Solved

hooking NtCreateFile - finding out what process is calling the api.

Posted on 2007-03-29
2
242 Views
Last Modified: 2013-12-04
Hello experts,
I am hooking NtCreateFile and I need to know what is the process calling the api (i.e how can i find out if MsWord is trying to create a new doc)?
I am using c++ and WinXp.
0
Comment
Question by:iddo_shoham
2 Comments
 
LVL 39

Accepted Solution

by:
itsmeandnobodyelse earned 500 total points
ID: 18815067
As you are hooked to the current process that is creating the file, you should get the filename of the executable by GetModuleFileName(NULL, ...).

Regards, Alex


0
 

Author Comment

by:iddo_shoham
ID: 18815575
Thanks Alex
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now