So you decided to call SHFileOperation from a service, at least remember to disable copy hooks

Raymond Chen

I noted some time ago that it is highly inadvisable to call SHFile­Operation from a service, and then I thought about it some more and concluded, it’s flat-out wrong, at least in the case where you call it while impersonating.

Now, I’m sure that my opinion won’t dissuade many of you, but if you decide to do it anyway, at least disable shell copy hooks by passing the FOFX_NO­COPY­HOOKS flag to IFile­Operation::Set­Operation­Flags. (We’ve met this flag before.)

By default, shell copy hooks are active during shell file operations, and this creates a number of problems when called from a service.

First of all, those copy hooks are unlikely to be designed to handle being run in a service. (When you write your own shell extension, do you make sure it also works when run in a service?) They’re probably going to try to log the file activity, possibly to a back-end service, or maybe check with a back-end service whether this file copy should be allowed, and if not, they’re probably going to display a dialog box saying “The file cannot be moved/copied/deleted because I’m a mean person who hates you due to restrictions imposed by your administrator.” (Or worse, they may secretly copy the file to an undisclosed location before allowing the operation through.)

Second of all, you probably don’t want those copy hooks intefering with your file operation, whatever it is. Your service is trying to clean up files, or it’s moving files around for its own internal purposes, and if a copy hook showed up and blocked the operation, your service is now in a weird inconsistent state.

Note that I still consider SHFile­Operation inadvisable from a service. I’m just trying to stop you from digging your hole any deeper than it already is.


Discussion is closed.

Feedback usabilla icon