function WriteFile(hFile: THandle; const Buffer; nNumberOfBytesToWrite: DWORD;
var lpNumberOfBytesWritten: DWORD; lpOverlapped: POverlapped): BOOL; stdcall;在不知道其它条件下,怎么由 hFile 得到WriteFile所写的文件名?
var lpNumberOfBytesWritten: DWORD; lpOverlapped: POverlapped): BOOL; stdcall;在不知道其它条件下,怎么由 hFile 得到WriteFile所写的文件名?
The GetFileInformationByHandle function retrieves information about a specified file. BOOL GetFileInformationByHandle(
HANDLE hFile, // handle of file
LPBY_HANDLE_FILE_INFORMATION lpFileInformation // pointer to structure
);可以獲得文件得一定信息。。typedef struct _BY_HANDLE_FILE_INFORMATION { // bhfi
DWORD dwFileAttributes;
FILETIME ftCreationTime;
FILETIME ftLastAccessTime;
FILETIME ftLastWriteTime;
DWORD dwVolumeSerialNumber;
DWORD nFileSizeHigh;
DWORD nFileSizeLow;
DWORD nNumberOfLinks;
DWORD nFileIndexHigh;
DWORD nFileIndexLow;
} BY_HANDLE_FILE_INFORMATION; GetFileType
The GetFileType function returns the type of the specified file. DWORD GetFileType(
HANDLE hFile // file handle
);
但是還沒有文件名
再找找
2000下用ZwQuerySystemInformation可以获得(Ring3的),至于分析就真是不容易的http://lysoft.7u7.net