c++ - Filesystem hooking -

im making virtual filesystem library want add .exes accomplish need hook windows file functions.

i know there lot of functions high level api, there comprehensive list of low level functions used these ?

what mean zwopenfile <- ntopenfile <- openfile etc (but usermode)

what need minimal possible set of funcs hook cover whole filesystem handling. bit hard reversing windows api.

i have basics covered (file reading , sure not complete) need file write / directory enum.

what wierd example findfirstfilea uses zwopenfile

zwopenfile hook. objectname : \??\d:\vfs\* handle : 20 ntquerydirectoryfilehook hook. handle : 20 ntquerydirectoryfilehook hook. handle : 20 d:/vfs/test d:/vfs/test2.txt d:/vfs/test3.txt ntquerydirectoryfilehook hook. handle : 20 zwopenfile hook. objectname : \??\d:\vfs\test\* handle : 24 ntquerydirectoryfilehook hook. handle : 24 ntquerydirectoryfilehook hook. handle : 24 d:/vfs/test/huh.txt ntquerydirectoryfilehook hook. handle : 24 zwopenfile hook. objectname : \??\c:\windows\system32\apphelp.dll handle : 44 

functions of interest :

ntcreatefile ntopenfile ntlockfile ntunlockfile ntreadfile ntwritefile ntclose  ntwritefilegather ntreadfilescatter  ntquerydirectoryfile  ntqueryinformationfile ntsetinformationfile  related   ntqueryvolumeinformationfile mapviewoffile ntopensection ntunmapviewofsection  ntfscontrolfile ntdeviceiocontrolfile ntnotifychangedirectoryfile 

you need zwcreatefile hooking file opening or creating; zwdeletefile hooking file deleting; need zwlockfile , zwunlockfile if want control file locking; hooking zwqueryinformationfile , zwsetinformationfile detect changes in file information. need hook zwreadfile , zwwritefile if want control reading file , writing it; , zwmapviewofsection / zwunmapviewofsection work file mappings.

for directory enum need hook zwquerydirectoryfile.

all of these functions can hooked usermode.