Fun #windows finding today.
If you're not aware the "ReOpenFile" call in kernel32, just calls "NtOpenFile" with the "old" handle as the "root" in the ObjectAttrs arg.
Now, this is said to be in Vista+, BUT the Nt* code still works in XP SP0, which is interesting!
If you're not aware the "ReOpenFile" call in kernel32, just calls "NtOpenFile" with the "old" handle as the "root" in the ObjectAttrs arg.
Now, this is said to be in Vista+, BUT the Nt* code still works in XP SP0, which is interesting!
Comments
Even more odd is the behavior of opening a handle via a handle is different in 5.1 (Xp) and 5.2 (Xp x64/Server 2003)