I'm assuming I can do this using kd.exe.
well from where do you want to intercept the call,
from usermode or from kernelmode, e.g. do you
run your debugger in usermode or in kernelmode?
Generally you set a breakpoint for the function call,
see the WinDbg Documentation for the
Topic "Using Breakpoints".
If you do not run WinDbg, then your debugger mostly
will have the same option to set a breakpoint on some
function you want to catch,...
Regards
Kerem
--
-----------------------
Beste Gr�sse / Best regards / Votre bien devoue
Kerem G�mr�kc�
Latest Project: http://www.pro-it-education.de/software/deviceremover
Latest Open-Source Projects: http://entwicklung.junetz.de
-----------------------
"BobS0327" <BobS...@ptdprolog.net> schrieb im Newsbeitrag
news:hblg72$u48$1...@aioe.org...
1. Write tiny program that invokes CreateFile().
2. Set breakpoint at invocation of CreateFile().
3. Run program.
4. When break point hits, go into assembly-language mode.
5. Enjoy. :)
-Le Chaud Lapin-