Greetings to all,
is there a "simple" way for monitoring which files are open by a Windows process? Say, I hook to Notepad and get list of files opened/saved/created?
TIA!
Bruno
Realtime monitor of process (file) handles?
Re: Realtime monitor of process (file) handles?
That'd be great, if I had a source code.djes wrote:Process monitor ?
I was, naturally, thinking of PB based solution through WinAPI.
Re: Realtime monitor of process (file) handles?
Yet Another (remote) Process Monitor is available with source code.
- Zebuddi123
- Enthusiast
- Posts: 794
- Joined: Wed Feb 01, 2012 3:30 pm
- Location: Nottinghamshire UK
- Contact:
Re: Realtime monitor of process (file) handles?
Hi bbanelli Code wise there`s also ProcessHacker in C#. runnning in dbg32 (VS 2017 r68) now. Maybe some Info there very similar to Process Monitor and Comodo`s tool.
Zebuddi.https://sourceforge.net/p/processhacker/code/HEAD/tree/
Zebuddi.https://sourceforge.net/p/processhacker/code/HEAD/tree/
malleo, caput, bang. Ego, comprehendunt in tempore
Re: Realtime monitor of process (file) handles?
If I remember correctly you need a filter driver for this and can't pull it off with a userland hook. I once tried to do a tool that lists the PID and name of everything that accessed a selected folder and ended up doing a driver. This was on 7 too so probably still the same deal.
I beleive it was because all the API abstraction levels on top of the ACL.
I beleive it was because all the API abstraction levels on top of the ACL.
The truth hurts.