abhijit mohanta Posted April 6, 2011 Share Posted April 6, 2011 (edited) I am new to device driver programming.I was going through the following link http://www.codeproject.com/KB/system/hide-driver.aspx NtQueryDirectoryfile in the diagram in the section named "NT Function Call Scheme and Hook" returns an process list.Can anybody tell me how does the list transferred to user mode.Please give me a little detailed description like how irp wud be filled with data etc. Edited April 6, 2011 by abhijit mohanta Link to comment
abhijit mohanta Posted April 6, 2011 Author Share Posted April 6, 2011 it was a copy paste mistake bro.sorry for the inconvinienceStrange topic title. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now