hooking NtCreateFile - finding out what process is calling the api.

Hello experts,
I am hooking NtCreateFile and I need to know what is the process calling the api (i.e how can i find out if MsWord is trying to create a new doc)?
I am using c++ and WinXp.
Who is Participating?
itsmeandnobodyelseConnect With a Mentor Commented:
As you are hooked to the current process that is creating the file, you should get the filename of the executable by GetModuleFileName(NULL, ...).

Regards, Alex

iddo_shohamAuthor Commented:
Thanks Alex
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.