yonutz_h
July 11th, 2008, 03:12 AM
I'm trying to make a registry monitor for xp and 2k OS. I'm hooking the registry functions ZwCreateKey, ZwDeleteKey and other. I need the full path when this functions are called.
How can I get the full path from a HANDLE in ZwDeleteKey case and from OBJECT_ATRIBUTES struct in ZwCreate case.
A little HELP!!!
A Example please... :D
How can I get the full path from a HANDLE in ZwDeleteKey case and from OBJECT_ATRIBUTES struct in ZwCreate case.
A little HELP!!!
A Example please... :D