0

I am working on a project where I need to decrypt some media files which are mapped to memory by a process. I have successfully hooked the CreateFileW() and MappedViewOfFile() functions. I need to verify the "name of mapping object" inside the MappedViewOfFile() function. I just have the handle of the object and I am not sure how to retrieve its name. Please see the below code for a better understanding of my question. I have hooked already the read and write functions of the other process. That works pretty well, but when another process writes to other files using the above file, it fails..

LPVOID WINAPI MapViewHooked(  
__in HANDLE hFileMappingObject,
 __in DWORD  dwDesiredAccess,
 __in DWORD  dwFileOffsetHigh,
 __in DWORD  dwFileOffsetLow,
 __in SIZE_T dwNumberOfBytesToMap   ) 
{ 
//string pszobjectnamefrom handle=some_function(hFileMappingObject);//here i am stucked
if(pszobjectnamefrom=="MYOBJECT")
??How to update the data in memory i have the code to decrypt the buffer

}
Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
Deepak Pathak
  • 1
  • 2
  • If i copy the file content using ReadFile than decrypt the content and write to a file and return it's handle to that process everything works well. but that process taking a long because of the big size of media files. – Deepak Pathak Jun 24 '22 at 09:35
  • 1
    See [Obtaining a File Name From a File Handle](https://learn.microsoft.com/en-us/windows/win32/memory/obtaining-a-file-name-from-a-file-handle) on MSDN. It provides an example of [`GetMappedFileName()`](https://learn.microsoft.com/en-us/windows/win32/api/psapi/nf-psapi-getmappedfilenamew) – Remy Lebeau Jun 24 '22 at 09:54
  • Hi Remy, I have checked the example provided by MSDN this is for the FileName from the File Handle. I have to get the "MappedObjectName" from its handle. – Deepak Pathak Jun 24 '22 at 10:01
  • What's the difference? AFAIK, an object only has one name. Whether that name is a file path or something else – Remy Lebeau Jun 24 '22 at 17:00
  • I tried to get the name from the above example it returns bizarre characters. – Deepak Pathak Jun 26 '22 at 15:27
  • then you likely didn't do correctly. Please [edit] your post to show the code you tried. – Remy Lebeau Jun 26 '22 at 19:57

0 Answers0