PureBasic Forum
https://www.purebasic.fr/english/

Realtime monitor of process (file) handles?
https://www.purebasic.fr/english/viewtopic.php?f=5&t=68826
Page 1 of 1

Author:  bbanelli [ Wed Jul 26, 2017 1:54 am ]
Post subject:  Realtime monitor of process (file) handles?

Greetings to all,

is there a "simple" way for monitoring which files are open by a Windows process? Say, I hook to Notepad and get list of files opened/saved/created?

TIA!

Bruno

Author:  djes [ Wed Jul 26, 2017 9:43 am ]
Post subject:  Re: Realtime monitor of process (file) handles?

Process monitor ?

Author:  bbanelli [ Wed Jul 26, 2017 11:24 am ]
Post subject:  Re: Realtime monitor of process (file) handles?

djes wrote:
That'd be great, if I had a source code. :)

I was, naturally, thinking of PB based solution through WinAPI.

Author:  djes [ Wed Jul 26, 2017 11:48 am ]
Post subject:  Re: Realtime monitor of process (file) handles?

Yet Another (remote) Process Monitor is available with source code.

Author:  Zebuddi123 [ Wed Jul 26, 2017 6:24 pm ]
Post subject:  Re: Realtime monitor of process (file) handles?

Hi bbanelli Code wise there`s also ProcessHacker in C#. runnning in dbg32 (VS 2017 r68) now. Maybe some Info there very similar to Process Monitor and Comodo`s tool.

Zebuddi.https://sourceforge.net/p/processhacker/code/HEAD/tree/

Author:  tj1010 [ Tue Aug 08, 2017 4:41 am ]
Post subject:  Re: Realtime monitor of process (file) handles?

If I remember correctly you need a filter driver for this and can't pull it off with a userland hook. I once tried to do a tool that lists the PID and name of everything that accessed a selected folder and ended up doing a driver. This was on 7 too so probably still the same deal.

I beleive it was because all the API abstraction levels on top of the ACL.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/