I have a question about in-memory virtualization possibilities in Windows. Here's the scenario:
I have 3rd-party application (no option to access their code or modify it) which asks for a data file in C:\PathToApp\AwesomeApp\DataDir
I want to make a loader that opens this app and, when the app tries to access DataDir
, then it's loaded from loader memory (without saving to drive), so all requests to DataDir
are intercepted and all operations are done in memory only.
Is there a Windows API that allows me to do this? Effectively, I want to create a virtualized directory within a loader that will trick a third-party application into thinking that a real file system directory exists at a hard-coded location.
The Windows Projected Filesystem (ProjFS) allows exactly this.
The Windows Projected File System (ProjFS) allows a user-mode application called a "provider" to project hierarchical data from a backing data store into the file system, making it appear as files and directories in the file system. For example, a simple provider could project the Windows registry into the file system, making registry keys and values appear as files and directories, respectively. An example of a more complex provider is VFS for Git, which is used to virtualize very large git repos.
Here is a sample project on GitHub that implements a read-only "Registry File System (RegFS)". It uses ProjFS to map registry keys to folders and registry values to files.
Note that ProjFS is an optional component, supported only by the Windows 10 October 2018 Update (version 1809) and later.