Hi,
I'm currently (still) busy with trying to find out how certain crypt32/wintrust functions behave.
One of the functions CryptSIPLoad returns a set of function pointers that maybe are called directly by an application/dll. These direct calls however don't show up in a 'normal' trace.
Is there a way to see this direct pointer call with a trace or do I need to start using the debugger?
The problem with tracing/debugging this is that there's a lot of calls from wintrust to crypt32 and back again. This means it's hard to put in any traces as a lot of stuff is still stubbed. It would be nice btw (and I don't know if there's more demand for this) to have a function override instead of the whole dll. I know that could be tricky but in some circumstances would help a lot in tracing/debugging.
Cheers,
Paul.