none
Process monitor for file call's. RRS feed

  • Question

  • How can I  monitor the file calls made by particular application which is running state. Example say application "XYZ.exe" is running and it does the open file call for the file say "myFile.txt" then i want to monitor such event. The application can be any standard user application.  
    Friday, December 7, 2012 3:42 PM

Answers

  • You are going to need a file system mini-filter minispy from the WDK will do most of that for you (plus a lot of things you probably don't care about).  Depending on what your goal is remember it is pretty easy to spoof an executable by creating your own XYZ.exe and replacing the real one, so if this is security related consider something more advanced than the path to the file.


    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr

    Friday, December 7, 2012 4:08 PM

All replies

  • You are going to need a file system mini-filter minispy from the WDK will do most of that for you (plus a lot of things you probably don't care about).  Depending on what your goal is remember it is pretty easy to spoof an executable by creating your own XYZ.exe and replacing the real one, so if this is security related consider something more advanced than the path to the file.


    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr

    Friday, December 7, 2012 4:08 PM
  • or just use process explorer and be done with the problem.

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, December 7, 2012 4:13 PM