refactor: remove redundant FindFirstFile interception

branchseer · claude · branchseer · commit 8988bcd8d9a4 · 2026-01-09T19:04:41.000-08:00
NtQueryDirectoryFile is already being intercepted at NT level, which
correctly captures READ_DIR accesses when programs enumerate directories.
The FindFirstFile Win32 API interception was unnecessary as it's just a
wrapper around the NT API.

Co-Authored-By: Claude Opus 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/crates/fspy_preload_windows/Cargo.toml b/crates/fspy_preload_windows/Cargo.toml
@@ -14,7 +14,7 @@ fspy_shared = { workspace = true }
 ntapi = { workspace = true }
 smallvec = { workspace = true }
 widestring = { workspace = true }
-winapi = { workspace = true, features = ["winerror", "winbase", "namedpipeapi", "memoryapi", "std", "processenv"] }
+winapi = { workspace = true, features = ["winerror", "winbase", "namedpipeapi", "memoryapi", "std"] }
 winsafe = { workspace = true }
 
 [target.'cfg(target_os = "windows")'.dev-dependencies]
diff --git a/crates/fspy_preload_windows/src/windows/detours/find_file.rs b/crates/fspy_preload_windows/src/windows/detours/find_file.rs
diff --git a/crates/fspy_preload_windows/src/windows/detours/mod.rs b/crates/fspy_preload_windows/src/windows/detours/mod.rs
@@ -1,5 +1,4 @@
 mod create_process;
-mod find_file;
 mod nt;
 
 use constcat::concat_slices;
@@ -8,6 +7,5 @@ use super::detour::DetourAny;
 
 pub const DETOURS: &[DetourAny] = concat_slices!([DetourAny]:
     create_process::DETOURS,
-    find_file::DETOURS,
     nt::DETOURS,
 );
