问题
I am coding a rootkit-like program which hooks functions used by Windows to list files in a folder.
I know that in Windows XP explorer.exe uses FindFirstFileW / FindNextFileW each time we open/update directory, to list files that are contained in that folder.
Different story for Windows 7, and I can't manage to understand which functions are used here to do the job.
回答1:
In windows 7 windows explorer use IShellFolder for every browse of specific directory it call to EnumObjects and from that return value it call to:
IEnumIDList::Next()
来源:https://stackoverflow.com/questions/16694228/which-apis-are-used-by-explorer-exe-in-windows-7-to-list-files