Hi,
I am currently studying the filemon driver from sysinternals. It tries to
hook a particular volume by opening the root directory by calling
ZwCreateFile so that it gets a valid filehandle which is used to get the
fileobject which inturn is used to get the corresponding Device Object.
Once it has the device object, it attaches a filter device to it.
Now if we try to monitor A:, but if it does not contain a floppy disk, the
above things fail because ZwCreateFile fails. Now my question is can we not
get the device object without having to open a directory/file on the
volume?
Regards.
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com