Solved

hooking NtCreateFile - finding out what process is calling the api.

Posted on 2007-03-29
2
248 Views
Last Modified: 2013-12-04
Hello experts,
I am hooking NtCreateFile and I need to know what is the process calling the api (i.e how can i find out if MsWord is trying to create a new doc)?
I am using c++ and WinXp.
0
Comment
Question by:iddo_shoham
2 Comments
 
LVL 39

Accepted Solution

by:
itsmeandnobodyelse earned 500 total points
ID: 18815067
As you are hooked to the current process that is creating the file, you should get the filename of the executable by GetModuleFileName(NULL, ...).

Regards, Alex


0
 

Author Comment

by:iddo_shoham
ID: 18815575
Thanks Alex
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Using Diagnostic tools in VS2015: Unresoved allocations 19 102
Least Squares Curve Fitting 4 96
show out valin of json for debugging in visaul c++ 1 41
PL SQL Developer 7 52
Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question