Hey all,
I have the following scenario:
Say a user wants to execute ‘a.exe’, I would like to change his request to open ‘b.exe’ instead.
I’ve tried doing so with IO_REPARSE + STATUS_REPARSE in my fs minifilter (plus disallowing fastio), but it doesn’t seem to work.
Procmon and filespy show reparses as expected, but CreateProcess still gets ‘a.exe’ in its command line.
It seems as though later, when the loader maps the file to memory, the reparse takes affect and ‘b.exe’ gets mapped, but then the thread terminates and I get errors varying from ‘side-by-side configuration is incorrect’ to process crashes.
Is that a problem that is possible to tackle using fs minifilters at all ?
Either way, I would really like your pointers.
Thanks a lot,
Danny