It is currently Mon Nov 20, 2017 1:02 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Realtime monitor of process (file) handles?
PostPosted: Wed Jul 26, 2017 1:54 am 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Tue May 28, 2013 10:51 pm
Posts: 499
Location: Europe
Greetings to all,

is there a "simple" way for monitoring which files are open by a Windows process? Say, I hook to Notepad and get list of files opened/saved/created?

TIA!

Bruno

_________________
"If you lie to the compiler, it will get its revenge."
Henry Spencer
https://www.pci-z.com/


Top
 Profile  
Reply with quote  
 Post subject: Re: Realtime monitor of process (file) handles?
PostPosted: Wed Jul 26, 2017 9:43 am 
Offline
Addict
Addict
User avatar

Joined: Sat Feb 19, 2005 2:46 pm
Posts: 1682
Location: Pas-de-Calais, France
Process monitor ?

_________________
Prehistoric games - Bobble Puzzle, Purebreaker 3 ~> http://djes.free.fr


Top
 Profile  
Reply with quote  
 Post subject: Re: Realtime monitor of process (file) handles?
PostPosted: Wed Jul 26, 2017 11:24 am 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Tue May 28, 2013 10:51 pm
Posts: 499
Location: Europe
djes wrote:
That'd be great, if I had a source code. :)

I was, naturally, thinking of PB based solution through WinAPI.

_________________
"If you lie to the compiler, it will get its revenge."
Henry Spencer
https://www.pci-z.com/


Top
 Profile  
Reply with quote  
 Post subject: Re: Realtime monitor of process (file) handles?
PostPosted: Wed Jul 26, 2017 11:48 am 
Offline
Addict
Addict
User avatar

Joined: Sat Feb 19, 2005 2:46 pm
Posts: 1682
Location: Pas-de-Calais, France
Yet Another (remote) Process Monitor is available with source code.

_________________
Prehistoric games - Bobble Puzzle, Purebreaker 3 ~> http://djes.free.fr


Top
 Profile  
Reply with quote  
 Post subject: Re: Realtime monitor of process (file) handles?
PostPosted: Wed Jul 26, 2017 6:24 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Wed Feb 01, 2012 3:30 pm
Posts: 626
Location: Nottinghamshire UK
Hi bbanelli Code wise there`s also ProcessHacker in C#. runnning in dbg32 (VS 2017 r68) now. Maybe some Info there very similar to Process Monitor and Comodo`s tool.

Zebuddi.https://sourceforge.net/p/processhacker/code/HEAD/tree/


Top
 Profile  
Reply with quote  
 Post subject: Re: Realtime monitor of process (file) handles?
PostPosted: Tue Aug 08, 2017 4:41 am 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Mon Feb 25, 2013 5:51 pm
Posts: 511
Location: US or Estonia
If I remember correctly you need a filter driver for this and can't pull it off with a userland hook. I once tried to do a tool that lists the PID and name of everything that accessed a selected folder and ended up doing a driver. This was on 7 too so probably still the same deal.

I beleive it was because all the API abstraction levels on top of the ACL.

_________________
The truth hurts.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye