- #1
Superposed_Cat
- 388
- 5
Say I write a driver for my usb device X containing a function foo(), and save it in c:/windows/system32/Y.sys, now i have a program Z.exe that I start up, it accesses X via Y.sys and calls foo(), how can I attack to Z.exe and look for any api calls to mydriver.sys specifically and return the name? I have googled but can't find any info that specifically looks for calls from Z to Y and returns foo's name if foo isn't a built in win32 library call. Any help appreciated.