Results 1 to 3 of 3

Thread: NtReadFile API

  1. #1
    michelinok
    Guest

    NtReadFile API

    To check how my application read infos from a file, i've seen that it uses the NtReadFile API.
    When i set "bp NtReadFile" ollydbg says "Unknown module".
    What's wrong?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    gabri3l
    Guest

    NtReadFile API

    NTReadFile and ZwReadFile are basically the same function. Try setting a BP on ZwReadFile.

    Read this article for more information:

    Nt vs. Zw - Clearing Confusion On The Native API
    (i used google cache because you have to register to view article)
    http://64.233.161.104/search?q=cache:e0zNVFXlsaMJ:www.osronline.com/ar ticle.cfm%3Farticle%3D257++Nt+vs.+Zw+-+Clearing+Confusion+On+The+Nativ e+API+&hl=en&client=firefox-a
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Lord_Looser
    Guest

    NtReadFile API

    I'm too late ;-)

    Use ZwReadFile instead of NtReadFile.
    NtReadFile links to ntdll.ZwReadFile, it's a forwarded function.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •