26 Nov
2025
26 Nov
'25
6:07 p.m.
is the use of ntdll APIs mandatory?
Use of RtlDosPathNameToNtPathName_U_WithStatus() is necessary. NtDeviceIoControlFile() could be replaced with DeviceIoControl(). NtCreateFile() is used because otherwise we would have to unnecessarily create a directory and then open it in two separate steps.
I'd rather stick to kernel* if possible
Why?