locked
File Monitoring and API updating RRS feed

  • Question

  • Hello, I have 2 brief questions.

    The first of which is I have an old program that's making a deprecated API call.  I was wondering if there was a method by which (even if it involved having another program running) I could intercept those deprecated API calls and replace them with my own code.  Preferably a method that doesn't involve messing around with assembly.

    The second question is if I have a file, is there a way to programatically (or with a tool) know when it's touched (fopened, file_exists'ed, written to, etc) and via what method?  I'm trying to gather some statistics about some third party, closed source applications that have extensive scripting engines built in to see at what point in the program certain files are accessed (in this case, sound files).

    Thanks.
    Saturday, April 4, 2009 12:25 PM

All replies

  • 1st quesiton: Depending on your goals and requirements, you may find 'Detours' (from Microsoft Research) helpful:
    http://research.microsoft.com/en-us/projects/detours/

    2nd question: Depends on what you're trying to do.

    Maybe try Process Monitor, which will log file accessess and provide a lot of useful diagnostic information if you're debugging something.  It includes call-stacks, IIRC.
    http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

    Maybe try a minifilter driver or something like that, if you're looking to collect data systemwide, and don't want to interfere with program execution.
    Maybe try Detours, if you know what functions you want to instrument.

    Monday, April 6, 2009 11:40 PM