Is it possible to intercept (notify) Symbolic Links reading?
My goal is controlling the device opening attempts (CreateFile(),
ZwCreateFile() etc.)…
PS. I do not write virus.
I’m working for protection system… 
no you can’t.
Why would intercepting symbolic links help you? Anyone can bypass a symlink if the know the underlying object name, so you would still need to try and intercept at the NT object level as well.
-p
From: xxxxx@lists.osr.com on behalf of Grabelkovsky, Michael
Sent: Thu 6/29/2006 2:03 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to intercept (notify) Symbolic Link access?
Is it possible to intercept (notify) Symbolic Links reading?
My goal is controlling the device opening attempts (CreateFile(),
ZwCreateFile() etc.)…
PS. I do not write virus.
I’m working for protection system…
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer