At 11:20 AM 08/01/02 -0800, Ryan Permeh wrote: >by using "wrapper" dll's, or api hooking, you can do this. basically, you >create a shell dll that exports all of the same functions and each export >logs and calls the equivilent actuall dll export. this is a software >cracker / reverse engineer trick that has a lot of applicibility in research >context. The problem with this approach is that you are assuming that the "third party" is using the standard interfaces to perform file i/o. As soon as the "third party" uses a different api, such as the "defrag" api, then the standard file i/o dlls will never be used, and your "wrapper" will not log the activity. Hector
This archive was generated by hypermail 2b30 : Tue Jan 08 2002 - 13:46:48 PST