-
Notifications
You must be signed in to change notification settings - Fork 0
IoDeviceTracking Telemetry DLL
ShadowKnightMK4 edited this page Oct 4, 2023
·
1 revision
IoDeviceTracking32/64 focuses on detouring file based routines.
Documentation (forever in progress) is below for how to deal with some of them. They will generally be sent to the Sheath/ C# side of things via SEH that your code will deal with in a debugger loop. Some may let you change what's returned to the debugged process.
CreateFileA/W - Get information on what file system or create file based resources the process attempts to access.