想做一个 Hook CreateFile 重定向到内存的功能，貌似可以假借命名管道实现这个功能。不熟悉命名管道，做了几个demo，如下：

Server：

// NamedPipeServer.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <ctime>
using namespace std;

int _tmain(int argc, _TCHAR* argv[])
{
    HANDLE hPipe = CreateNamedPipe(L"\\\\.\\Pipe\\mypipe",PIPE_ACCESS_DUPLEX,PIPE_TYPE_MESSAGE|PIPE_READMODE_MESSAGE|PIPE_WAIT
        ,PIPE_UNLIMITED_INSTANCES,0,0,NMPWAIT_WAIT_FOREVER,0);

    //waiting to be connected
    if(ConnectNamedPipe(hPipe, NULL) == NULL)
        return 0;

    DWORD    dwWrite;     
    const char *pStr = "data from server";
    if( !WriteFile(hPipe, pStr, strlen(pStr), &dwWrite, NULL) )    
    {        
        cout << "write failed..." << endl<< endl;        
        return 0;    
    }    
    cout << "sent data: " << endl << pStr<< endl<< endl;

    system("pause");
    return 0;
}

 

Client:

// NamedPipeClient.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <ctime>
using namespace std;
#define BUFSIZE 5

int _tmain(int argc, _TCHAR* argv[])
{
    if (WaitNamedPipe(L"\\\\.\\Pipe\\mypipe", NMPWAIT_WAIT_FOREVER) == FALSE)
        return 0;

    HANDLE hPipe=CreateFile(L"\\\\.\\Pipe\\mypipe", GENERIC_READ | GENERIC_WRITE, 0,
        NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
     
    if((long)hPipe == -1)
        return 0;

    BOOL fSuccess = false;
    DWORD len = 0;
    char buffer[BUFSIZE];
    string recvData = "";
    do
    {
        fSuccess = ReadFile(hPipe ,buffer ,BUFSIZE*sizeof(char) ,&len ,NULL);
        char buffer2[BUFSIZE+1] = {0};
        memcpy(buffer2,buffer,len);
        recvData.append(buffer2);
        if(!fSuccess || len < BUFSIZE)
            break;
    }while(true);

    cout<<"recv data:"<<endl<<recvData.c_str()<<endl<<endl;

    FlushFileBuffers(hPipe); 
    DisconnectNamedPipe(hPipe);
    CloseHandle(hPipe);

    system("pause");
    return 0;
}

 

Server & Client:

// MultiThreadDemo.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <ctime>
using namespace std;
#define BUFSIZE 5

DWORD WINAPI ThreadFunction(LPVOID lpParam)
{
    wstring* pipeName = static_cast<wstring*>(lpParam);

    HANDLE hPipe = CreateNamedPipe((*pipeName).c_str(),PIPE_ACCESS_DUPLEX,PIPE_TYPE_MESSAGE|PIPE_READMODE_MESSAGE|PIPE_WAIT
        ,PIPE_UNLIMITED_INSTANCES,0,0,NMPWAIT_WAIT_FOREVER,0);

    //waiting to be connected
    if(ConnectNamedPipe(hPipe, NULL) == NULL)
        return 0;

    DWORD    dwWrite;     
    const char *pStr = "data from server";
    if( !WriteFile(hPipe, pStr, strlen(pStr), &dwWrite, NULL) )    
    {        
        cout << "write failed..." << endl<< endl;        
        return 0;    
    }    
    cout << "sent data: " << endl << pStr<< endl<< endl;
}

int _tmain(int argc, _TCHAR* argv[])
{
    wstring pipeName = L"\\\\.\\Pipe\\mypipe";

    DWORD dwThreadID = 0;
    HANDLE hThread = CreateThread(NULL, 0, ThreadFunction, &pipeName , 0, &dwThreadID);

    Sleep(1000);

    if (WaitNamedPipe(pipeName.c_str(), NMPWAIT_WAIT_FOREVER) == FALSE)
        return 0;

    HANDLE hPipe=CreateFile(pipeName.c_str(), GENERIC_READ | GENERIC_WRITE, 0,
        NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
     
    if((long)hPipe == -1)
        return 0;

    BOOL fSuccess = false;
    DWORD len = 0;
    char buffer[BUFSIZE];
    string recvData = "";
    do
    {
        fSuccess = ReadFile(hPipe ,buffer ,BUFSIZE*sizeof(char) ,&len ,NULL);
        char buffer2[BUFSIZE+1] = {0};
        memcpy(buffer2,buffer,len);
        recvData.append(buffer2);
        if(!fSuccess || len < BUFSIZE)
            break;
    }while(true);

    cout<<"recv data:"<<endl<<recvData.c_str()<<endl<<endl;

    FlushFileBuffers(hPipe); 
    DisconnectNamedPipe(hPipe);
    CloseHandle(hPipe);

    system("pause");
    return 0;
}