Please any body tell me,Where could i find the Source Code of FileMon or RegMon or DiskMon..So that i could get an idea about 'How to Hook the VxD Serivices'.or System Call Hook,Especially on' File System Hook'.

I know there is a VxD Service as 'FileSystemApiHook', which is the same thing i was searching for .But the Documentation given in Win98DDK is too small to start developing it.
The idea is,,, Whenever a file is OPEN/READ/WRITE the messages sent by the FileSystem should be Hooked by My VxD.
Anybody has the RAW Source code of at least how a File System hook is Implemented will be graetly appreciated.
Hoping for it...............
Posted on 2003-09-25 18:50:19 by zakham
Windows 98 is no longer being sold. Look up Four-F's tutorials to get with the program.
Posted on 2003-09-25 19:53:35 by mrgone
I don't know the cases in US.But Windows 98,it still uses in INDIA.After all getting more knowledge is not a SIN i think.
Posted on 2003-09-26 12:45:26 by zakham
Hmm. It looks quite straightforward to me.
For virtual device service hooks, do this:


mov eax,Service
mov esi,TheHookFunction
int 32
dd 10090h ; use 1011ch to remove
mov [OldFunction],esi
...

jmp short TheHookFunction
tooldfct:
jmp [OldFunction]
TheHookFunction:
; do whatever
jmp short tooldfct


For installable file system hooks, do this:


push dword TheIFSHookFunction
int 32
dd 400067h ; use 400068h to remove
mov [OldFuncAddress],eax
pop eax

...

TheIFSHookFunction:
; called with: FSD func. addr, function number, drive number, flags, codepage, IOREQ structure
mov eax,[OldFuncAddress]
jmp [eax]
Posted on 2003-09-26 16:59:53 by Sephiroth3