Page 1 of 1
Realtime monitor of process (file) handles?
Posted: Wed Jul 26, 2017 1:54 am
by bbanelli
Greetings to all,
is there a "simple" way for monitoring which files are open by a Windows process? Say, I hook to Notepad and get list of files opened/saved/created?
TIA!
Bruno
Re: Realtime monitor of process (file) handles?
Posted: Wed Jul 26, 2017 9:43 am
by djes
Re: Realtime monitor of process (file) handles?
Posted: Wed Jul 26, 2017 11:24 am
by bbanelli
That'd be great, if I had a source code.
I was, naturally, thinking of PB based solution through WinAPI.
Re: Realtime monitor of process (file) handles?
Posted: Wed Jul 26, 2017 11:48 am
by djes
Re: Realtime monitor of process (file) handles?
Posted: Wed Jul 26, 2017 6:24 pm
by Zebuddi123
Hi bbanelli Code wise there`s also ProcessHacker in C#. runnning in dbg32 (VS 2017 r68) now. Maybe some Info there very similar to Process Monitor and Comodo`s tool.
Zebuddi.
https://sourceforge.net/p/processhacker/code/HEAD/tree/
Re: Realtime monitor of process (file) handles?
Posted: Tue Aug 08, 2017 4:41 am
by tj1010
If I remember correctly you need a filter driver for this and can't pull it off with a userland hook. I once tried to do a tool that lists the PID and name of everything that accessed a selected folder and ended up doing a driver. This was on 7 too so probably still the same deal.
I beleive it was because all the API abstraction levels on top of the ACL.