Hi
I am new in driver development so please forgive my stupid questions.My
question is how can I see the files opened by my copmuter over the LAN.I hook
\Device\LanmanRedirector but I receive nothing in my create callback.How can I
hook network activity?
Bye
Do you want a free e-mail for life ? Get it at http://www.email.ro/
When a file in your computer is opend by a remote user, the file is
opened by Srv.sys that substitutes for the remote user and the file
I/Os look like the file I/Os from ordinary applications in your computer.
When Srv.sys accesses files in your computer, the file I/O’s process
name is “System” (you can confirm this by using Filemon’s technique).
By hooking \Device\LanmanRedirector, you can see only the file I/Os
from your computer to a remote computer. So if you want to see the
files opened by your computer over the LAN, you must hook your local
file I/Os as Filemon does.
Sorry
You misunderstood me
I want to see the remote files opened in a computer located somewhere in
LAN (so I must hook \Device\LanmanRedirector,but I failed and I dont know
why)
I also hook \Device\LanmanRedirector in my driver product
and the key point to hook it is to call ZwCreateFile()
with the DesiredAccess argument set SYNCHRONIZE | FILE_READ_ATTRIBUTES.
I think you will fail if you set this argument SYNCHRONIZE |
FILE_READ_DATA.
I hope this helps.
Regards,
Takashi