|
Simple Question |
Post Reply 
|
| Author | |
dan 
Newbie 
Joined: 18 February 2010 Status: Offline Points: 2 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Simple QuestionPosted: 18 February 2010 at 12:21am |
|
Forgive my ignorance, but I have a question:
I am running procmon on two different PCs. When I open a program (in this case, Thunderbird) on PC #1, I get this:  When I open a program on the other PC #2, I get this:  As you can see, PC #2 performs the "QueryNameInformationFile" operation and PC #2 does not. I tried googling "querynameinformationfile" but I didn't have much luck figuring out what it meant. I am hoping somebody on this forum is knowledgeable enough to let me know. |
|
 |
|
|
snoone
Senior Member 
Joined: 04 September 2009 Location: Amherst, NH Status: Offline Points: 330 |
Post Options
Thanks(0)
Quote Reply
Posted: 18 February 2010 at 12:04pm |
|
That's an IRP_MJ_QUERY_INFORMATION for FileNameInformation request. See: -scott
|
|
|
|
|
dan
Newbie
Joined: 18 February 2010 Status: Offline Points: 2 |
Post Options
Thanks(0)
Quote Reply
Posted: 18 February 2010 at 7:31pm |
 Thanks for the info! I'd ask why one computer queries the file name and the other does not but I have a feeling that the only way I could understand the answer to that question is to study. |
|
|
|
|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Topic Options