• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 273
  • Last Modified:

hooking NtCreateFile - finding out what process is calling the api.

Hello experts,
I am hooking NtCreateFile and I need to know what is the process calling the api (i.e how can i find out if MsWord is trying to create a new doc)?
I am using c++ and WinXp.
0
iddo_shoham
Asked:
iddo_shoham
1 Solution
 
itsmeandnobodyelseCommented:
As you are hooked to the current process that is creating the file, you should get the filename of the executable by GetModuleFileName(NULL, ...).

Regards, Alex


0
 
iddo_shohamAuthor Commented:
Thanks Alex
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now