I have been analysing Ntdll file system functions from the total ntdll function list. First, I obtain the total function li开发者_StackOverflow中文版st from ntdlls export directory. Next, I seperated the file management set from the total function list and tried hooking the entire file management set.
However, I miss to hook a function, which i dint know. Hence I could not catch an API which takes Path as an input and performing a directory management functionality.
Is there anywhere you find/Know related information having the complete set of file management functions in NTDLL.
Probably you should implement an File System Filter Drivers (see http://www.microsoft.com/whdc/driver/filterdrv/default.mspx) instead of hooking of all possible undocumented file management functions from ntdll.dll
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论