In Windows XP it was possible to hook explorer with the following shell32 hook:
Real_SHFileOperation = (T_SHFileOperation) DetourFindFunction("shell32.dll", "SHFileOperationW");
nError = DetourAttach(&(PVOID&)Real_SHFileOperation, Detoured_SHFileOperation);
if(nError != NO_ERROR)
{
TRACE_ERROR(g_hTrace, "DetourAttach SHFileOperation Failed (%d)", nError);
}
For some reason on Windows 7 this no longer works even though DetourAttach still returns success. All the other hooks that I install (in ntdll.dll for example) still work but the hooks I've created in shell32.dll no longer do.
I attached Windbg to the explorer and ran uf shell32!SHFileOperationW this showed that the function did indeed now jump to my function:
SHELL32!SHFileOperationW:
76239708 e9039658fc jmp myhook!Detoured_SHFileOperation (727c2d10)
However, somehow explorer skips right past my detour and into other parts of the SHFileOperation function....
Hmm,
It appears that what I really should be doing on Windows 7 is hooking the IFileOperation interface:
http://stuani.blogspot.co.uk/2010/01/ifileoperation-hook-under-vistaseven.html
Looks trickier than simple detours hooking but achievable.