|
Guys, this thread should end with the second topic.
What are you looking for if you can get FileMon with sources? (it includes NT based source too) It is the best tool and it has been made by "the masters of drivers", so just get it and you will own "a bible".
By the way: I encountered similar challenge as you, but 2 years ago and I should tell you that in my humble opinion "API spying techniques" are not the way... (you will understand it after analysing FileMon structure - of course get source first).
Good luck.
|