Hi, I'm currently (still) busy with trying to find out how certain crypt32/wintrust functions behave. One of the functions CryptSIPLoad returns a set of function pointers that maybe are called directly by an application/dll. These direct calls however don't show up in a 'normal' trace. Is there a way to see this direct pointer call with a trace or do I need to start using the debugger? The problem with tracing/debugging this is that there's a lot of calls from wintrust to crypt32 and back again. This means it's hard to put in any traces as a lot of stuff is still stubbed. It would be nice btw (and I don't know if there's more demand for this) to have a function override instead of the whole dll. I know that could be tricky but in some circumstances would help a lot in tracing/debugging. Cheers, Paul.