}
+
+HOOKDEF(DWORD, WINAPI, GetFileSize,
+    _In_   HANDLE hFile,
+    _Out_opt_  LPDWORD lpFileSizeHigh
+) {
+    DWORD ret = Old_GetFileSize(hFile, lpFileSizeHigh);
+    LOQ("ps", "FileHandle", hFile, "FileSize", lpFileSizeHigh);
+    return ret;
+}
+
+HOOKDEF(BOOL, WINAPI, GetFileInformationsByHandle,
+    _In_   HANDLE hFile,
+    _Out_  LPBY_HANDLE_FILE_INFORMATION lpFileInformation
+) {
+    DWORD ret = Old_GetFileInformationsByHandle(hFile, lpFileInformation);
+    LOQ("p", "FileHandle", hFile);
+    return ret;
+}
+
+/* // Needs Windows Vista
+
+HOOKDEF(BOOL, WINAPI, GetFileInformationsByHandleEx,
+    _In_   HANDLE hFile,
+    _In_   FILE_INFO_BY_HANDLE_CLASS FileInformationClass,
+    _Out_  LPVOID lpFileInformation,
+    _In_   DWORD dwBufferSize
+){}*/
diff --git a/hooks.h b/hooks.h
index e0500ff..f51fa5e 100644
--- a/hooks.h
+++ b/hooks.h
@@ -19,6 +19,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #include <windns.h>
 #include <wininet.h>
 #include <mswsock.h>
+#include <winbase.h>
 #include "ntapi.h"
 
 //
@@ -213,6 +214,35 @@ extern HOOKDEF(BOOL, WINAPI, DeleteFileW,
     __in  LPWSTR lpFileName
 );
 
+extern HOOKDEF(DWORD, WINAPI, GetFileType,
+    _In_  HANDLE hFile
+);
+
+extern HOOKDEF(BOOL, WINAPI, GetFileSizeEx,
+    _In_   HANDLE hFile,
+    _Out_  PLARGE_INTEGER lpFileSize
+);
+
+extern HOOKDEF(DWORD, WINAPI, GetFileSize,
+    _In_   HANDLE hFile,
+    _Out_opt_  LPDWORD lpFileSizeHigh
+);
+
+extern HOOKDEF(BOOL, WINAPI, GetFileInformationsByHandle,
+    _In_   HANDLE hFile,
+    _Out_  LPBY_HANDLE_FILE_INFORMATION lpFileInformation
+);
+
+/* // Needs Windows Vista
+
+extern HOOKDEF(BOOL, WINAPI, GetFileInformationsByHandleEx,
+    _In_   HANDLE hFile,
+    _In_   FILE_INFO_BY_HANDLE_CLASS FileInformationClass,
+    _Out_  LPVOID lpFileInformation,
+    _In_   DWORD dwBufferSize
+);
+*/
+
 //
 // Registry Hooks
 //