madshi.net

We couldn't find the .spl path for NtCreateFile and NtOpenFile after hooking that. And there is only one spoolsv.exe is running. We verified Process Id of injected Process and Process Id of spoolsv.exe which is in ProcessMonitor, both are same. This solution is run properly in Windows 7. We doubt if...

Yes, in Windows 8 and 10 .spl path created by spoolsv.exe process only checked in ProcessMonitor. We couldn't find the .spl path for NtCreateFile and NtOpenFile.

We doubt if it is security issue with higher versions of Windows. Thanks.

Thanks for reply. We are getting only following paths C:\WINDOWS\SYSTEM32\ntdll.dll, C:\WINDOWS\system32\spool\DRIVERS\x64\3\primopdf.BPD, C:\WINDOWS\system32\spool\DRIVERS\x64\3\primopdf.ppd But we are searching for .spl file path which is created during printing. We are getting .spl path in Window...

I have injected dll in spoolsv.exe with CreateFileW API. But I cannot get particular file path in hooked CreateFileW even HookAPI return 1(success), when I tried in Windows 10 & 8. Although I get that particular file path in Windows 7 properly. And also got that particular file path in "Pro...