Programmatically test process for file i/o. RRS feed

  • Question

  • How to trace a process for file i/o operation (file open)?
    Thursday, July 23, 2015 1:44 PM

All replies

  • Thursday, July 23, 2015 4:42 PM
  • Process monitor is utility, but i want monitor process from own application.
    Thursday, July 23, 2015 5:05 PM
  • filemon was open source... before being replaced by procmon that is.

    Visual C++ MVP

    Thursday, July 23, 2015 5:09 PM
  • Can i do that with WMI or ETW? I need process monitoring in user mode.
    Friday, July 24, 2015 4:30 AM
  • then turn on file audit...

    Visual C++ MVP

    Friday, July 24, 2015 5:20 AM
  • Filemon is open source if you are using it for non-commercial uses.  Also, filemon used a number of techniques that are at present not considered best practice in the file system filter driver.   The filespy driver sample is the current replacement of filemon.

    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Saturday, July 25, 2015 12:50 PM