The SafeWrite Hook demonstrates how to intercept file write operations on Windows. Rather than immediately writing data to disk, it temporarily holds changes in memory until explicitly committed. This allows for secure experimentation with updates, modifications, or temporary file changes without risking unintended, permanent alterations. Essentially, it's a sandbox mechanism designed to safeguard file integrity.
- Intercept & Queue: Captures all file-write operations before they reach the disk using minhook.
- Controlled Commits: Lets you choose to apply (commit) or discard queued data in your sandbox.
- Optional Encryption: Keeps queued data safe in memory/sandbox. Using standard XOR for PoC purposes.
- Partial or Full Writes: Commit only parts of your changes or everything at once, essential for debugging.
- Developers who need a safe testing environment.
- Security Enthusiasts looking at data interception techniques.
- Anyone interested in controlling how data is written to disk.
- Compile & Run – It hooks into the Windows
WriteFilefunction at runtime. - Make Changes – As you or another program attempts to write data, it gets stored (and encrypted) in memory.
- Choose an Action – Commit some or all changes, or discard them altogether.
- See Results – Check the target file on disk to view the final outcome.
This is strictly a Proof of Concept. It does not represent a production-ready tool and should not be relied on for actual security or data protection. Use it solely for demonstration and educational purposes.
This project is released under the MIT License. Feel free to fork, modify, and share!