I have a sandbox system redirecting file modifications by hooking Ntxxx file system APIs. An interesting thing is, if i move files in Notepad->File/Open dialog in my sandbox, e.g. from desktop\a.txt to desktop\b\a.txt, the a.txt file on real desktop just disappears, and it comes back after i refresh real desktop by pressing F5. actually there is no change in desktop folder at all, because all changes are directed. I know that most apps use API like ReadDirectoryChanges to monitor changes, but apparently explorer is doing something different. I tried tools like https://directorymonitor.com/, they did not observe any changes on desktop. I guess SHFileOperation internally interact with explorer somehow, but who knows details and how can i prevent this notification? It is really strange for users to see a file disappearing while it is actually still there.
windows calls windows_storage!SHChangeNotify instead of that one in shell32. Why does Windows have two copies of same API, are they different?