CompA runs an application, that hooks NtQueryDirectoryFile and replaced Time flags based on information from a database (cvs like system).

CompB mounts CompA's harddrive through a share, CompB gets dirlist on CompA like nothing happened, not calling NtQueryDirectoryFile, how do I figure out which api calls CompA does when CompB accesses the share?!?

I could run the software on all the clients, but that's higly unpractical. (a lot of laptop's beeing taken in and out of the network).

Does anyone know what NtQueryDirectoryFile does when called? If that calls something else, I suppose I could try to go lower level.
Posted on 2003-05-12 11:56:11 by neuron